public PermissionCheckResult Check(RoleBasedPermissionRule rule, PermissionCheckContext checkContext) { //todo: allowed super do any thing! if (rule == null) { return(PermissionCheckResult.Allowed.WithMessage("没有定义规则 => 放行")); } if (checkContext.CheckPermissionIds == null || checkContext.CheckPermissionIds.Count == 0) { return(PermissionCheckResult.Allowed.WithMessage("没有指定需要检测的PermissionId => 放行")); } if (!checkContext.MatchPermissionId(rule.PermissionId)) { return(PermissionCheckResult.NotSure .WithMessage($"规则不匹配 => 无法判断: {rule.PermissionId} ? [{string.Join(',', checkContext.CheckPermissionIds)}]") .WithData(rule.PermissionId)); } var userContext = checkContext.CurrentUserContext; if (rule.NeedGuest()) { return(PermissionCheckResult.Allowed.WithMessage("访客规则 => 满足").WithData(rule.PermissionId)); } var hasLogin = userContext.IsLogin(); if (!hasLogin) { return(PermissionCheckResult.Forbidden.WithMessage("需要登录 => 不满足").WithData(rule.PermissionId)); } if (rule.NeedLogin()) { return(PermissionCheckResult.Allowed.WithMessage("需要登录 => 满足").WithData(rule.PermissionId)); } var msg = $"指定用户或角色: ctx:[{userContext.User}],[{userContext.Roles.MyJoin()}] + rule:[{rule.AllowedUsers}],[{rule.AllowedRoles}]"; if (rule.NeedUsersOrRoles(userContext.User, userContext.Roles.MyJoin())) { return(PermissionCheckResult.Allowed.WithMessage(msg + " => 满足").WithData(rule.PermissionId)); } return(PermissionCheckResult.Forbidden.WithMessage(msg + " => 不满足").WithData(rule.PermissionId)); }
private static PermissionCheckResult CheckRoleBasedRule(this PermissionCheckContext checkContext, RoleBasedRule rule) { if (!checkContext.MatchPermissionId(rule.PermissionId)) { return(PermissionCheckResult.NotSure .WithMessage($"规则中没有发现匹配的规则: {rule.PermissionId} not found in [{string.Join(',', checkContext.NeedCheckPermissionIds)}] ") .WithData(rule.PermissionId)); } var ruleExpression = rule.ToExpression(); var userContext = checkContext.UserContext; var msg = $"userContext:[{userContext.User}],[{userContext.Roles.JoinToOneValue()}] ? rule:[{rule.Rule}]"; if (ruleExpression.ValidateNeedGuest()) { return(PermissionCheckResult.Allowed.WithMessage("访客规则 => 满足 " + msg).WithData(rule.PermissionId)); } var hasLogin = userContext.IsLogin(); if (!hasLogin) { return(PermissionCheckResult.Forbidden.WithMessage("需要登录 => 不满足 " + msg).WithData(rule.PermissionId)); } if (ruleExpression.ValidateNeedLogin()) { return(PermissionCheckResult.Allowed.WithMessage("需要登录 => 满足 " + msg).WithData(rule.PermissionId)); } if (ruleExpression.ValidateNeedAnyOfUsersOrRoles(userContext.User, userContext.Roles.JoinToOneValue())) { return(PermissionCheckResult.Allowed.WithMessage("满足 " + msg).WithData(rule.PermissionId)); } return(PermissionCheckResult.Forbidden.WithMessage("不满足 " + msg).WithData(rule.PermissionId)); }
public Task<bool> ShouldCareAsync(PermissionCheckContext permissionCheckContext) { return permissionCheckContext.MatchPermissionId(DemoConst.PermissionIds.DemoBasedOp).AsTask(); }
public Task <bool> ShouldCareAsync(ICurrentUserContext userContext, PermissionCheckContext permissionCheckContext) { //按需决定是否需要参与 return(Task.FromResult(permissionCheckContext.MatchPermissionId(KnownPermissionIds.DemoOp))); }