public async Task <AuthorizeData[]> GetAuthorizeDatasAsync(string resourceId, CancellationToken cancellationToken)
{
TResource resource = await SystemResourceService.FindByIdAsync(resourceId, cancellationToken);
if (resource == null)
{
throw new InvalidOperationException($" '未定义相关资源:{resourceId}!");
}
AuthorizeData authorizeData = new AuthorizeData
{
ResoureId = resourceId
};
if (string.IsNullOrWhiteSpace(resource.PermissionId))
{
throw new InvalidOperationException($"未对ResourceId为:{resourceId}的资源 配置任何权限");
}
TPermission permission = await SystemPermissionService.FindByIdAsync(resource.PermissionId, cancellationToken);
if (permission == null)
{
throw new InvalidOperationException($"未对ResourceId为:{resourceId}的资源 配置任何权限");
}
authorizeData.AllowedAnonymous = permission.AllowedAnonymous;
authorizeData.AllowedAllRoles = permission.AllowedAllRoles;
authorizeData.DeniedAll = permission.DeniedAll;
if (!authorizeData.DeniedAll && !authorizeData.AllowedAllRoles)
{
IEnumerable <string>[] result = await Task.WhenAll(SystemPermissionService.GetRolesAsync(permission.Id, cancellationToken),
SystemPermissionService.GetUsersAsync(permission.Id, cancellationToken));
authorizeData.AllowedRoles = result[0];
authorizeData.AllowedUsers = result[1];
}
return(new AuthorizeData[] { authorizeData });
}
public async Task <AuthorizationPolicy> CombineAsync(AuthorizeData authorizeData)
{
// Avoid allocating enumerator if the data is known to be empty
var skip = authorizeData == null;
if (skip)
{ // If we have no policy by now, use the fallback policy if we have one
var fallbackPolicy = await PolicyProvider.GetFallbackPolicyAsync();
if (fallbackPolicy != null)
{
return(fallbackPolicy);
}
}
else
{
AuthorizationPolicyBuilder policyBuilder = new AuthorizationPolicyBuilder();
var useDefaultPolicy = true;
if (authorizeData.DeniedAll)
{
policyBuilder.AddRequirements(new DenyAllAuthorizationRequirement(true));
useDefaultPolicy = false;
}
else
{
if (!authorizeData.AuthenticationSchemes.IsNullOrEmpty())
{
foreach (string scheme in authorizeData.AuthenticationSchemes)
{
policyBuilder.AuthenticationSchemes.Add(scheme.Trim());
}
}
// 假如允许所有角色访问,只需要求登录即可
if (authorizeData.AllowedAllRoles)
{
policyBuilder.RequireAuthenticatedUser();
useDefaultPolicy = false;
}
else
{
if (!authorizeData.Policies.IsNullOrEmpty())
{
foreach (string policyName in authorizeData.Policies)
{
var policy = await PolicyProvider.GetPolicyAsync(policyName);
if (policy == null)
{
throw new InvalidOperationException($"找不到名为: '{policyName}'的策略!");
}
policyBuilder.Combine(policy);
}
useDefaultPolicy = false;
}
if (!authorizeData.AllowedUsers.IsNullOrEmpty() || !authorizeData.AllowedRoles.IsNullOrEmpty())
{
policyBuilder.AddRequirements(new RolesOrUsersAuthorizationRequirement(authorizeData.AllowedUsers, authorizeData.AllowedRoles));
useDefaultPolicy = false;
}
}
if (useDefaultPolicy)
{
policyBuilder.Combine(await PolicyProvider.GetDefaultPolicyAsync());
}
}
return(policyBuilder?.Build());
}
return(null);
}
