protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AgeRequirement requirement)
{
var httpContext = _httpContextAccessor.HttpContext;
//判断是否为已停用的token
if (!await _jwtApp.IsCurrentActiveTokenAsync())
{
context.Fail();
return;
}
_log.LogInformation("Evaluating authorization requirement for age = {age}", requirement.Age);
var dateOfBirth = context.User.FindFirst(c => c.Type == ClaimTypes.DateOfBirth);
DateTime.TryParse(dateOfBirth.Value, out DateTime birth);
if (birth != null && birth.Year > 1970)
{
int age = DateTime.Today.Year - birth.Year;
if (age >= requirement.Age)
{
context.Succeed(requirement);
return;
}
}
_log.LogInformation($"Current user's age claim does not satified the companyLevel authorization requirement {requirement.Age}");
context.Fail();
return;
}
//授权处理
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement)
{
//Todo:获取角色、Url 对应关系
List <Menu> list = await _menuApp.GetAll();
var httpContext = (context.Resource as AuthorizationFilterContext).HttpContext;
//获取授权方式
var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
if (defaultAuthenticate != null)
{
//验证签发的用户信息
var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
if (result.Succeeded)
{
//判断是否为已停用的 Token
if (!await _jwtApp.IsCurrentActiveTokenAsync())
{
context.Fail();
return;
}
httpContext.User = result.Principal;
//判断角色与 Url 是否对应
//
var url = httpContext.Request.Path.Value;
var role = httpContext.User.Claims.Where(c => c.Type == ClaimTypes.Role).Select(x => x.Value).ToList();
var menu = list.Where(x => url.Contains(x.Url) && role.Contains(x.RoleName)).FirstOrDefault();
if (menu == null)
{
context.Fail();
return;
}
/* var menu = list.Where(x => x.Role.Equals(role) && x.Url.ToLower().Equals(url)).FirstOrDefault()*/;
//判断是否过期
if (DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration).Value) >= DateTime.UtcNow)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return;
}
}
context.Fail();
}
/// <summary>
/// 授权处理
/// </summary>
/// <param name="context"></param>
/// <param name="requirement"></param>
/// <param name="resource">基于资源的授权</param>
/// <returns></returns>
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement /*, IDocument resource */)
{
var httpContext = _httpContextAccessor.HttpContext;
//获取授权方式
var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
if (defaultAuthenticate != null)
{
//验证签发的用户信息
var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
if (result.Succeeded)
{
//判断是否为已停用的token
if (!await _jwtApp.IsCurrentActiveTokenAsync())
{
context.Fail();
return;
}
httpContext.User = result.Principal;
//判断是否过期
if (DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration).Value) < DateTime.UtcNow)
{
context.Fail();
}
//判断角色
//var url = httpContext.Request.Path.Value.ToLower();
var role = httpContext.User.Claims.Where(c => c.Type == ClaimTypes.Role).FirstOrDefault().Value;;
if (context.User.IsInRole("admin"))
{
context.Succeed(requirement);
}
else
{
//允许任何人创建或读取资源
if (requirement == Operations.Create || requirement == Operations.Read)
{
context.Succeed(requirement);
}
else
{
//只有资源的创建者才可以修改和删除
if (context.User.Identity.Name == "admin")//resource.Creator)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
}
return;
}
}
context.Fail();
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionAuthorizationRequirement requirement)
{
var httpContext = _httpContextAccessor.HttpContext;
//获取授权方式
var defaultAuthenticate = await Schemes.GetDefaultAuthenticateSchemeAsync();
if (defaultAuthenticate != null)
{
//验证签发的用户信息
var result = await httpContext.AuthenticateAsync(defaultAuthenticate.Name);
if (result.Succeeded)
{
//判断是否为已停用的token
if (!await _jwtApp.IsCurrentActiveTokenAsync())
{
context.Fail();
return;
}
httpContext.User = result.Principal;
//判断是否过期
if (DateTime.Parse(httpContext.User.Claims.SingleOrDefault(s => s.Type == ClaimTypes.Expiration).Value) < DateTime.UtcNow)
{
context.Fail();
return;
}
}
else
{
context.Fail();
return;
}
}
else
{
context.Fail();
return;
}
var role = context.User.FindFirst(p => p.Type == ClaimTypes.Role);
if (role != null)
{
if (context.User.IsInRole("admin"))
{
context.Succeed(requirement);
return;
}
else
{
var userIdClaim = context.User.FindFirst(p => p.Type == ClaimTypes.NameIdentifier);
if (userIdClaim != null)
{
if (_userStore.CheckPermission(int.Parse(userIdClaim.Value), requirement.Name))
{
context.Succeed(requirement);
return;
}
}
}
}
context.Fail();
}
