/// <summary> /// 检查用户是否满足指定的权限要求 /// </summary> /// <param name="user">用户</param> /// <param name="requirement">权限要求</param> /// <param name="errorMessage">验证不通过时的信息</param> public virtual bool IsAuthorized(User user, AuthRequirement requirement, out string errorMessage) { // 要求主租户,但用户不属于主租户 if (requirement.RequireMasterTenant && (user == null || !user.OwnerTenant.IsMaster)) { errorMessage = new T("Action require user under master tenant"); return(false); } // 用户类型不匹配 if (requirement.RequireUserType != null && (user == null || !HasUserType(user, requirement.RequireUserType))) { errorMessage = new T( "Action require user to be '{0}'", new T(requirement.RequireUserType.Name)); return(false); } // 未拥有所有要求的权限 if (requirement.RequirePrivileges != null && (user == null || !HasPrivileges(user, requirement.RequirePrivileges))) { var translator = ZKWeb.Application.Ioc.Resolve <IPrivilegeTranslator>(); errorMessage = new T("Action require user to be '{0}', and have privileges '{1}'", new T(requirement.RequireUserType?.Name), string.Join(",", requirement.RequirePrivileges.Select(p => translator.Translate(p)))); return(false); } errorMessage = null; return(true); }
/// <summary> /// 检查当前用户是否满足指定的权限要求 /// 不满足时抛出403例外 /// </summary> /// <param name="userType">用户类型,例如typeof(IAmAdmin)</param> /// <param name="privileges">要求的权限列表</param> public virtual void Check(AuthRequirement requirement) { var sessionManager = ZKWeb.Application.Ioc.Resolve <SessionManager>(); var user = sessionManager.GetSession().GetUser(); string errorMessage; if (!IsAuthorized(user, requirement, out errorMessage)) { throw new ForbiddenException(errorMessage); } }
protected void CheckSystemAccess(Dictionary <string, string[]> groupsAllowedAccess) { string error = ""; if (_config.systemAccessRequirements != null && _config.systemAccessRequirements.Count > 0) { if (!AuthRequirement.EvaluateOr(groupsAllowedAccess, _config.systemAccessRequirements, ref error)) { throw new Exception(string.Format("User does not meet system access requirements! ({0})", error)); } } }
/// <summary> /// 执行前检查权限 /// </summary> public override Func <IActionResult> Filter(Func <IActionResult> action) { return(() => { if (string.IsNullOrEmpty(HttpMethod) || HttpMethod.Equals( HttpManager.CurrentContext.Request.Method, StringComparison.OrdinalIgnoreCase)) { var requirement = new AuthRequirement( RequireMasterTenant, RequireUserType, RequirePrivileges); var privilegeManager = ZKWeb.Application.Ioc.Resolve <PrivilegeManager>(); privilegeManager.Check(requirement); } return action(); }); }