protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) { if (requirement != null && !String.IsNullOrWhiteSpace(requirement.Permission)) { var permsInfo = requirement.Permission.Split(Constants.ColonDelimiter); Boolean.TryParse(permsInfo[_isAdminIndex], out bool isAdminRequired); if (await _permissionService.HasPermissionAsync(context.User, permsInfo[_permKeyIndex], isAdminRequired)) { context.Succeed(requirement); } } }
public async Task <bool> HasPermissionAsync(string permKey, bool isAdmin = false) { // 除了平台的超级管理员,其他管理员只能管理所属 Client 的资源 bool isSuper = User.IsSuperAdmin(); List <string> allowedClientIds = null; if (!isSuper) { allowedClientIds = User.FindAll(JwtClaimTypes.ClientId).Select(itm => itm.Value).ToList(); } return(await _permissionService.HasPermissionAsync(User, permKey, isAdmin, allowedClientIds)); }