private async Task <PermissionConfiguration> GetPermissionConfigurationAsync()
{
PermissionConfiguration permissionConfiguration = new();
IEnumerable <string> policyNames = _permissionDefinitionManager.GetPermissions().Select(p => p.Name);
PropertyInfo?policyMapProperty = typeof(AuthorizationOptions).GetProperty("PolicyMap", BindingFlags.Instance | BindingFlags.NonPublic);
if (policyMapProperty is not null)
{
object?policyMapPropertyValue = policyMapProperty.GetValue(_authorizationOptions);
if (policyMapPropertyValue is not null)
{
policyNames = policyNames.Union(((IDictionary <string, AuthorizationPolicy>)policyMapPropertyValue).Keys.ToList());
}
}
List <string> permissionPolicyNames = new();
List <string> otherPolicyNames = new();
foreach (var policyName in policyNames)
{
if (_permissionDefinitionManager.GetOrNull(policyName) is not null)
{
permissionPolicyNames.Add(policyName);
}
else
{
otherPolicyNames.Add(policyName);
}
}
foreach (var policyName in otherPolicyNames)
{
permissionConfiguration.Policies[policyName] = true;
if (_httpContextAccessor is not null && _httpContextAccessor.HttpContext is not null)
{
if ((await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext.User, policyName)).Succeeded)
{
permissionConfiguration.GrantedPolicies[policyName] = true;
}
}
}
MultiplePermissionGrantResult result = await _permissionChecker.IsGrantedAsync(permissionPolicyNames.ToArray());
foreach (var(key, value) in result.Result)
{
permissionConfiguration.Policies[key] = true;
if (value == PermissionGrantResult.Granted)
{
permissionConfiguration.GrantedPolicies[key] = true;
}
}
return(permissionConfiguration);
}
private void PermissionChecker(string permissionName)
{
if (!permissionName.IsNullOrWhiteSpace())
{
var permission = _permissionDefinitionManager.GetOrNull(permissionName);
if (permission == null)
{
throw new UserFriendlyException($"未知的权限:“{permissionName}”。");
}
}
}
public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var permission = _permissionDefinitionManager.GetOrNull(policyName);
if (permission == null)
{
return(await base.GetPolicyAsync(policyName));
}
//TODO: Optimize!
var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty <string>());
policyBuilder.Requirements.Add(new PermissionRequirement(policyName));
return(policyBuilder.Build());
}
public async override Task <AuthorizationPolicy?> GetPolicyAsync(string policyName)
{
AuthorizationPolicy?policy = await base.GetPolicyAsync(policyName);
if (policy is not null)
{
return(policy);
}
var permission = _permissionDefinitionManager.GetOrNull(policyName);
if (permission is not null)
{
var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty <string>());
policyBuilder.Requirements.Add(new PermissionRequirement(policyName));
return(policyBuilder.Build());
}
return(null);
}
public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var permissionName = policyName;
var policy = await base.GetPolicyAsync(permissionName);
if (policy != null)
{
return(policy);
}
return(_authorizationPolicies.GetOrAdd(permissionName, key =>
{
var permission = _permissionDefinitionManager.GetOrNull(permissionName);
if (permission != null)
{
var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty <string>());
policyBuilder.Requirements.Add(new PermissionRequirement(permissionName));
return policyBuilder.Build();
}
return default;
}));
}
public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var policy = await base.GetPolicyAsync(policyName);
if (policy != null)
{
return(policy);
}
var permission = _permissionDefinitionManager.GetOrNull(policyName);
if (permission != null)
{
//TODO: Optimize & Cache!
// 通过 Builder 构建一个策略。
var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty <string>());
// 创建一个 PermissionRequirement 对象添加到限定条件组中。
policyBuilder.Requirements.Add(new PermissionRequirement(policyName));
return(policyBuilder.Build());
}
return(null);
}
public void GetOrNull()
{
_permissionDefinitionManager.GetOrNull("Permission_Test_1").ShouldNotBeNull();
_permissionDefinitionManager.GetOrNull("NotFoundPermission").ShouldBeNull();
}
protected virtual async Task <ApplicationAuthConfigurationDto> GetAuthConfigAsync()
{
var authConfig = new ApplicationAuthConfigurationDto();
var policyNames = await _abpAuthorizationPolicyProvider.GetPoliciesNamesAsync();
var abpPolicyNames = new List <string>();
var otherPolicyNames = new List <string>();
foreach (var policyName in policyNames)
{
if (await _defaultAuthorizationPolicyProvider.GetPolicyAsync(policyName) == null && _permissionDefinitionManager.GetOrNull(policyName) != null)
{
abpPolicyNames.Add(policyName);
}
else
{
otherPolicyNames.Add(policyName);
}
}
foreach (var policyName in otherPolicyNames)
{
authConfig.Policies[policyName] = true;
if (await _authorizationService.IsGrantedAsync(policyName))
{
authConfig.GrantedPolicies[policyName] = true;
}
}
var result = await _permissionChecker.IsGrantedAsync(abpPolicyNames.ToArray());
foreach (var(key, value) in result.Result)
{
authConfig.Policies[key] = true;
if (value == PermissionGrantResult.Granted)
{
authConfig.GrantedPolicies[key] = true;
}
}
return(authConfig);
}