Nice
3 years ago
14 changed files with 230 additions and 1 deletions
@ -0,0 +1,10 @@ |
|||||
|
using System; |
||||
|
using System.Collections.Generic; |
||||
|
using System.Linq; |
||||
|
using System.Text; |
||||
|
using System.Threading.Tasks; |
||||
|
|
||||
|
namespace Easy.Authorization.Abstractions; |
||||
|
public interface IPermissionDefinitionContext |
||||
|
{ |
||||
|
} |
@ -0,0 +1,15 @@ |
|||||
|
using System; |
||||
|
using System.Collections.Generic; |
||||
|
using System.Linq; |
||||
|
using System.Text; |
||||
|
using System.Threading.Tasks; |
||||
|
|
||||
|
namespace Easy.Authorization.Abstractions; |
||||
|
public interface IPermissionDefinitionProvider |
||||
|
{ |
||||
|
void PreDefine(IPermissionDefinitionContext context); |
||||
|
|
||||
|
void Define(IPermissionDefinitionContext context); |
||||
|
|
||||
|
void PostDefine(IPermissionDefinitionContext context); |
||||
|
} |
@ -0,0 +1,16 @@ |
|||||
|
using System; |
||||
|
using System.Collections.Generic; |
||||
|
using System.Linq; |
||||
|
using System.Text; |
||||
|
using System.Threading.Tasks; |
||||
|
|
||||
|
namespace Easy.Authorization.Abstractions; |
||||
|
interface IPermissionValueProvider |
||||
|
{ |
||||
|
string Name { get; } |
||||
|
|
||||
|
//TODO: Rename to GetResult? (CheckAsync throws exception by naming convention)
|
||||
|
Task<PermissionGrantResult> CheckAsync(PermissionValueCheckContext context); |
||||
|
|
||||
|
Task<MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context); |
||||
|
} |
@ -0,0 +1,17 @@ |
|||||
|
using Easy.DI; |
||||
|
|
||||
|
namespace Easy.Authorization.Abstractions; |
||||
|
public abstract class PermissionDefinitionProvider : IPermissionDefinitionProvider, ITransientDependency |
||||
|
{ |
||||
|
public virtual void PreDefine(IPermissionDefinitionContext context) |
||||
|
{ |
||||
|
|
||||
|
} |
||||
|
|
||||
|
public abstract void Define(IPermissionDefinitionContext context); |
||||
|
|
||||
|
public virtual void PostDefine(IPermissionDefinitionContext context) |
||||
|
{ |
||||
|
|
||||
|
} |
||||
|
} |
@ -0,0 +1,19 @@ |
|||||
|
using Easy.Authorization.Realizations; |
||||
|
using System.Security.Claims; |
||||
|
|
||||
|
namespace Easy.Authorization.Contexts; |
||||
|
|
||||
|
public class PermissionValueCheckContext |
||||
|
{ |
||||
|
public PermissionDefinition Permission { get; } |
||||
|
|
||||
|
public ClaimsPrincipal Principal { get; } |
||||
|
|
||||
|
public PermissionValueCheckContext( |
||||
|
PermissionDefinition permission, |
||||
|
ClaimsPrincipal principal) |
||||
|
{ |
||||
|
Permission = permission; |
||||
|
Principal = principal; |
||||
|
} |
||||
|
} |
@ -0,0 +1,17 @@ |
|||||
|
<Project Sdk="Microsoft.NET.Sdk"> |
||||
|
|
||||
|
<PropertyGroup> |
||||
|
<TargetFramework>net6.0</TargetFramework> |
||||
|
<ImplicitUsings>enable</ImplicitUsings> |
||||
|
<!--<Nullable>enable</Nullable>--> |
||||
|
</PropertyGroup> |
||||
|
|
||||
|
<ItemGroup> |
||||
|
<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="6.0.2" /> |
||||
|
</ItemGroup> |
||||
|
|
||||
|
<ItemGroup> |
||||
|
<ProjectReference Include="..\Easy.DI\Easy.DI.csproj" /> |
||||
|
</ItemGroup> |
||||
|
|
||||
|
</Project> |
@ -0,0 +1,22 @@ |
|||||
|
using System; |
||||
|
using System.Collections.Generic; |
||||
|
using System.Linq; |
||||
|
using System.Text; |
||||
|
using System.Threading.Tasks; |
||||
|
|
||||
|
namespace Easy.Authorization.Enums; |
||||
|
public enum PermissionGrantResult |
||||
|
{ |
||||
|
/// <summary>
|
||||
|
/// 代表当前无法确定是否授予或禁止权限, 返回UnDefined由其他权限值提供程序检查权限.
|
||||
|
/// </summary>
|
||||
|
Undefined, |
||||
|
/// <summary>
|
||||
|
/// 授予用户权限,如果没有其他的授权值提供程序返回 Prohibited, 那么最后会返回 Granted.
|
||||
|
/// </summary>
|
||||
|
Granted, |
||||
|
/// <summary>
|
||||
|
/// 禁止授权用户,任何一个授权值提供程序返回了 Prohibited, 那么其他的提供程序返回的值都不再重要.
|
||||
|
/// </summary>
|
||||
|
Prohibited |
||||
|
} |
@ -0,0 +1,30 @@ |
|||||
|
using Easy.Authorization.Contexts; |
||||
|
using Easy.Authorization.Enums; |
||||
|
using System.Security.Claims; |
||||
|
|
||||
|
namespace Easy.Authorization.PermissionValueProviders; |
||||
|
public class RolePermissionValueProvider |
||||
|
{ |
||||
|
public const string ProviderName = "R"; |
||||
|
|
||||
|
|
||||
|
public override async Task<PermissionGrantResult> CheckAsync(PermissionValueCheckContext context) |
||||
|
{ |
||||
|
var roles = context.Principal?.FindAll(ClaimTypes.Role).Select(c => c.Value).ToArray(); |
||||
|
|
||||
|
if (roles == null || !roles.Any()) |
||||
|
{ |
||||
|
return PermissionGrantResult.Undefined; |
||||
|
} |
||||
|
|
||||
|
foreach (var role in roles.Distinct()) |
||||
|
{ |
||||
|
if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, role)) |
||||
|
{ |
||||
|
return PermissionGrantResult.Granted; |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
return PermissionGrantResult.Undefined; |
||||
|
} |
||||
|
} |
@ -0,0 +1,27 @@ |
|||||
|
using Microsoft.AspNetCore.Authorization; |
||||
|
using Microsoft.Extensions.Options; |
||||
|
|
||||
|
namespace Easy.Authorization.Realizations; |
||||
|
public class CustomAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider |
||||
|
{ |
||||
|
public CustomAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) : base(options) |
||||
|
{ |
||||
|
} |
||||
|
|
||||
|
public override async Task<AuthorizationPolicy> GetPolicyAsync(string policyName) |
||||
|
{ |
||||
|
var policy = await base.GetPolicyAsync(policyName); |
||||
|
if (policy != null) |
||||
|
{ |
||||
|
return policy; |
||||
|
} |
||||
|
|
||||
|
//TODO: Optimize & Cache!
|
||||
|
var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty<string>()); |
||||
|
policyBuilder.Requirements.Add(new PermissionRequirement(policyName)); |
||||
|
return policyBuilder.Build(); |
||||
|
|
||||
|
//return null;
|
||||
|
} |
||||
|
|
||||
|
} |
@ -0,0 +1,4 @@ |
|||||
|
namespace Easy.Authorization.Realizations; |
||||
|
public class PermissionDefinition |
||||
|
{ |
||||
|
} |
@ -0,0 +1,29 @@ |
|||||
|
using Easy.Authorization.Abstractions; |
||||
|
using System; |
||||
|
using System.Collections.Generic; |
||||
|
using System.Linq; |
||||
|
using System.Text; |
||||
|
using System.Threading.Tasks; |
||||
|
|
||||
|
namespace Easy.Authorization.Realizations; |
||||
|
public class PermissionDefinitionContext : IPermissionDefinitionContext |
||||
|
{ |
||||
|
|
||||
|
} |
||||
|
public class PermissionGroupDefinition |
||||
|
{ |
||||
|
public Dictionary<string, PermissionDefinition> Groups { get; } |
||||
|
|
||||
|
} |
||||
|
|
||||
|
public class PermissionDefinition |
||||
|
{ |
||||
|
/// <summary>
|
||||
|
/// 权限名称
|
||||
|
/// </summary>
|
||||
|
public string Name { get; set; } |
||||
|
/// <summary>
|
||||
|
/// 显示名称
|
||||
|
/// </summary>
|
||||
|
public string DisplayName { get; set; } |
||||
|
} |
@ -0,0 +1,17 @@ |
|||||
|
using Microsoft.AspNetCore.Authorization; |
||||
|
|
||||
|
namespace Easy.Authorization.Realizations; |
||||
|
public class PermissionRequirement : IAuthorizationRequirement |
||||
|
{ |
||||
|
public string PermissionName { get; } |
||||
|
|
||||
|
public PermissionRequirement(string permissionName) |
||||
|
{ |
||||
|
PermissionName = permissionName; |
||||
|
} |
||||
|
|
||||
|
public override string ToString() |
||||
|
{ |
||||
|
return $"PermissionRequirement: {PermissionName}"; |
||||
|
} |
||||
|
} |
Loading…
Reference in new issue