/// <summary> Query if 'request' is authorized. </summary>
/// <remarks> Liuxinyi, 2014-1-2. </remarks>
/// <param name="request"> The request. </param>
/// <param name="retcode"> The return httpstatuscode</param>
/// <returns> true if authorized, false if not. </returns>
public bool IsAuthorized(HttpRequestMessage request, out HttpStatusCode retcode)
{
string token = request.GetQueryString("token");
retcode = HttpStatusCode.OK;
if (token != null)
{
AuthorizationInfo info = this.storer.Get(token);
if (info != null)
{
// 验证资源
if (info.HashCode == this.GetHashValue(token, request.GetClientIp()) &&
new Verifier().VerifyPermission(info, request))
{
return(true);
}
else
{
retcode = HttpStatusCode.MethodNotAllowed; // 405
}
}
else
{
retcode = HttpStatusCode.Forbidden; // 403
}
}
return(false);
}
/// <summary> Verify permission. </summary>
/// <remarks> Liuxinyi, 2014-1-7. </remarks>
/// <param name="info"> The information. </param>
/// <param name="request"> The request. </param>
/// <returns> true if it succeeds, false if it fails. </returns>
public bool VerifyPermission(AuthorizationInfo info, HttpRequestMessage request)
{
if (info.RoleId == 1)
{
return(true); // supper admin
}
return(VertifyAction(info, request) && VertifyOwner(info, request));
}
/// <summary> Updates this object. </summary>
/// <remarks> Updated By Liuxinyi, 2014-3-25. </remarks>
/// <param name="token"> The token. </param>
/// <param name="duration"> The expire duration. </param>
public void Update(string token, double duration)
{
AuthorizationInfo info = cache.Get(token) as AuthorizationInfo;
if (info != null)
{
cache.Set(token, info, DateTimeOffset.Now.AddMinutes(duration));
}
}
/// <summary> Gets. </summary>
/// <remarks> Liuxinyi, 2014-1-3. </remarks>
/// <param name="token"> The token. </param>
/// <returns> An AuthorityInfo. </returns>
public AuthorizationInfo Get(string token)
{
AuthorizationInfo info = cache.Get(token) as AuthorizationInfo;
if (info != null && info.IsSlideExpire)
{
cache.Set(token, info, DateTimeOffset.Now.AddMinutes(this._duration));
}
return(info);
}
/// <summary> Vertify action. </summary>
/// <remarks> Liuxinyi, 2014-1-7. </remarks>
/// <param name="info"> The information. </param>
/// <param name="request"> The request. </param>
/// <returns> true if it succeeds, false if it fails. </returns>
private bool VertifyAction(AuthorizationInfo info, HttpRequestMessage request)
{
HttpActionDescriptor actionDescriptor = request.GetActionDescriptor();
var authorizationAttributes = actionDescriptor.GetCustomAttributes <AuthorizationAttribute>();
if (authorizationAttributes.Any())
{
return(authorizationAttributes.Any(authorAttr => info.AuthorisedResources.Contains(authorAttr.StrAuthorizationCode)));
}
return(true);
}
/// <summary> Vertify owner. </summary>
/// <remarks> Liuxinyi, 2014-1-7. </remarks>
/// <param name="info"> The information. </param>
/// <param name="request"> The request. </param>
/// <returns> true if it succeeds, false if it fails. </returns>
private bool VertifyOwner(AuthorizationInfo info, HttpRequestMessage request)
{
/*if (info.RoleId != 5) // @TODO 超级管理员权限
* {
* return true;
* }*/
var routeData = request.GetRouteData();
// 数据服务API角色
if (info.RoleId == 6)
{
if (routeData.Values.ContainsKey("structId"))
{
if (!DataService.GetServiceUserStruct(info.UserName).Contains(routeData.Values["structId"]))
{
return(false);
}
}
if (routeData.Values.ContainsKey("sensorId"))
{
var sensorId = routeData.Values["sensorId"];
int senId = Convert.ToInt32(sensorId);
using (SecureCloud_Entities entity = new SecureCloud_Entities())
{
var query = from sensor in entity.T_DIM_SENSOR
where sensor.SENSOR_ID == senId
select sensor.STRUCT_ID;
if (query.FirstOrDefault() == null ||
!DataService.GetServiceUserStruct(info.UserName).Contains(query.First().ToString()))
{
return(false);
}
}
return(true);
}
return(true);
}
int userId = info.UserId;
foreach (var pair in verifyDict)
{
if (routeData.Values.ContainsKey(pair.Key))
{
return(pair.Value(userId, routeData.Values[pair.Key].ToString()));
}
}
return(true);
}
/// <summary> Saves a verify ticket. </summary>
/// <remarks> Liuxinyi, 2014-1-7. </remarks>
/// <param name="token"> The token. </param>
/// <param name="userId"> The username. </param>
/// <param name="roleId"> Identifier for the role. </param>
/// <param name="request"> The request. </param>
public void SaveVerifyTicket(string token, AuthorizationInfo userInfo)
{
this.storer.Add(token, userInfo);
}
/// <summary> Updates this object. </summary>
/// <remarks> Liuxinyi, 2014-1-3. </remarks>
/// <param name="token"> The token. </param>
/// <param name="info"> The information. </param>
public void Update(string token, AuthorizationInfo info)
{
cache.Set(token, info, DateTimeOffset.Now.AddMinutes(this._duration));
}
/// <summary> Adds token. </summary>
/// <remarks> Updated By Liuxinyi, 2014-3-25. </remarks>
/// <param name="token"> The token. </param>
/// <param name="info"> The information. </param>
/// <param name="duration"> The expire duration. </param>
public void Add(string token, AuthorizationInfo info, double duration)
{
cache.Set(token, info, DateTimeOffset.Now.AddMinutes(duration));
}
