public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <ICommonPart>()) { if (OwnerVariationExists(context.Permission) && HasOwnership(context.User, context.Content)) { context.Adjusted = true; context.Permission = GetOwnerVariation(context.Permission); } var typeDefinition = context.Content.ContentItem.TypeDefinition; // replace permission if a content type specific version exists if (typeDefinition.Settings.GetModel <ContentTypeSettings>().Securable) { var permission = GetContentTypeVariation(context.Permission); if (permission != null) { context.Adjusted = true; context.Permission = DynamicPermissions.CreateDynamicPermission(permission, typeDefinition); } } } }
public void Adjust(CheckAccessContext context) { if (context.Content.Is <OrderPart>()) { if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = OrdersPermissions.CreateOrders; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.EditOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = OrdersPermissions.ManageOrders; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = OrdersPermissions.ManageOrders; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.ViewOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = OrdersPermissions.ViewOrders; } } }
private static Permission TryGetOwnerVariation(Permission permission, CheckAccessContext context) { if (HasOwnership(context.User, context.Content)) { if (permission.Name == Core.Contents.Permissions.PublishContent.Name) { return(Core.Contents.Permissions.PublishOwnContent); } if (permission.Name == Core.Contents.Permissions.EditContent.Name) { return(Core.Contents.Permissions.EditOwnContent); } if (permission.Name == Core.Contents.Permissions.DeleteContent.Name) { return(Core.Contents.Permissions.DeleteOwnContent); } if (permission.Name == Core.Contents.Permissions.ViewContent.Name) { return(Core.Contents.Permissions.ViewOwnContent); } if (permission.Name == Core.Contents.Permissions.PreviewContent.Name) { return(Core.Contents.Permissions.PreviewOwnContent); } return(null); } else { return(permission); } }
public void Adjust(CheckAccessContext context) { Permission permission = context.Permission; if (context.Content.Is <ICommonPart>()) { var typeDefinition = context.Content.ContentItem.TypeDefinition; // adjusting permissions only if the content is not securable if (!typeDefinition.Settings.GetModel <ContentTypeSettings>().Securable) { string stereotype; if (context.Permission == Core.Contents.Permissions.ViewContent || context.Permission == Core.Contents.Permissions.ViewOwnContent) { if (context.Content.Is <WidgetPart>()) { context.Granted = true; context.Adjusted = false; } else if (context.Content != null && ((context.Content.ContentItem.TypeDefinition.Settings.TryGetValue("Stereotype", out stereotype) && stereotype == "MenuItem") || context.Content.ContentItem.ContentType == "Menu")) { context.Granted = true; context.Adjusted = false; } } } } }
public void Adjust(CheckAccessContext context) { // when checking permissions for WidgetExPart inside a WidgetContainer // use the permission to ManageWidgetContainer // If we haven't yet granted the user permission to do whatever they are trying to, and // we are testing for one of the "manage" permissions from Orchard.Core.Contents // (with safety checks to ensure we are checking on a content item): if (!context.Granted && IsCoreManagePermission(context.Permission) && context.Content != null && context.Content.ContentItem != null) { // We are only going to worry about widgets that aren't securable, because // those we assume will have been configured properly. If they haven't, we have // other levers to handle that precisely anyway. var typeDefinition = context.Content.ContentItem.TypeDefinition; if (!typeDefinition.Settings.GetModel <ContentTypeSettings>().Securable) { // We are only going to worry about widgets if (context.Content.ContentItem.Is <WidgetExPart>()) { // Checking for the ability for a user to manage this widget. // All this we are doing doesn't apply on the page/controller for a site's widgets // but only for widgets within a WidgetsContainer. if (!RequestIsInWidgetsAdmin()) { context.Granted = false; context.Adjusted = true; context.Permission = Permissions.ManageContainerWidgets; } } } } }
public void Complete(CheckAccessContext context) { if (context.Content.As <WishListListPart>() != null) { _wishListsPermissionsService.Complete(context); } }
public void Checking(CheckAccessContext context) { Permission permission = context.Permission; if (context.Content.Is <ICommonPart>()) { var typeDefinition = context.Content.ContentItem.TypeDefinition; // adjusting permissions only if the content is not securable if (!typeDefinition.Settings.GetModel <ContentTypeSettings>().Securable) { if (context.Content.Is <TermPart>()) { if (context.Permission == Core.Contents.Permissions.CreateContent) { permission = Permissions.CreateTerm; } else if (context.Permission == Core.Contents.Permissions.EditContent) { permission = Permissions.EditTerm; } else if (context.Permission == Core.Contents.Permissions.PublishContent) { permission = Permissions.EditTerm; } else if (context.Permission == Core.Contents.Permissions.DeleteContent) { permission = Permissions.DeleteTerm; } } else if (context.Content.Is <TaxonomyPart>()) { if (context.Permission == Core.Contents.Permissions.CreateContent) { permission = Permissions.CreateTaxonomy; } else if (context.Permission == Core.Contents.Permissions.EditContent) { permission = Permissions.CreateTaxonomy; } else if (context.Permission == Core.Contents.Permissions.PublishContent) { permission = Permissions.CreateTaxonomy; } else if (context.Permission == Core.Contents.Permissions.DeleteContent) { permission = Permissions.ManageTaxonomies; } } if (permission != context.Permission) { context.Granted = false; //Force granted to false so next adjust iteration will check against the new permission starting from an unauthorized condition context.Permission = permission; context.Adjusted = true; } } } }
public void Adjust(CheckAccessContext context) { Permission permission = context.Permission; // adjusting permissions only if the content is not securable if (!context.Granted && context.Content.Is <ICommonPart>()) { var typeDefinition = context.Content.ContentItem.TypeDefinition; if (!typeDefinition.Settings.GetModel <ContentTypeSettings>().Securable) { if (context.Content.Is <TermPart>()) { if (context.Permission == Core.Contents.Permissions.CreateContent) { permission = Permissions.CreateTerm; } else if (context.Permission == TryGetOwnerVariation(Core.Contents.Permissions.EditContent, context)) { permission = Permissions.EditTerm; } else if (context.Permission == TryGetOwnerVariation(Core.Contents.Permissions.PublishContent, context)) { permission = Permissions.EditTerm; } else if (context.Permission == TryGetOwnerVariation(Core.Contents.Permissions.DeleteContent, context)) { permission = Permissions.DeleteTerm; } } else if (context.Content.Is <TaxonomyPart>()) { if (context.Permission == Core.Contents.Permissions.CreateContent) { permission = Permissions.CreateTaxonomy; } else if (context.Permission == TryGetOwnerVariation(Core.Contents.Permissions.EditContent, context)) { permission = Permissions.CreateTaxonomy; } else if (context.Permission == TryGetOwnerVariation(Core.Contents.Permissions.PublishContent, context)) { permission = Permissions.CreateTaxonomy; } else if (context.Permission == TryGetOwnerVariation(Core.Contents.Permissions.DeleteContent, context)) { permission = Permissions.ManageTaxonomies; } } if (permission != context.Permission) { context.Permission = permission; context.Adjusted = true; } } } }
public void Adjust(CheckAccessContext context) { var mediaPart = context.Content.As <MediaPart>(); if (mediaPart != null) { context.Granted = _mediaLibraryService.CheckMediaFolderPermission(context.Permission, mediaPart.FolderPath); } }
public void Adjust(CheckAccessContext context) { if (context.Granted || context.Permission != Permissions.ViewProfiles || context.Content != context.User) { return; } context.Adjusted = true; context.Permission = Permissions.ViewOwnProfile; }
public void Checking(CheckAccessContext context) { if (context.User != null && this.userService.IsSkautIsUser(context.User)) { var userPart = context.User.As <SkautIsUserPart>(); RefreshUserToken(userPart); AddRoles(userPart); } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name && context.Content != null && context.Content.ContentItem.ContentType == "CustomForm") { context.Adjusted = true; context.Permission = Permissions.CreateSubmitPermission(context.Content.ContentItem.As <CustomFormPart>().ContentType); } }
public void Adjust(CheckAccessContext context) { if (!context.Granted) { // Are we checking for a "PublishOwn" type permission? if (context.Permission.Name.StartsWith("PublishOwn_")) { // Hmmm... } } }
public void Complete(CheckAccessContext context) { //if we granted permission for the contact, we still need to check for the //ShowContacts permission. This is because if the role for the user has "ViewContent" permission //it will be able to view everything. //With ShowContacts we want to restrict that. if (context.Granted && context.Content.Is <CommunicationContactPart>()) { context.Granted = _authorizer.Authorize(Permissions.ShowContacts); } }
public void Complete(CheckAccessContext context) { //If we granted permissions for the content, we still need to check for the //permission specific for questionnaires. Thisd is because if a Rolw has the "ViewContent" //permission it will be able to view everything even though it does not have the //permission that is specific to questionnaires if (context.Granted && context.Content.Is <QuestionnairePart>()) { context.Granted = _authorizer.Authorize(Permissions.SubmitQuestionnaire); } }
public void Complete(CheckAccessContext context) { if (context.Content != null) { var ci = _dataProtectionCheckerService.CheckDataRestricitons(context.Content.ContentItem, context.Permission); if (ci == null) { context.Granted = false; context.Adjusted = true; } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <CommunicationContactPart>()) { //If we are trying to view a contact, check for the correct permission if (context.Permission.Name == Contents.Permissions.ViewContent.Name) { context.Adjusted = true; context.Permission = Permissions.ShowContacts; //will check this permission next } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <QuestionnairePart>()) { //If we are trying to view a Questionnaire, check for the correct permission if (context.Permission.Name == Contents.Permissions.ViewContent.Name) { context.Adjusted = true; context.Permission = Permissions.SubmitQuestionnaire; //will check this permission next } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <ICommonPart>()) { if (OwnerVariationExists(context.Permission) && HasOwnership(context.User, context.Content)) { context.Adjusted = true; context.Permission = GetOwnerVariation(context.Permission); } } }
public void Adjust(CheckAccessContext context) { if (context.Content.Is <CustomerPart>() || context.Content.Is <CustomerAddressPart>()) { if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.EditOwnCustomerAccount : CustomersPermissions.ManageCustomerAccounts; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.EditOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.EditOwnCustomerAccount : CustomersPermissions.ManageCustomerAccounts; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.EditOwnCustomerAccount : CustomersPermissions.ManageCustomerAccounts; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.ViewOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.ViewOwnCustomerAccount : CustomersPermissions.ViewCustomerAccounts; } } else if (context.Content.Is <CustomerOrderPart>()) { if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = HasOwnership(context.User, context.Content) ? OrdersPermissions.CreateOrders : OrdersPermissions.ManageOrders; } else if (context.Permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.ViewOwnContent.Name) { context.Granted = false; context.Adjusted = true; context.Permission = HasOwnership(context.User, context.Content) ? OrdersPermissions.ViewOwnOrders : OrdersPermissions.ViewOrders; } else if (!context.Granted && context.Permission.Name == OrdersPermissions.ViewOrders.Name && HasOwnership(context.User, context.Content)) { context.Adjusted = true; context.Permission = OrdersPermissions.ViewOwnOrders; } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Permission.Name == Permissions.ManageMenus.Name && context.Content != null) { var menuAsContentItem = context.Content.As <ContentItem>(); if (menuAsContentItem == null || menuAsContentItem.Id <= 0) { return; } context.Adjusted = true; context.Permission = DynamicPermissions.CreateMenuPermission(menuAsContentItem, _contentManager); } }
public void Adjust(CheckAccessContext context) { // If the authorization is already granted, nothing to adjust here if (context.Granted) { return; } // If we are testing the ViewProfiles Permission, we may have to adjust for the Own permission // as long as the content IS the user if (context.Permission == Permissions.ViewProfiles && context.User != null && context.Content != null && context.Content.As <IUser>()?.Id == context.User.Id) { context.Adjusted = true; context.Permission = Permissions.ViewOwnProfile; return; } // If we are testing the ViewContent Permission, check whether the test comes from the path of // the SecureFileField controller, for a field that is hosted in a User if (context.Permission == Orchard.Core.Contents.Permissions.ViewContent) { var routeData = _workContextAccessor.GetContext() .HttpContext.Request.RequestContext.RouteData.Values; if ("CloudConstruct".Equals(routeData["area"].ToString(), StringComparison.OrdinalIgnoreCase) && "SecureFileField".Equals(routeData["controller"].ToString(), StringComparison.OrdinalIgnoreCase) && "GetSecureFile".Equals(routeData["action"].ToString(), StringComparison.OrdinalIgnoreCase) ) { // The check for authorizations has been invoked in a call to the SecureFileField controller var userPart = context.Content.As <IUser>(); if (userPart == null) { // We only adjust permissions when the content is a user return; } // If the user matches the current user, adjust to the Own permission, otherwise adjust to the // generic one if (userPart.Id == context.User.Id) { context.Permission = Permissions.ViewOwnProfile; } else { context.Permission = Permissions.ViewProfiles; } context.Adjusted = true; return; } } // No other case to handle }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <TerritoryPart>()) { var typeDefinition = context.Content.ContentItem.TypeDefinition; //replace permission if there is one specific for the content type if (typeDefinition.Parts.Any(ctpd => ctpd.PartDefinition.Name == TerritoryPart.PartName) && context.Permission == TerritoriesPermissions.ManageTerritories) { context.Adjusted = true; context.Permission = TerritoriesPermissions.GetTerritoryPermission(typeDefinition); } } }
public void Complete(CheckAccessContext context) { /* * context.Permission: the permission we are checking * context.User: The request's current user * context.Content: the content item we are trying to access * context.Granted: set to true if we grant permission; false otherwise * context.Adjusted: set to true if we changed the value of Granted */ if (context.Content.As <WishListListPart>() != null) { var owner = context.Content.As <CommonPart>().Owner; var oldGranted = context.Granted; context.Granted &= owner == context.User; //wish lists are always private context.Adjusted = context.Granted != oldGranted; } }
public void Complete(CheckAccessContext context) { if (context.Content == null) { return; } var part = context.Content.As <ContentMenuItemPart>(); // if the content item has no right attached, check on the container if (part == null) { return; } context.Granted = _authorizationService.TryCheckAccess(context.Permission, context.User, part.Content); context.Adjusted = true; }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <ICommonPart>()) { if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name && context.Content.ContentItem.ContentType == "BlogPost") { context.Adjusted = true; context.Permission = Permissions.PublishBlogPost; } else if (OwnerVariationExists(context.Permission) && HasOwnership(context.User, context.Content)) { context.Adjusted = true; context.Permission = GetOwnerVariation(context.Permission); } } }
public void Adjust(CheckAccessContext context) { var mediaPart = context.Content.As <MediaPart>(); if (mediaPart != null) { if (_authorizer.Authorize(Permissions.ManageMediaContent)) { context.Granted = true; return; } if (_authorizer.Authorize(Permissions.ManageOwnMedia)) { context.Granted = _mediaLibraryService.CanManageMediaFolder(mediaPart.FolderPath); } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Content.Is <ICommonPart>()) { if ((context.Permission.Name == OCore.Contents.Permissions.PublishContent.Name && context.Content.ContentItem.ContentType == "CommunicationAdvertising") || (context.Permission.Name == OCore.Contents.Permissions.PublishOwnContent.Name && context.Content.ContentItem.ContentType == "CommunicationAdvertising")) { context.Adjusted = true; context.Permission = Permissions.ManageCommunicationAdv; } else if (OwnerVariationExists(context.Permission) && HasOwnership(context.User, context.Content)) { context.Adjusted = true; context.Permission = GetOwnerVariation(context.Permission); } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted && context.Permission is EncryptedStringFieldEditPermission) { var fieldPermission = context.Permission as EncryptedStringFieldEditPermission; if (HasOwnership(context.User, context.Content)) { // Own Permission. context.Permission = _secureFieldService.GetOwnPermission(fieldPermission.Part, fieldPermission.Field); context.Adjusted = true; } else { // All Permission. context.Permission = _secureFieldService.GetAllPermission(fieldPermission.Part, fieldPermission.Field);; context.Adjusted = true; } } }
public void Adjust(CheckAccessContext context) { if (!context.Granted) { if (context.Permission is HiddenFieldEditPermission) { // permission edit var fieldPermission = context.Permission as HiddenFieldEditPermission; if (HasOwnership(context.User, context.Content)) { // Own Permission. context.Permission = _hiddenFieldService.GetOwnPermission(fieldPermission.Part, fieldPermission.Field); context.Adjusted = true; } else { // All Permission. context.Permission = _hiddenFieldService.GetAllPermission(fieldPermission.Part, fieldPermission.Field); context.Adjusted = true; } } else if (context.Permission is HiddenFieldSeePermission) { // permission see var fieldPermission = context.Permission as HiddenFieldSeePermission; if (HasOwnership(context.User, context.Content)) { // Own Permission. context.Permission = _hiddenFieldService.GetSeeOwnPermission(fieldPermission.Part, fieldPermission.Field); context.Adjusted = true; } else { // All Permission. context.Permission = _hiddenFieldService.GetSeeAllPermission(fieldPermission.Part, fieldPermission.Field); context.Adjusted = true; } } } }
public bool TryCheckAccess(Permission permission, IUser user, IContent content) { var context = new CheckAccessContext { Permission = permission, User = user }; _authorizationServiceEventHandler.Checking(context); for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { if (!context.Granted && context.User != null) { //if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) && // String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) //{ // context.Granted = true; //} } if (!context.Granted) { // determine which set of permissions would satisfy the access check var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray(); // determine what set of roles should be examined by the access check IEnumerable<string> rolesToExamine; if (context.User == null) { rolesToExamine = AnonymousRole; } //else if (context.User.Has<IUserRoles>()) //{ // // the current user is not null, so get his roles and add "Authenticated" to it // rolesToExamine = context.User.As<IUserRoles>().Roles; // // when it is a simulated anonymous user in the admin // if (!rolesToExamine.Contains(AnonymousRole[0])) // { // rolesToExamine = rolesToExamine.Concat(AuthenticatedRole); // } //} else { // the user is not null and has no specific role, then it's just "Authenticated" rolesToExamine = AuthenticatedRole; } foreach (var role in rolesToExamine) { foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) { string possessedName = permissionName; if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) break; } if (context.Granted) break; } } context.Adjusted = false; _authorizationServiceEventHandler.Adjust(context); if (!context.Adjusted) break; } _authorizationServiceEventHandler.Complete(context); return context.Granted; }
/// <summary> /// 尝试检查访问权限。 /// </summary> /// <param name="permission">需要的许可。</param> /// <param name="user">用户模型。</param> /// <returns>如果可以访问则返回true,否则返回false。</returns> /// <exception cref="ArgumentNullException"><paramref name="permission"/> 为 null。</exception> public bool TryCheckAccess(Permission permission, IUser user) { permission.NotNull("permission"); var context = new CheckAccessContext { Permission = permission, User = user }; foreach (var authorizationServiceEventHandler in _authorizationServiceEventHandlers) authorizationServiceEventHandler.Checking(context); //尝试3次授权检查。 for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { //未通过认证并且当前用户不等于null。 if (!context.Granted && context.User != null) { //如果当前用户是超级用户则通过检查。 if (string.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentTenant.SuperUser, StringComparison.Ordinal)) context.Granted = true; } //未通过认证。 if (!context.Granted) { //确定哪组权限将满足访问检查(当前许可、所有者许可、隐含许可) var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray(); //确定哪些组角色应该由访问检查检查 IEnumerable<string> rolesToExamine; //如果没有用户则标记为匿名角色组。 if (context.User == null) rolesToExamine = AnonymousRole; else if (context.User is IUserRoles) { //当前用户不为空,所以得到他的角色,并添加“已验证” rolesToExamine = (context.User as IUserRoles).Roles; //当它是在管理模拟匿名用户 if (!rolesToExamine.Contains(AnonymousRole[0])) { rolesToExamine = rolesToExamine.Concat(AuthenticatedRole); } } else { //用户不为空,也没有特定的角色,那么它只是“身份验证” rolesToExamine = AuthenticatedRole; } if (rolesToExamine != null) { foreach (var role in rolesToExamine.ToArray()) { foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) { var possessedName = permissionName; if (grantingNames.Any(grantingName => string.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) break; } if (context.Granted) break; } } } context.Adjusted = false; //进行调整。 foreach (var authorizationServiceEventHandler in _authorizationServiceEventHandlers) authorizationServiceEventHandler.Adjust(context); //如果不再需要调整则退出许可检查。 if (!context.Adjusted) break; } //完成授权。 foreach (var authorizationServiceEventHandler in _authorizationServiceEventHandlers) authorizationServiceEventHandler.Complete(context); //是否通过授权检查。 return context.Granted; }