public string[] GetAuthInfo() { IServiceProvider provider = HttpContext.RequestServices; IModuleHandler moduleHandler = provider.GetRequiredService <IModuleHandler>(); IFunctionAuthorization functionAuthorization = provider.GetService <IFunctionAuthorization>(); ModuleInfo[] moduleInfos = moduleHandler.ModuleInfos; //先查找出所有有权限的模块 List <ModuleInfo> authModules = new List <ModuleInfo>(); foreach (ModuleInfo moduleInfo in moduleInfos) { bool hasAuth = moduleInfo.DependOnFunctions.All(m => functionAuthorization.Authorize(m, User).IsOk); if (moduleInfo.DependOnFunctions.Length == 0 || hasAuth) { authModules.Add(moduleInfo); } } List <string> codes = new List <string>(); foreach (ModuleInfo moduleInfo in authModules) { string fullCode = moduleInfo.FullCode; //模块下边有功能,或者拥有子模块 if (moduleInfo.DependOnFunctions.Length > 0 || authModules.Any(m => m.FullCode.Length > fullCode.Length && m.FullCode.Contains(fullCode) && m.DependOnFunctions.Length > 0)) { codes.AddIfNotExist(fullCode); } } return(codes.ToArray()); }
/// <summary> /// 重写以实现功能权限的核心验证逻辑 /// </summary> /// <param name="context">权限过滤器上下文</param> /// <param name="function">要验证的功能</param> /// <returns>权限验证结果</returns> protected virtual AuthorizationResult AuthorizeCore(AuthorizationHandlerContext context, IFunction function) { ClaimsPrincipal user = context.User; AuthorizationResult result = _functionAuthorization.Authorize(function, user); return(result); }
/// <summary> /// 重写以实现功能权限的核心验证逻辑 /// </summary> /// <param name="context">权限过滤器上下文</param> /// <param name="function">要验证的功能</param> /// <returns>权限验证结果</returns> protected virtual AuthorizationResult AuthorizeCore(AuthorizationFilterContext context, IFunction function) { IPrincipal user = context.HttpContext.User; IServiceProvider provider = context.HttpContext.RequestServices; IFunctionAuthorization authorization = provider.GetService<IFunctionAuthorization>(); AuthorizationResult result = authorization.Authorize(function, user); return result; }
/// <summary> /// 检测当前用户是否拥有指定URL的功能权限 /// </summary> public static bool CheckFunctionAuth(this ControllerBase controller, string url) { IFunction function = controller.GetFunction(url); if (function == null) { return(false); } IFunctionAuthorization authorization = controller.HttpContext.RequestServices.GetService <IFunctionAuthorization>(); return(authorization.Authorize(function, controller.User).IsOk); }
/// <summary> /// 检测当前用户是否有指定功能的功能权限 /// </summary> public static bool CheckFunctionAuth(this ControllerBase controller, string actionName, string controllerName, string areaName = null) { IServiceProvider provider = controller.HttpContext.RequestServices; IFunctionHandler functionHandler = provider.GetService <IFunctionHandler>(); IFunction function = functionHandler?.GetFunction(areaName, controllerName, actionName); if (function == null) { return(false); } IFunctionAuthorization authorization = provider.GetService <IFunctionAuthorization>(); return(authorization.Authorize(function, controller.User).IsOk); }
/// <summary> /// 验证是否拥有指定模块的权限 /// </summary> /// <param name="module">要验证的模块</param> /// <param name="empty">返回模块是否为空模块,即是否分配有功能</param> /// <returns></returns> private bool CheckFuncAuth(Module module, out bool empty) { IServiceProvider services = HttpContext.RequestServices; IFunctionAuthorization authorization = services.GetRequiredService <IFunctionAuthorization>(); Function[] functions = _securityManager.ModuleFunctions.Where(m => m.ModuleId == module.Id).Select(m => m.Function).ToArray(); empty = functions.Length == 0; if (empty) { return(true); } foreach (Function function in functions) { if (!authorization.Authorize(function, User).IsOk) { return(false); } } return(true); }