public virtual async Task <MultiplePermissionGrantResult> IsGrantedAsync(string[] names, string providerName, string providerKey)
{
Check.NotNullOrEmpty(names, nameof(names));
var result = new MultiplePermissionGrantResult();
if (names.Length == 1)
{
var name = names.First();
result.Result.Add(name,
await IsGrantedAsync(names.First(), providerName, providerKey)
? PermissionGrantResult.Granted
: PermissionGrantResult.Undefined);
return(result);
}
var cacheItems = await GetCacheItemsAsync(names, providerName, providerKey);
foreach (var item in cacheItems)
{
result.Result.Add(GetPermissionNameFormCacheKeyOrNull(item.Key),
item.Value != null && item.Value.IsGranted
? PermissionGrantResult.Granted
: PermissionGrantResult.Undefined);
}
return(result);
}
private async Task <PermissionConfiguration> GetPermissionConfigurationAsync()
{
PermissionConfiguration permissionConfiguration = new();
IEnumerable <string> policyNames = _permissionDefinitionManager.GetPermissions().Select(p => p.Name);
PropertyInfo?policyMapProperty = typeof(AuthorizationOptions).GetProperty("PolicyMap", BindingFlags.Instance | BindingFlags.NonPublic);
if (policyMapProperty is not null)
{
object?policyMapPropertyValue = policyMapProperty.GetValue(_authorizationOptions);
if (policyMapPropertyValue is not null)
{
policyNames = policyNames.Union(((IDictionary <string, AuthorizationPolicy>)policyMapPropertyValue).Keys.ToList());
}
}
List <string> permissionPolicyNames = new();
List <string> otherPolicyNames = new();
foreach (var policyName in policyNames)
{
if (_permissionDefinitionManager.GetOrNull(policyName) is not null)
{
permissionPolicyNames.Add(policyName);
}
else
{
otherPolicyNames.Add(policyName);
}
}
foreach (var policyName in otherPolicyNames)
{
permissionConfiguration.Policies[policyName] = true;
if (_httpContextAccessor is not null && _httpContextAccessor.HttpContext is not null)
{
if ((await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext.User, policyName)).Succeeded)
{
permissionConfiguration.GrantedPolicies[policyName] = true;
}
}
}
MultiplePermissionGrantResult result = await _permissionChecker.IsGrantedAsync(permissionPolicyNames.ToArray());
foreach (var(key, value) in result.Result)
{
permissionConfiguration.Policies[key] = true;
if (value == PermissionGrantResult.Granted)
{
permissionConfiguration.GrantedPolicies[key] = true;
}
}
return(permissionConfiguration);
}
public Task <MultiplePermissionGrantResult> IsGrantedAsync(string[] names, string providerName, string providerKey)
{
var result = new MultiplePermissionGrantResult();
foreach (var name in names)
{
result.Result.Add(name, name == "MyPermission3" || name == "MyPermission5"
? PermissionGrantResult.Granted
: PermissionGrantResult.Prohibited);
}
return(Task.FromResult(result));
}
public Task <MultiplePermissionGrantResult> IsGrantedAsync(string[] names, string providerName, string providerKey)
{
var result = new MultiplePermissionGrantResult();
foreach (var name in names)
{
result.Result.Add(name, (name.Contains("MyComponent1") || name.Contains("MyComponent3"))
? PermissionGrantResult.Granted
: PermissionGrantResult.Prohibited);
}
return(Task.FromResult(result));
}
public Task <MultiplePermissionGrantResult> IsGrantedAsync(string[] names, string providerName, string providerKey)
{
var result = new MultiplePermissionGrantResult();
foreach (var name in names)
{
result.Result.Add(name, (name.Contains("Administration") || name.Contains("Dashboard")) && !name.Contains("SubMenu1")
? PermissionGrantResult.Granted
: PermissionGrantResult.Prohibited);
}
return(Task.FromResult(result));
}
public async Task <MultiplePermissionGrantResult> IsGrantedAsync(string[] names)
{
var result = new MultiplePermissionGrantResult();
var configuration = await ConfigurationClient.GetAsync();
foreach (var name in names)
{
result.Result.Add(name, configuration.Auth.GrantedPolicies.ContainsKey(name) ?
PermissionGrantResult.Granted :
PermissionGrantResult.Undefined);
}
return(result);
}
public Task <MultiplePermissionGrantResult> IsGrantedAsync(string[] names, string providerName, string providerKey)
{
var result = new MultiplePermissionGrantResult();
foreach (var name in names)
{
result.Result.Add(name, name == "TestPermission1" &&
providerName == UserPermissionValueProvider.ProviderName &&
providerKey == AuthTestController.FakeUserId.ToString()
? PermissionGrantResult.Granted
: PermissionGrantResult.Prohibited);
}
return(Task.FromResult(result));
}
public override Task <MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context)
{
var permissions = FileStoringManagementPermissions.GetAll();
var result = new MultiplePermissionGrantResult();
foreach (var permissionDefinition in context.Permissions)
{
if (permissions.Contains(permissionDefinition.Name))
{
result.Result.Add(permissionDefinition.Name, PermissionGrantResult.Granted);
}
else
{
result.Result.Add(permissionDefinition.Name, PermissionGrantResult.Prohibited);
}
}
return(Task.FromResult(result));
}
public override async Task <MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context)
{
var permissionNames = context.Permissions.Select(x => x.Name).Distinct().ToList();
Check.NotNullOrEmpty(permissionNames, nameof(permissionNames));
var result = new MultiplePermissionGrantResult(permissionNames.ToArray());
var roles = context.Principal?.FindAll(AbpClaimTypes.Role).Select(c => c.Value).ToArray();
if (roles == null || !roles.Any())
{
return(result);
}
foreach (var role in roles.Distinct())
{
var multipleResult = await PermissionStore.IsGrantedAsync(permissionNames.ToArray(), Name, role);
foreach (var grantResult in multipleResult.Result.Where(grantResult =>
result.Result.ContainsKey(grantResult.Key) &&
result.Result[grantResult.Key] == PermissionGrantResult.Undefined &&
grantResult.Value != PermissionGrantResult.Undefined))
{
result.Result[grantResult.Key] = grantResult.Value;
permissionNames.RemoveAll(x => x == grantResult.Key);
}
if (result.AllGranted || result.AllProhibited)
{
break;
}
if (permissionNames.IsNullOrEmpty())
{
break;
}
}
return(result);
}
public async Task <MultiplePermissionGrantResult> IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string[] names)
{
Check.NotNull(names, nameof(names));
var multiTenancySide = claimsPrincipal?.GetMultiTenancySide() ?? CurrentTenant.GetMultiTenancySide();
var result = new MultiplePermissionGrantResult();
if (!names.Any())
{
return(result);
}
var permissionDefinitions = new List <PermissionDefinition>();
foreach (var name in names)
{
var permission = PermissionDefinitionManager.Get(name);
result.Result.Add(name, PermissionGrantResult.Undefined);
if (permission.IsEnabled &&
await StateCheckerManager.IsEnabledAsync(permission) &&
permission.MultiTenancySide.HasFlag(multiTenancySide))
{
permissionDefinitions.Add(permission);
}
}
foreach (var provider in PermissionValueProviderManager.ValueProviders)
{
var permissions = permissionDefinitions
.Where(x => !x.Providers.Any() || x.Providers.Contains(provider.Name))
.ToList();
if (permissions.IsNullOrEmpty())
{
break;
}
var context = new PermissionValuesCheckContext(
permissions,
claimsPrincipal);
var multipleResult = await provider.CheckAsync(context);
foreach (var grantResult in multipleResult.Result.Where(grantResult =>
result.Result.ContainsKey(grantResult.Key) &&
result.Result[grantResult.Key] == PermissionGrantResult.Undefined &&
grantResult.Value != PermissionGrantResult.Undefined))
{
result.Result[grantResult.Key] = grantResult.Value;
permissionDefinitions.RemoveAll(x => x.Name == grantResult.Key);
}
if (result.AllGranted || result.AllProhibited)
{
break;
}
}
return(result);
}
