예제 #1
0
        /// <summary>
        /// 验证权限,
        /// 每个Action都必须加上PermissionAuthroize的描述,
        /// 且必须为Operate,Module给值,
        /// 然后如果参数中存在ViewModel,则取Id作为数据权限验证的唯一标识
        /// </summary>
        /// <param name="context"></param>
        /// <returns></returns>
        public virtual async Task <bool> Authorize(AuthorizationContext context)
        {
            var descriptor          = context.ActionDescriptor as ControllerActionDescriptor;
            var attributes          = descriptor.MethodInfo.CustomAttributes;
            var permissionAuthorize = attributes.Where(p => p.AttributeType == typeof(PermissionAuthroizeAttribute)).FirstOrDefault();

            if (permissionAuthorize != null)
            {
                var operate = "";
                var module  = "";
                foreach (var arg in permissionAuthorize.NamedArguments)
                {
                    if (arg.MemberName == nameof(PermissionAuthroizeAttribute.Operate))
                    {
                        operate = arg.TypedValue.Value.ToString();
                    }
                    else if (arg.MemberName == nameof(PermissionAuthroizeAttribute.Module))
                    {
                        module = arg.TypedValue.Value.ToString();
                    }
                }
                var parameters = descriptor.Parameters;

                var rightContext = new RightAuthorizeContext(context, module, operate, parameters);
                return(await FrameworkConfig.IocConfig.Resolve <RightAuthorize>().AuthorizeAsync(rightContext));
            }

            return(true);
        }
예제 #2
0
        public async Task <bool> AuthorizeAsync(RightAuthorizeContext context)
        {
            if (string.IsNullOrWhiteSpace(context.ModuleKey))
            {
                throw new ArgumentNullException(nameof(context.ModuleKey));
            }

            if (string.IsNullOrWhiteSpace(context.Operate))
            {
                throw new ArgumentNullException(nameof(context.Operate));
            }


            RightAuthorizeResult result = null;

            foreach (var handler in Handlers.OrderBy(p => p.Option.Order))
            {
                result = await handler.AuthorizeAsync(context);

                if (result.Failed != null)
                {
                    return(false);
                }
            }

            return(true);
        }
예제 #3
0
        public override async Task <RightAuthorizeResult> Authorize(RightAuthorizeContext context)
        {
            string userId = "", username = "";
            var    user = context.HttpContext.User;

            foreach (var identity in user.Identities)
            {
                if (identity.IsAuthenticated && identity.AuthenticationType == Const.AUTHORIZE_TYPE)
                {
                    foreach (var item in identity.Claims)
                    {
                        if (item.Type == Const.AUTHORIZE_NAME_IDENTITY_SCHEME)
                        {
                            userId = item.Value;
                        }
                        else if (item.Type == Const.AUTHORIZE_NAME_SCHEME)
                        {
                            username = item.Value;
                        }
                    }
                }
            }

            if (string.IsNullOrWhiteSpace(userId) || string.IsNullOrWhiteSpace(username))
            {
                throw new InvalidOperationException(Resources.EXCEPTION_USER_NOT_FOUND);
            }

            var userService = FrameworkConfig.IocConfig.Resolve <UserService>();
            var userInfo    = await userService.FindUserById(userId);

            throw new Exception();
        }
예제 #4
0
        public async Task<RightAuthorizeResult> AuthorizeAsync(RightAuthorizeContext context)
        {
            var loggerFactory = context.HttpContext.ApplicationServices.GetService<ILoggerFactory>();
            var logger = loggerFactory.CreateLogger(nameof(RightHandler<TOption>.AuthorizeAsync));

            var result = RightAuthorizeResult.Skip();
            if (Option.Scheme == RightOption.AUTOMIC_SCHEME || Option.Scheme.Split(',').Contains(context.ModuleKey))
            {
                result = await Authorize(context);
                if (result.Successed)
                {
                    logger.LogVerbose($"scheme is {context.ModuleKey} Right Authorization Success");
                    await AuthorizeSuccess(context);
                }
                else if (result.Failed != null)
                {
                    logger.LogVerbose($"scheme is {context.ModuleKey} Right Authorization Failed");
                    await AuthorizeFail(context, result.Failed);
                }
                else
                {
                    logger.LogVerbose($"scheme is {context.ModuleKey} Right Authorization Skip");
                }
            }
            return result;
        }
예제 #5
0
        public virtual Task AuthorizeFail(RightAuthorizeContext context, Exception ex)
        {
            context.HttpContext.Response.StatusCode = 401;

            return Task.FromResult<object>(null);
        }
예제 #6
0
 public virtual Task AuthorizeSuccess(RightAuthorizeContext context) => Task.FromResult<object>(null);
예제 #7
0
 public abstract Task<RightAuthorizeResult> Authorize(RightAuthorizeContext context);