public string[] GetAuthInfo() { IServiceProvider provider = HttpContext.RequestServices; IModuleHandler moduleHandler = provider.GetRequiredService <IModuleHandler>(); IFunctionAuthorization functionAuthorization = provider.GetService <IFunctionAuthorization>(); ModuleInfo[] moduleInfos = moduleHandler.ModuleInfos; //先查找出所有有权限的模块 List <ModuleInfo> authModules = new List <ModuleInfo>(); foreach (ModuleInfo moduleInfo in moduleInfos) { bool hasAuth = moduleInfo.DependOnFunctions.All(m => functionAuthorization.Authorize(m, User).IsOk); if (moduleInfo.DependOnFunctions.Length == 0 || hasAuth) { authModules.Add(moduleInfo); } } List <string> codes = new List <string>(); foreach (ModuleInfo moduleInfo in authModules) { string fullCode = moduleInfo.FullCode; //模块下边有功能,或者拥有子模块 if (moduleInfo.DependOnFunctions.Length > 0 || authModules.Any(m => m.FullCode.Length > fullCode.Length && m.FullCode.Contains(fullCode) && m.DependOnFunctions.Length > 0)) { codes.AddIfNotExist(fullCode); } } return(codes.ToArray()); }
/// <summary> /// 重写以实现功能权限的核心验证逻辑 /// </summary> /// <param name="context">权限过滤器上下文</param> /// <param name="function">要验证的功能</param> /// <returns>权限验证结果</returns> protected virtual AuthorizationResult AuthorizeCore(AuthorizationFilterContext context, IFunction function) { IPrincipal user = context.HttpContext.User; IServiceProvider provider = context.HttpContext.RequestServices; IFunctionAuthorization authorization = provider.GetService<IFunctionAuthorization>(); AuthorizationResult result = authorization.Authorize(function, user); return result; }
/// <summary> /// 检测当前用户是否拥有指定URL的功能权限 /// </summary> public static bool CheckFunctionAuth(this ControllerBase controller, string url) { IFunction function = controller.GetFunction(url); if (function == null) { return(false); } IFunctionAuthorization authorization = controller.HttpContext.RequestServices.GetService <IFunctionAuthorization>(); return(authorization.Authorize(function, controller.User).IsOk); }
/// <summary> /// 检测当前用户是否有指定功能的功能权限 /// </summary> public static bool CheckFunctionAuth(this ControllerBase controller, string actionName, string controllerName, string areaName = null) { IServiceProvider provider = controller.HttpContext.RequestServices; IFunctionHandler functionHandler = provider.GetService <IFunctionHandler>(); IFunction function = functionHandler?.GetFunction(areaName, controllerName, actionName); if (function == null) { return(false); } IFunctionAuthorization authorization = provider.GetService <IFunctionAuthorization>(); return(authorization.Authorize(function, controller.User).IsOk); }
public void OnActionExecuting(ActionExecutingContext context) { IServiceProvider provider = context.HttpContext.RequestServices; IFunction function = context.GetExecuteFunction(); if (function == null) { return; } ScopedDictionary dict = provider.GetService <ScopedDictionary>(); dict.Function = function; // 数据权限有效角色,即有当前功能权限的角色 IFunctionAuthorization functionAuthorization = provider.GetService <IFunctionAuthorization>(); ClaimsPrincipal principal = context.HttpContext.User; string[] roleName = functionAuthorization.GetOkRoles(function, principal); dict.DataAuthValidRoleNames = roleName; IAuditingConfiguration configuration = provider.GetRequiredService <IAuditingConfiguration>(); if (!AuditingHelper.ShouldSaveAudit(configuration, principal, function, context.ActionDescriptor.GetMethodInfo())) { return; } AuditOperationEntry operation = new AuditOperationEntry { FunctionName = function.Name, ClientIpAddress = context.HttpContext.GetClientIp(), UserAgent = context.HttpContext.Request.Headers["User-Agent"].FirstOrDefault(), CreatedTime = DateTime.Now }; if (principal.Identity.IsAuthenticated && principal.Identity is ClaimsIdentity identity) { operation.UserId = identity.GetUserId(); operation.UserName = identity.GetUserName(); operation.NickName = identity.GetNickName(); } dict.AuditOperation = operation; }
/// <summary> /// 验证是否拥有指定模块的权限 /// </summary> /// <param name="module">要验证的模块</param> /// <param name="empty">返回模块是否为空模块,即是否分配有功能</param> /// <returns></returns> private bool CheckFuncAuth(Module module, out bool empty) { IServiceProvider services = HttpContext.RequestServices; IFunctionAuthorization authorization = services.GetRequiredService <IFunctionAuthorization>(); Function[] functions = _securityManager.ModuleFunctions.Where(m => m.ModuleId == module.Id).Select(m => m.Function).ToArray(); empty = functions.Length == 0; if (empty) { return(true); } foreach (Function function in functions) { if (!authorization.Authorize(function, User).IsOk) { return(false); } } return(true); }
/// <inheritdoc /> public override void OnActionExecuting(ActionExecutingContext context) { IServiceProvider provider = context.HttpContext.RequestServices; IFunction function = context.GetExecuteFunction(); if (function == null) { return; } ScopedDictionary dict = provider.GetService <ScopedDictionary>(); dict.Function = function; // 数据权限有效角色,即有当前功能权限的角色 IFunctionAuthorization functionAuthorization = provider.GetService <IFunctionAuthorization>(); string[] roleName = functionAuthorization.GetOkRoles(function, context.HttpContext.User); dict.DataAuthValidRoleNames = roleName; if (!function.AuditOperationEnabled) { return; } AuditOperationEntry operation = new AuditOperationEntry { FunctionName = function.Name, Ip = context.HttpContext.GetClientIp(), UserAgent = context.HttpContext.Request.Headers["User-Agent"].FirstOrDefault(), CreatedTime = DateTime.Now }; if (context.HttpContext.User.Identity.IsAuthenticated && context.HttpContext.User.Identity is ClaimsIdentity identity) { operation.UserId = identity.GetUserId(); operation.UserName = identity.GetUserName(); operation.NickName = identity.GetNickName(); } dict.AuditOperation = operation; }
/// <summary> /// 初始化一个<see cref="FunctionAuthorizationHandler"/>类型的新实例 /// </summary> public FunctionAuthorizationHandler(IFunctionAuthorization functionAuthorization, IHttpContextAccessor httpContextAccessor) { _functionAuthorization = functionAuthorization; _httpContextAccessor = httpContextAccessor; }
/// <summary> /// 初始化一个<see cref="FunctionAuthorizationHandler"/>类型的新实例 /// </summary> public FunctionAuthorizationHandler(IFunctionAuthorization functionAuthorization, IHttpContextAccessor httpContextAccessor, IServiceProvider provider) { _functionAuthorization = functionAuthorization; _httpContextAccessor = httpContextAccessor; _provider = provider; }
//public List<string> GetAuthInfo() public async Task <IActionResult> GetAuthInfo() { try { // 出于性能考虑,将EF导航查询更改为关联查询 var cache = ServiceProvider.GetService <IDistributedCache>(); var key = $"{User.Identity.Name}.AuthInfo"; DistributedCacheEntryOptions options = new DistributedCacheEntryOptions(); options.SetSlidingExpiration(TimeSpan.FromMinutes(120)); var authInfo = await cache.GetAsync <List <string> >(key, async() => { IFunctionAuthorization authorization = ServiceProvider.GetService <IFunctionAuthorization>(); List <AuthItem> list = new List <AuthItem>(); Module[] modules = await _securityManager.Modules.ToArrayAsync(); foreach (Module module in modules) { if (CheckFuncAuth(module, authorization, out bool empty)) { list.Add(new AuthItem { Code = GetModuleTreeCode(module, modules), HasFunc = !empty }); } } //var moduleFunctions = await (from module in _securityManager.Modules // join moduleFunction in _securityManager.ModuleFunctions // on module.Id equals moduleFunction.ModuleId // join function in _securityManager.Functions // on moduleFunction.FunctionId equals function.Id into f // select new { Module = module, Functions = f }).ToListAsync(); //var modules = moduleFunctions.Select(m => m.Module).ToArray(); foreach (var item in modules) { if (CheckFuncAuth(item, authorization, out bool empty)) { list.Add(new AuthItem { Code = GetModuleTreeCode(item, modules), HasFunc = !empty }); } } List <string> codes = new List <string>(); foreach (AuthItem item in list) { if (item.HasFunc) { codes.Add(item.Code); } else if (list.Any(m => m.Code.Length > item.Code.Length && m.Code.Contains(item.Code) && m.HasFunc)) { codes.Add(item.Code); } } return(codes); }, options); return(Json(authInfo)); }