Exemplo n.º 1
0
        /// <summary>
        /// 从cookie中获取UserId
        /// </summary>
        /// <param name="cookie"></param>
        /// <returns></returns>
        public static LoginClaim GetSessionUser(CookieHeaderValue cookie)
        {
            LoginClaim user = new LoginClaim {
                UserName = "",//匿名用户
                Roles    = new HashSet <string>()
            };

            if (cookie != null)
            {
                var session    = cookie[COOKIENAME];
                var userCookie = cookie["user"];
                if (session != null && !session.Value.Equals(""))
                {
                    byte[] bytes = Convert.FromBase64String(session.Value);
                    using (MemoryStream ms = new MemoryStream(bytes, 0, bytes.Length)) {
                        ms.Write(bytes, 0, bytes.Length);
                        ms.Position = 0;
                        var obj = new BinaryFormatter().Deserialize(ms);
                        user = (LoginClaim)obj;
                    }
                }
                else if (userCookie != null && userCookie.Value.Equals("root"))
                {
                    user.Roles.Add("Root");
                    user.UserName = "******";
                }
            }
            return(user);
        }
Exemplo n.º 2
0
        /// <summary>
        /// 认证,此用户是否对JDBCEntity有某一操作权限
        /// </summary>
        /// <param name="id">节点ID</param>
        /// <param name="user">发起操作用户</param>
        /// <param name="operation">操作类型:"421"(4代表读权限,2代表写权限,1代表节点管理权限)</param>
        /// <returns>Accreditation</returns>
        public async Task <bool> Authorization(Guid id, LoginClaim user, string operation)
        {
            JDBCEntity entity = await myCoreService.GetOneByIdAsync(id);

            //管理员或所有者直接拥有所有权限,包括根节点
            if (IsRootRole(user) || (entity != null && entity.User.Equals(user.UserName)))
            {
                return(true);
            }
            //entity不存在直接返回false
            else if (entity == null)
            {
                return(false);
            }
            //验证某个用户是否拥有对当前节点的某操作权限
            else if (entity.GroupPermission.ContainsKey(user.UserName) && entity.GroupPermission[user.UserName].Contains(operation))
            {
                return(true);
            }
            //验证某个操作是否属于开放权限
            else if (entity.OthersPermission.Contains(operation))
            {
                return(true);
            }
            //当权限可继承时,验证某个用户是否拥有对(祖)父节点的某操作权限
            else if (entity.QueryToParentPermission)
            {
                return(await Authorization(entity.ParentId, user, operation));
            }
            else
            {
                return(false);
            }
        }
Exemplo n.º 3
0
        /// <summary>
        /// 授权,给newuser一个指定权限
        /// </summary>
        /// <param name="id">节点ID</param>
        /// <param name="user">发起授权用户</param>
        /// <param name="newuser">被授权用户</param>
        /// <param name="permisssion">键值对:("group", "1")</param>
        /// <returns></returns>
        public async Task AssignPermission(Guid id, LoginClaim user, string newuser, KeyValuePair <string, string> permisssion)
        {
            JDBCEntity entity = await myCoreService.GetOneByIdAsync(id);

            if (entity == null)
            {
                throw new Exception(ErrorMessages.EntityNotFoundError);
            }
            else if (!user.Equals(entity.User) && !IsRootRole(user))
            {
                throw new Exception(ErrorMessages.WrongUserError);
            }
            else //管理员和所有者可进行权限设置
            {
                switch (permisssion.Key.ToLower())
                {
                case "user":    //指定所有者
                    entity.SetUser(newuser);
                    break;

                case "group":    //设置其他用户权限
                    if (entity.GroupPermission.ContainsKey(newuser))
                    {
                        entity.GroupPermission[newuser] = permisssion.Value;
                    }
                    else
                    {
                        entity.GroupPermission.Add(newuser, permisssion.Value);
                    }
                    break;

                case "others":    //设置默认用户权限
                    entity.OthersPermission = permisssion.Value;
                    break;

                default:
                    throw new Exception(ErrorMessages.NotValidUpdateOperatorError);
                }
                await myCoreService.SaveAsync(entity);
            }
        }
Exemplo n.º 4
0
 public bool IsRootRole(LoginClaim user)
 {
     return(user.Roles.Contains("Admin") || user.Roles.Contains("Root"));
 }
Exemplo n.º 5
0
 /// <summary>
 ///
 /// </summary>
 /// <param name="id"></param>
 /// <param name="user"></param>
 /// <param name="operation">read:4,write:2,x:1,operation:"421"</param>
 /// <returns></returns>
 public async Task <bool> Authorization(Guid id, LoginClaim user, string operation)
 {
     return(await myPermission.Authorization(id, user, operation));
 }
Exemplo n.º 6
0
 public async Task AssignPermission(Guid id, LoginClaim owner, string newuser, KeyValuePair <string, string> permisssion)
 {
     await myPermission.AssignPermission(id, owner, newuser, permisssion);
 }