public override async Task <PermissionGrantResult> GetResultAsync(PermissionValueCheckContext context) { var roleIds = context.Principal?.FindAll(RocketClaimTypes.RoleId).Select(c => c.Value).ToArray(); if (roleIds == null || !roleIds.Any()) { return(PermissionGrantResult.Undefined); } var permissionGrantResult = PermissionGrantResult.Undefined; foreach (var roleId in roleIds) { var result = await PermissionStore.GetResultAsync(context.Permission.Name, Name, roleId); if (result == null) { continue; } if (result.ScopeType > permissionGrantResult.ScopeType) { permissionGrantResult = result; } } return(permissionGrantResult); }
public virtual async Task <PermissionGrantResult> GetResultAsync( ClaimsPrincipal claimsPrincipal, string name) { Check.NotNull(name, nameof(name)); var permission = PermissionDefinitionManager.Get(name); if (!permission.IsEnabled) { return(PermissionGrantResult.Prohibited); } var multiTenancySide = claimsPrincipal?.GetMultiTenancySide() ?? CurrentTenant.GetMultiTenancySide(); if (!permission.MultiTenancySide.HasFlag(multiTenancySide)) { return(PermissionGrantResult.Prohibited); } var context = new PermissionValueCheckContext(permission, claimsPrincipal); // 可选权限策略:一、获取最大权限;二、以用户权限为主 // 当前权限策略:用户权限为主(用户权限 > 角色权限 > 客户端权限) // 对权限提供程序排序,用户权限放到第一位 var providers = PermissionValueProviderManager.ValueProviders.OrderByDescending(m => m.Name).ToList(); var permissionGrantResult = PermissionGrantResult.Undefined; foreach (var provider in providers) { if (context.Permission.Providers.Any() && !context.Permission.Providers.Contains(provider.Name)) { continue; } var result = await provider.GetResultAsync(context); // 用户权限为主(用户权限 > 角色权限 > 客户端权限) if (Options.PermissionPolicy == PermissionPolicy.User) { permissionGrantResult = result; break; } else { // 最大权限为主 if (result?.GrantType == PermissionGrantType.Granted && result?.ScopeType > permissionGrantResult.ScopeType) { permissionGrantResult = result; } } } return(permissionGrantResult); }
public override async Task <PermissionGrantResult> GetResultAsync(PermissionValueCheckContext context) { var clientId = context.Principal?.FindFirst(RocketClaimTypes.ClientId)?.Value; if (clientId == null) { return(PermissionGrantResult.Undefined); } return(await PermissionStore.GetResultAsync(context.Permission.Name, Name, clientId)); }
public abstract Task <PermissionGrantResult> GetResultAsync(PermissionValueCheckContext context);