/// <summary> /// When implemented in a derived class, checks authorization for the subject in the specified context to perform the specified action on the specified resource. /// </summary> /// <param name="context">The authorization context that contains the subject, resource, and action for which authorization is to be checked.</param> /// <returns> /// true if the subject is authorized to perform the specified action on the specified resource; otherwise, false. /// </returns> public override bool CheckAccess(AuthorizationContext context) { bool result = false; // 如果沒有Resource和Operation的情況下,表示可以看 if (context.Resource.Count == 0 && context.Action.Count == 0) { return(true); } if (context.Principal.Identity.IsAuthenticated) { string resourceStr = context.Resource.First().Value; string operationStr = context.Action.First().Value; ResourceOperationEnum operation = (ResourceOperationEnum) Enum.Parse(typeof(ResourceOperationEnum), operationStr); ResourceOperation resourceOperation = new ResourceOperation() { ResourceName = resourceStr, Operation = operation }; var rolesName = context.Principal.FindAll(x => x.Type == ClaimTypes.Role) .Select(x => x.Value).ToArray(); result = CheckAccess(context, resourceOperation, rolesName); } return(result); }
/// <summary> /// 實例化一個 <see cref="ResourceOperation" /> 物件. /// </summary> /// <param name="resourceName">Resource名稱</param> /// <param name="resourceOperation">Resource可以做的動作</param> /// <param name="areaName">對應的Area名稱</param> /// <param name="controllerName">對應的Controller名稱</param> /// <param name="actionName">對應的Action名稱</param> /// <param name="displayName">Resource顯示的名稱</param> /// <param name="displayNameWithParent">Resource顯示的名稱 - 包括parent的部分</param> public ResourceOperation(string resourceName, ResourceOperationEnum resourceOperation, string areaName, string controllerName, string actionName, string displayName, string displayNameWithParent) { ResourceName = resourceName; Operation = resourceOperation; AreaName = areaName; ControllerName = controllerName; ActionName = actionName; DisplayName = displayName; DisplayNameWithParent = displayNameWithParent; }