/// <summary>
/// 重写以实现 角色限制 的功能的功能权限检查
/// </summary>
/// <param name="function">要验证的功能信息</param>
/// <param name="principal">用户在线信息</param>
/// <returns>功能权限验证结果</returns>
protected virtual AuthorizationResult AuthorizeRoleLimit(IFunction function, IPrincipal principal)
{
//角色限制
if (!(principal.Identity is ClaimsIdentity identity))
{
return(new AuthorizationResult(AuthorizationStatus.Error, "当前用户标识IIdentity格式不正确,仅支持ClaimsIdentity类型的用户标识"));
}
if (!(function is TFunction func))
{
return(new AuthorizationResult(AuthorizationStatus.Error, $"要检测的功能类型为“{function.GetType()}”,不是要求的“{typeof(TFunction)}”类型"));
}
//检查角色-功能的权限
string[] userRoleNames = identity.GetRoles().ToArray();
//如果是超级管理员角色,直接通过
if (userRoleNames.Contains(SuperRoleName))
{
return(AuthorizationResult.OK);
}
string[] functionRoleNames = FunctionAuthCache.GetFunctionRoles(func.Id);
if (userRoleNames.Intersect(functionRoleNames).Any())
{
return(AuthorizationResult.OK);
}
//检查用户-功能的权限
Guid[] functionIds = FunctionAuthCache.GetUserFunctions(identity.GetUserName());
if (functionIds.Contains(func.Id))
{
return(AuthorizationResult.OK);
}
return(new AuthorizationResult(AuthorizationStatus.Forbidden));
}
/// <summary>
/// 重写以实现指定用户是否有执行指定功能的权限
/// </summary>
/// <param name="function">功能信息</param>
/// <param name="userName">用户名</param>
/// <returns>功能权限检查结果</returns>
protected virtual AuthorizationResult AuthorizeUserName(IFunction function, string userName)
{
if (function.AccessType != FunctionAccessType.RoleLimit)
{
return(AuthorizationResult.OK);
}
Guid[] functionIds = FunctionAuthCache.GetUserFunctions(userName);
if (functionIds.Contains(function.Id))
{
return(AuthorizationResult.OK);
}
return(new AuthorizationResult(AuthorizationStatus.Forbidden));
}