protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
if (filterContext.HttpContext.User.Identity.IsAuthenticated) //用户验证了,那么是权限不够
{
filterContext.Result = PermissionClientService.GetUnauthorizedResult();
}
}
internal bool PermissionAllow(string permissionNo, string permissionAll, bool throwOnFailed)
{
var allowed = PermissionClientService.Authorize(permissionNo, includeStack: false);
if (!allowed) //不是自己拥有的权限,需要进一步判断是否可以操作
{
allowed = PermissionClientService.Authorize(permissionAll, includeStack: false, throwOnFailed: throwOnFailed);
}
return(allowed);
}
internal bool RoleAllow(string permissionAll, string roleNo)
{
if (!PermissionClientService.Authorize(permissionAll, includeStack: false)) //没有对所有角色操作的权限,则需要限制为当前用户可管理的角色
//判断是否是当前用户可管理的角色
{
var roles = PermissionClientService.GetUserPermissions("Admin.PermissionUserManageRole");
return(roles.Any(x => x.PermissionValue.StringEquals(roleNo)));
}
return(true);
}
public ActionResult Index(string url, string title)
{
var list = PermissionClientService.GetViewablePermissionResources("Admin");
this.ViewBag.Permissions = JsonConvert.SerializeObject(list);
this.ViewBag.DefaultUrl = ControllerExtensions.GetReturnUrl(url, false);
this.ViewBag.DefaultTitle = title;
this.ViewBag.DisplayName = (this.User.Identity as PassportIdentity).DisplayName;
return(this.View());
}
protected string GetUserCompany(string userName)
{
string company = null;
var permissions = PermissionClientService.GetUserPermissions("Company.UserCompany", userName);
if (permissions != null && permissions.Length > 0)
{
company = permissions[0].PermissionValue;
}
if (string.IsNullOrEmpty(company))
{
throw new AuthorizationException();
}
return(company);
}
public ActionResult Index()
{
//...
if (PermissionClientService.Authorize("GetUsers"))
{
}
var permissions = PermissionClientService.GetUserPermissions("Company.UserCompany");
if (permissions != null && permissions.Length > 0)
{
var campanyId = permissions[0].PermissionValue;
}
return(View());
}
public ActionResult RelationCreate(PermissionRelation model)
{
var allowed = true;
var permission = PermissionClientService.GetUserPermissions(model.PermissionNo).FirstOrDefault();
if (permission == null || !permission.Grantable) //当前用户没有此权限或不可转授,需要进一步判断
{
allowed = PermissionClientService.Authorize("Admin.PermissionRelationCreateAll", includeStack: false);
}
if (allowed)
{
//判断用户是否可对用户授权或对角色授权
allowed = PermissionClientService.Authorize(model.TargetObject == 1 ? "Admin.PermissionRelationCreateForUser" : "Admin.PermissionRelationCreateForRole", includeStack: false);
}
this.ViewBag.Result = allowed ? this.PermissionServer.AddPermissionRelation(model) : AOPResult.Failed("Access Denied");
return(this.RelationCreateInternal(model));
}
public ActionResult UserRoleDelete(int id)
{
IAOPResult result = null;
if (!PermissionClientService.Authorize("Admin.PermissionUserRoleDeleteAll", includeStack: false)) //没有对所有角色操作的权限,则需要限制为当前用户拥有的角色
{
var userRoles = this.PermissionServer.GetUserGroupRoles();
var roleNo = userRoles.Where(x => x.ID == id).Select(x => x.TargetValue).SingleOrDefault();
//判断是否是当前用户可管理的角色
var roles = PermissionClientService.GetUserPermissions("Admin.PermissionUserManageRole");
var exists = roles.Any(x => x.PermissionValue.StringEquals(roleNo));
if (!exists)
{
result = AOPResult.Failed("Access Denied");
}
}
if (result == null)
{
result = this.PermissionServer.DeleteUserRole(id);
}
return(this.Json(new { result.ResultNo, result.ResultDescription }));
}
