public virtual async Task SeedAsync(
string providerName,
string providerKey,
IEnumerable <string> grantedPermissions,
Guid?tenantId = null)
{
using (CurrentTenant.Change(tenantId))
{
var names = grantedPermissions.ToArray();
var existsPermissionGrants = (await PermissionGrantRepository.GetListAsync(names, providerName, providerKey)).Select(x => x.Name).ToList();
foreach (var permissionName in names.Except(existsPermissionGrants))
{
await PermissionGrantRepository.InsertAsync(
new PermissionGrant(
GuidGenerator.Create(),
permissionName,
providerName,
providerKey,
tenantId
)
);
}
}
}
protected virtual async Task GrantAsync(string permissionName, string providerName, string providerScope, string providerKey)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(permissionName, providerName, providerKey);
if (permissionGrant != null)
{
if (permissionGrant.ProviderScope == providerScope)
{
return;
}
permissionGrant.ProviderScope = providerScope;
await PermissionGrantRepository.UpdateAsync(permissionGrant);
}
await PermissionGrantRepository.InsertAsync(
new PermissionGrant (
GuidGenerator.Create(),
permissionName,
providerName,
providerScope,
providerKey,
CurrentTenant.Id
)
);
}
public virtual async Task SeedAsync(
string providerName,
string providerKey,
Dictionary <string, string> permissions,
Guid?tenantId = null)
{
foreach (var permission in permissions)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(permission.Key, providerName, providerKey);
if (permissionGrant != null)
{
if (permissionGrant.ProviderScope == permission.Value)
{
continue;
}
permissionGrant.ProviderScope = permission.Value;
await PermissionGrantRepository.UpdateAsync(permissionGrant);
}
await PermissionGrantRepository.InsertAsync(
new PermissionGrant (
GuidGenerator.Create(),
permission.Key,
providerName,
permission.Value,
providerKey,
tenantId
)
);
}
}
public virtual async Task UpdateAsync(string providerName, string providerKey, UpdatePermissionsDto input)
{
await CheckProviderPolicy(providerName);
var permissions = await PermissionGrantRepository.GetListAsync(providerName, providerKey);
foreach (var permission in input.Permissions)
{
var editPermission = permissions.FirstOrDefault(p => p.Name.Equals(permission.Name));
if (editPermission == null)
{
if (permission.IsGranted)
{
var permissionGrant = new PermissionGrant(GuidGenerator.Create(),
permission.Name, providerName, providerKey, CurrentTenant.Id);
await PermissionGrantRepository.InsertAsync(permissionGrant);
}
}
else
{
if (!permission.IsGranted)
{
await PermissionGrantRepository.DeleteAsync(editPermission.Id);
}
}
}
}
protected virtual async Task <List <KeyValuePair <string, PermissionGrantCacheItem> > > SetCacheItemsAsync(
string providerName,
string providerKey,
List <string> notCacheKeys)
{
var permissions = PermissionDefinitionManager.GetPermissions().Where(x => notCacheKeys.Any(k => GetPermissionNameFormCacheKeyOrNull(k) == x.Name)).ToList();
Logger.LogDebug($"Getting not cache granted permissions from the repository for this provider name,key: {providerName},{providerKey}");
var grantedPermissionsHashSet = new HashSet <string>(
(await PermissionGrantRepository.GetListAsync(notCacheKeys.Select(GetPermissionNameFormCacheKeyOrNull).ToArray(), providerName, providerKey)).Select(p => p.Name)
);
Logger.LogDebug($"Setting the cache items. Count: {permissions.Count}");
var cacheItems = new List <KeyValuePair <string, PermissionGrantCacheItem> >();
foreach (var permission in permissions)
{
var isGranted = grantedPermissionsHashSet.Contains(permission.Name);
cacheItems.Add(new KeyValuePair <string, PermissionGrantCacheItem>(
CalculateCacheKey(permission.Name, providerName, providerKey),
new PermissionGrantCacheItem(isGranted))
);
}
await Cache.SetManyAsync(cacheItems);
Logger.LogDebug($"Finished setting the cache items. Count: {permissions.Count}");
return(cacheItems);
}
public virtual async Task SeedAsync(
string providerName,
string providerKey,
IEnumerable <string> grantedPermissions,
Guid?tenantId = null)
{
using (CurrentTenant.Change(tenantId))
{
foreach (var permissionName in grantedPermissions)
{
if (await PermissionGrantRepository.FindAsync(permissionName, providerName, providerKey) != null)
{
continue;
}
await PermissionGrantRepository.InsertAsync(
new PermissionGrant(
GuidGenerator.Create(),
permissionName,
providerName,
providerKey,
tenantId
)
);
}
}
}
protected virtual async Task <PermissionGrantCacheItem> GetCacheItemAsync(string name, string providerName, string providerKey)
{
var cacheKey = CalculateCacheKey(name, providerName, providerKey);
Logger.LogDebug($"PermissionStore.GetCacheItemAsync: {cacheKey}");
var cacheItem = await Cache.GetAsync(cacheKey);
if (cacheItem != null)
{
Logger.LogDebug($"Found in the cache: {cacheKey}");
return(cacheItem);
}
Logger.LogDebug($"Not found in the cache, getting from the repository: {cacheKey}");
cacheItem = new PermissionGrantCacheItem(
name,
(await PermissionGrantRepository.FindAsync(name, providerName, providerKey)) != null
);
Logger.LogDebug($"Setting the cache item: {cacheKey}");
await Cache.SetAsync(
cacheKey,
cacheItem
);
Logger.LogDebug($"Finished setting the cache item: {cacheKey}");
return(cacheItem);
}
public override async Task <PermissionValueProviderGrantInfo> CheckAsync(string name, string providerName, string providerKey)
{
if (providerName == Name)
{
return(new PermissionValueProviderGrantInfo(
await PermissionGrantRepository.FindAsync(name, providerName, providerKey) != null,
providerKey
));
}
if (providerName == "User")
{
var userId = Guid.Parse(providerKey);
var roleNames = await _identityUserRepository.GetRoleNamesAsync(userId);
foreach (var roleName in roleNames)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(name, Name, roleName);
if (permissionGrant != null)
{
return(new PermissionValueProviderGrantInfo(true, roleName));
}
}
}
return(PermissionValueProviderGrantInfo.NonGranted);
}
public virtual async Task DeleteAsync(string providerName, string providerKey)
{
var permissionGrants = await PermissionGrantRepository.GetListAsync(providerName, providerKey);
foreach (var permissionGrant in permissionGrants)
{
await PermissionGrantRepository.DeleteAsync(permissionGrant);
}
}
public virtual async Task <PermissionValueProviderGrantInfo> CheckAsync(string name, string providerName, string providerKey)
{
if (providerName != Name)
{
return(PermissionValueProviderGrantInfo.NonGranted);
}
return(new PermissionValueProviderGrantInfo(await PermissionGrantRepository.FindAsync(name, providerName, providerKey) != null, providerKey));
}
/// <summary>
/// 撤销
/// </summary>
/// <param name="name"></param>
/// <param name="providerKey"></param>
/// <returns></returns>
protected virtual async Task RevokeAsync(string name, string providerKey)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(name, Name, providerKey);
if (permissionGrant == null)
{
return;
}
await PermissionGrantRepository.DeleteAsync(permissionGrant);
}
/// <summary>
/// 授权
/// </summary>
/// <param name="name"></param>
/// <param name="providerKey"></param>
/// <returns></returns>
protected virtual async Task GrantAsync(string name, string providerKey)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(name, Name, providerKey);
if (permissionGrant != null)
{
return;
}
await PermissionGrantRepository.InsertAsync(new PermissionGrant(IDUtils.NewId(), name, Name, providerKey, CurrentTenant.Id));
}
public override async Task <PermissionGrantInfo> CheckAsync(string name, string providerName, string providerKey)
{
if (providerName == Name)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(name, providerName, providerKey);
return(new PermissionGrantInfo(
permissionGrant != null,
permissionGrant?.ProviderScope ?? nameof(PermissionScopeType.Prohibited),
providerKey
));
}
var permissionGrantResult = PermissionGrantInfo.NonGranted;
if (providerName == UserPermissionValueProvider.ProviderName)
{
var userId = Guid.Parse(providerKey);
var roles = await UserRoleFinder.GetRolesAsync(userId);
foreach (var role in roles)
{
var result = await PermissionGrantRepository.FindAsync(name, Name, role);
if (result == null)
{
continue;
}
// 以角色的最大权限为主
var permissionGrantScope = PermissionScopeType.Prohibited;
if (Enum.TryParse(permissionGrantResult.ProviderScope, out PermissionScopeType ps))
{
permissionGrantScope = ps;
}
var resultScope = PermissionScopeType.Prohibited;
if (Enum.TryParse(result.ProviderScope, out PermissionScopeType rs))
{
resultScope = rs;
}
if (resultScope > permissionGrantScope)
{
permissionGrantResult = new PermissionGrantInfo(true, result.ProviderScope, role);
}
}
}
return(permissionGrantResult);
}
public virtual async Task <PermissionGrantInfo> CheckAsync(string name, string providerName, string providerKey)
{
if (providerName != Name)
{
return(PermissionGrantInfo.NonGranted);
}
var permissionGrant = await PermissionGrantRepository.FindAsync(name, providerName, providerKey);
return(new PermissionGrantInfo(
permissionGrant != null,
permissionGrant?.ProviderScope ?? nameof(PermissionScopeType.Prohibited),
providerKey
));
}
public virtual async Task <PermissionGrant> UpdateProviderKeyAsync(PermissionGrant permissionGrant, string providerKey)
{
using (CurrentTenant.Change(permissionGrant.TenantId))
{
//Invalidating the cache for the old key
await Cache.RemoveAsync(
PermissionGrantCacheItem.CalculateCacheKey(
permissionGrant.Name,
permissionGrant.ProviderName,
permissionGrant.ProviderKey
)
);
}
permissionGrant.ProviderKey = providerKey;
return(await PermissionGrantRepository.UpdateAsync(permissionGrant));
}
protected virtual async Task GrantAsync(string name, string providerKey)
{
var permissionGrant = await PermissionGrantRepository.FindAsync(name, Name, providerKey).ConfigureAwait(false);
if (permissionGrant != null)
{
return;
}
await PermissionGrantRepository.InsertAsync(
new PermissionGrant(
GuidGenerator.Create(),
name,
Name,
providerKey,
CurrentTenant.Id
)
).ConfigureAwait(false);
}
public virtual async Task <MultiplePermissionValueProviderGrantInfo> CheckAsync(string[] names, string providerName, string providerKey)
{
var multiplePermissionValueProviderGrantInfo = new MultiplePermissionValueProviderGrantInfo(names);
if (providerName != Name)
{
return(multiplePermissionValueProviderGrantInfo);
}
var permissionGrants = await PermissionGrantRepository.GetListAsync(names, providerName, providerKey);
foreach (var permissionName in names)
{
var isGrant = permissionGrants.Any(x => x.Name == permissionName);
multiplePermissionValueProviderGrantInfo.Result[permissionName] = new PermissionValueProviderGrantInfo(isGrant, providerKey);
}
return(multiplePermissionValueProviderGrantInfo);
}
public async Task HandleEventAsync(CreateEventData eventData)
{
using (var unitOfWork = UnitOfWorkManager.Begin())
{
// 订阅租户新增事件,置入管理员角色所有权限
using (CurrentTenant.Change(eventData.Id, eventData.Name))
{
var definitionPermissions = PermissionDefinitionManager.GetPermissions();
var grantPermissions = definitionPermissions
.Where(p => p.MultiTenancySide.HasFlag(MultiTenancySides.Tenant))
.Select(p => p.Name).ToArray();
//var grantPermissions = new List<PermissionGrant>();
//foreach (var permission in definitionPermissions)
//{
// var permissionGrant = new PermissionGrant(GuidGenerator.Create(),
// permission.Name, "R", "admin", eventData.Id);
// grantPermissions.Add(permissionGrant);
//}
// TODO: MySql 批量新增还是一条一条的语句?
// await PermissionGrantRepository.GetDbSet().AddRangeAsync(grantPermissions);
var dbContext = await PermissionGrantRepository.GetDbContextAsync();
var permissionEntityType = dbContext.Model.FindEntityType(typeof(PermissionGrant));
var permissionTableName = permissionEntityType.GetTableName();
var batchInsertPermissionSql = string.Empty;
if (dbContext.Database.IsMySql())
{
batchInsertPermissionSql = BuildMySqlBatchInsertScript(permissionTableName, eventData.Id, grantPermissions);
}
else
{
batchInsertPermissionSql = BuildSqlServerBatchInsertScript(permissionTableName, eventData.Id, grantPermissions);
}
await dbContext.Database.ExecuteSqlRawAsync(batchInsertPermissionSql);
await unitOfWork.SaveChangesAsync();
}
}
}
protected virtual async Task <PermissionGrantCacheItem> GetCacheItemAsync(string name, string providerName, string providerKey)
{
var cacheKey = CalculateCacheKey(name, providerName, providerKey);
var cacheItem = await Cache.GetAsync(cacheKey);
if (cacheItem != null)
{
return(cacheItem);
}
cacheItem = new PermissionGrantCacheItem(
name,
await PermissionGrantRepository.FindAsync(name, providerName, providerKey) != null
);
await Cache.SetAsync(
cacheKey,
cacheItem
);
return(cacheItem);
}
public override async Task <MultiplePermissionValueProviderGrantInfo> CheckAsync(string[] names, string providerName, string providerKey)
{
var multiplePermissionValueProviderGrantInfo = new MultiplePermissionValueProviderGrantInfo(names);
var permissionGrants = new List <PermissionGrant>();
if (providerName == Name)
{
permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, providerName, providerKey));
}
if (providerName == UserPermissionValueProvider.ProviderName)
{
var userId = Guid.Parse(providerKey);
var roleNames = await UserRoleFinder.GetRolesAsync(userId);
foreach (var roleName in roleNames)
{
permissionGrants.AddRange(await PermissionGrantRepository.GetListAsync(names, Name, roleName));
}
}
permissionGrants = permissionGrants.Distinct().ToList();
if (!permissionGrants.Any())
{
return(multiplePermissionValueProviderGrantInfo);
}
foreach (var permissionName in names)
{
var permissionGrant = permissionGrants.FirstOrDefault(x => x.Name == permissionName);
if (permissionGrant != null)
{
multiplePermissionValueProviderGrantInfo.Result[permissionName] = new PermissionValueProviderGrantInfo(true, permissionGrant.ProviderKey);
}
}
return(multiplePermissionValueProviderGrantInfo);
}
protected virtual async Task SetCacheItemsAsync(
string providerName,
string providerKey,
string currentName,
PermissionGrantCacheItem currentCacheItem)
{
var permissions = PermissionDefinitionManager.GetPermissions();
Logger.LogDebug($"Getting all granted permissions from the repository for this provider name,key: {providerName},{providerKey}");
var grantedPermissionsHashSet = new HashSet <string>(
(await PermissionGrantRepository.GetListAsync(providerName, providerKey)).Select(p => p.Name)
);
Logger.LogDebug($"Setting the cache items. Count: {permissions.Count}");
var cacheItems = new List <KeyValuePair <string, PermissionGrantCacheItem> >();
foreach (var permission in permissions)
{
var isGranted = grantedPermissionsHashSet.Contains(permission.Name);
cacheItems.Add(new KeyValuePair <string, PermissionGrantCacheItem>(
CalculateCacheKey(permission.Name, providerName, providerKey),
new PermissionGrantCacheItem(isGranted))
);
if (permission.Name == currentName)
{
currentCacheItem.IsGranted = isGranted;
}
}
await Cache.SetManyAsync(cacheItems);
Logger.LogDebug($"Finished setting the cache items. Count: {permissions.Count}");
}
public async Task SeedAsync(
string providerName,
string providerKey,
IEnumerable <string> grantedPermissions,
Guid?tenantId = null)
{
foreach (var permissionName in grantedPermissions)
{
if (await PermissionGrantRepository.FindAsync(permissionName, providerName, providerKey) != null)
{
continue;
}
await PermissionGrantRepository.InsertAsync(
new PermissionGrant(
GuidGenerator.Create(),
permissionName,
providerName,
providerKey,
tenantId
)
).ConfigureAwait(false);
}
}
public async Task <PermissionGrant> UpdateProviderKeyAsync(PermissionGrant permissionGrant, string providerKey)
{
permissionGrant.ProviderKey = providerKey;
return(await PermissionGrantRepository.UpdateAsync(permissionGrant).ConfigureAwait(false));
}
public virtual async Task <GetPermissionListResultDto> GetAsync(string providerName, string providerKey)
{
var permissionListResult = new GetPermissionListResultDto
{
EntityDisplayName = providerKey,
Groups = new List <PermissionGroupDto>()
};
var multiTenancySide = CurrentTenant.GetMultiTenancySide();
var permissionGroups = PermissionDefinitionManager.GetGroups();
IEnumerable <PermissionGrant> permissions =
await PermissionGrantRepository.GetListAsync(providerName, providerKey);
// 如果是当前用户权限,还需要查询角色权限
if (providerName.Equals("U"))
{
var userId = CurrentUser.GetId().ToString();
if (providerKey.Equals(userId))
{
foreach (var role in CurrentUser.Roles)
{
var rolePermissions = await PermissionGrantRepository
.GetListAsync(RolePermissionValueProvider.ProviderName, role);
permissions = permissions.Union(rolePermissions);
}
}
}
foreach (var permissionGroup in permissionGroups)
{
var groupDto = new PermissionGroupDto
{
Name = permissionGroup.Name,
DisplayName = permissionGroup.DisplayName.Localize(StringLocalizerFactory),
Permissions = new List <PermissionGrantInfoDto>()
};
foreach (var permission in permissionGroup.GetPermissionsWithChildren())
{
if (!permission.IsEnabled)
{
continue;
}
if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
{
continue;
}
if (!permission.MultiTenancySide.HasFlag(multiTenancySide))
{
continue;
}
var grantInfoDto = new PermissionGrantInfoDto
{
Name = permission.Name,
DisplayName = permission.DisplayName.Localize(StringLocalizerFactory),
ParentName = permission.Parent?.Name,
AllowedProviders = permission.Providers,
GrantedProviders = new List <ProviderInfoDto>()
};
var grantedPermissions = permissions.Where(p => p.Name.Equals(permission.Name));
foreach (var grantedPermission in grantedPermissions)
{
grantInfoDto.IsGranted = true;
grantInfoDto.GrantedProviders.Add(new ProviderInfoDto
{
ProviderKey = grantedPermission.ProviderKey,
ProviderName = grantedPermission.ProviderName
});
}
groupDto.Permissions.Add(grantInfoDto);
}
if (groupDto.Permissions.Any())
{
permissionListResult.Groups.Add(groupDto);
}
}
return(permissionListResult);
}
public virtual async Task <PermissionGrant> UpdateProviderKeyAsync(PermissionGrant permissionGrant, string providerKey)
{
permissionGrant.ProviderKey = providerKey;
return(await PermissionGrantRepository.UpdateAsync(permissionGrant));
}
