public async Task SetAsync(string permissionName, string providerName, string providerKey, bool isGranted)
{
var permission = PermissionDefinitionManager.Get(permissionName);
if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
{
//TODO: BusinessException
throw new ApplicationException($"The permission named '{permission.Name}' has not compatible with the provider named '{providerName}'");
}
if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
{
//TODO: BusinessException
throw new ApplicationException($"The permission named '{permission.Name}' has multitenancy side '{permission.MultiTenancySide}' which is not compatible with the current multitenancy side '{CurrentTenant.GetMultiTenancySide()}'");
}
var currentGrantInfo = await GetInternalAsync(permission, providerName, providerKey);
if (currentGrantInfo.IsGranted == isGranted)
{
return;
}
var provider = ManagementProviders.FirstOrDefault(m => m.Name == providerName);
if (provider == null)
{
//TODO: BusinessException
throw new AbpException("Unknown permission management provider: " + providerName);
}
await provider.SetAsync(permissionName, providerKey, isGranted);
}
public virtual async Task SetAsync(string permissionName, string providerName, string providerScope, string providerKey)
{
var permission = PermissionDefinitionManager.Get(permissionName);
if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
{
throw new RocketException($"The permission named '{permission.Name}' has not compatible with the provider named '{providerName}'");
}
if (!permission.MultiTenancySide.HasFlag(CurrentTenant.GetMultiTenancySide()))
{
throw new RocketException($"The permission named '{permission.Name}' has multitenancy side '{permission.MultiTenancySide}' which is not compatible with the current multitenancy side '{CurrentTenant.GetMultiTenancySide()}'");
}
var currentGrantInfo = await GetInternalAsync(permission, providerName, providerKey);
if (currentGrantInfo.Scope == providerScope)
{
return;
}
var provider = Providers.FirstOrDefault(m => m.Name == providerName);
if (provider == null)
{
throw new RocketException("Unknown permission management provider: " + providerName);
}
await provider.SetAsync(permissionName, providerKey, providerScope);
}
public async Task Global_PermissionState_Test()
{
var myPermission2 = PermissionDefinitionManager.Get("MyPermission2");
(await PermissionStateManager.IsEnabledAsync(myPermission2)).ShouldBeFalse();
using (CurrentPrincipalAccessor.Change(new Claim(AbpClaimTypes.Role, "admin")))
{
(await PermissionStateManager.IsEnabledAsync(myPermission2)).ShouldBeTrue();
}
}
public async Task PermissionState_Test()
{
var myPermission1 = PermissionDefinitionManager.Get("MyPermission1");
myPermission1.StateProviders.ShouldContain(x => x.GetType() == typeof(TestRequireEditionPermissionStateProvider));
(await PermissionStateManager.IsEnabledAsync(myPermission1)).ShouldBeFalse();
using (CurrentPrincipalAccessor.Change(new Claim(AbpClaimTypes.EditionId, Guid.NewGuid().ToString())))
{
(await PermissionStateManager.IsEnabledAsync(myPermission1)).ShouldBeTrue();
}
}
public virtual async Task <bool> IsGrantedAsync(
ClaimsPrincipal claimsPrincipal,
string name)
{
Check.NotNull(name, nameof(name));
var permission = PermissionDefinitionManager.Get(name);
if (!permission.IsEnabled)
{
return(false);
}
if (!await StateCheckerManager.IsEnabledAsync(permission))
{
return(false);
}
var multiTenancySide = claimsPrincipal?.GetMultiTenancySide()
?? CurrentTenant.GetMultiTenancySide();
if (!permission.MultiTenancySide.HasFlag(multiTenancySide))
{
return(false);
}
var isGranted = false;
var context = new PermissionValueCheckContext(permission, claimsPrincipal);
foreach (var provider in PermissionValueProviderManager.ValueProviders)
{
if (context.Permission.Providers.Any() &&
!context.Permission.Providers.Contains(provider.Name))
{
continue;
}
var result = await provider.CheckAsync(context);
if (result == PermissionGrantResult.Granted)
{
isGranted = true;
}
else if (result == PermissionGrantResult.Prohibited)
{
return(false);
}
}
return(isGranted);
}
/// <summary>
/// 检查权限
/// </summary>
/// <param name="claimsPrincipal"></param>
/// <param name="name"></param>
/// <returns></returns>
public virtual async Task <PermissionGrantInfo> IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string name)
{
if (name is null)
{
throw new ArgumentNullException(nameof(name));
}
var context = new PermissionValueCheckContext(PermissionDefinitionManager.Get(name), claimsPrincipal);
foreach (var provider in ValueProviders)
{
if (context.Permission.Providers.Any() && !context.Permission.Providers.Contains(provider.Name))
{
continue;
}
var result = await provider.CheckAsync(context);
//if (result == PermissionGrantResult.Granted)
// return new PermissionGrantInfo(context.Permission.Name, true, provider.Name, result.ProviderKey);
}
return(new PermissionGrantInfo(context.Permission.Name, false));
}
public virtual async Task <PermissionWithGrantedProviders> GetAsync(string permissionName, string providerName, string providerKey)
{
return(await GetInternalAsync(PermissionDefinitionManager.Get(permissionName), providerName, providerKey));
}
public virtual async Task <MultiplePermissionWithGrantedProviders> GetAsync(string[] permissionNames, string providerName, string providerKey)
{
var permissionDefinitions = permissionNames.Select(x => PermissionDefinitionManager.Get(x)).ToArray();
return(await GetInternalAsync(permissionDefinitions, providerName, providerKey));
}
public async Task <PermissionWithGrantedProviders> GetAsync(string permissionName, string providerName, string providerKey)
{
return(await GetInternalAsync(PermissionDefinitionManager.Get(permissionName), providerName, providerKey).ConfigureAwait(false));
}
public async Task <MultiplePermissionGrantResult> IsGrantedAsync(ClaimsPrincipal claimsPrincipal, string[] names)
{
Check.NotNull(names, nameof(names));
var multiTenancySide = claimsPrincipal?.GetMultiTenancySide() ?? CurrentTenant.GetMultiTenancySide();
var result = new MultiplePermissionGrantResult();
if (!names.Any())
{
return(result);
}
var permissionDefinitions = new List <PermissionDefinition>();
foreach (var name in names)
{
var permission = PermissionDefinitionManager.Get(name);
result.Result.Add(name, PermissionGrantResult.Undefined);
if (permission.IsEnabled &&
await StateCheckerManager.IsEnabledAsync(permission) &&
permission.MultiTenancySide.HasFlag(multiTenancySide))
{
permissionDefinitions.Add(permission);
}
}
foreach (var provider in PermissionValueProviderManager.ValueProviders)
{
var permissions = permissionDefinitions
.Where(x => !x.Providers.Any() || x.Providers.Contains(provider.Name))
.ToList();
if (permissions.IsNullOrEmpty())
{
break;
}
var context = new PermissionValuesCheckContext(
permissions,
claimsPrincipal);
var multipleResult = await provider.CheckAsync(context);
foreach (var grantResult in multipleResult.Result.Where(grantResult =>
result.Result.ContainsKey(grantResult.Key) &&
result.Result[grantResult.Key] == PermissionGrantResult.Undefined &&
grantResult.Value != PermissionGrantResult.Undefined))
{
result.Result[grantResult.Key] = grantResult.Value;
permissionDefinitions.RemoveAll(x => x.Name == grantResult.Key);
}
if (result.AllGranted || result.AllProhibited)
{
break;
}
}
return(result);
}