Nice
3 years ago
14 changed files with 230 additions and 1 deletions
@ -0,0 +1,10 @@ |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Linq; |
|||
using System.Text; |
|||
using System.Threading.Tasks; |
|||
|
|||
namespace Easy.Authorization.Abstractions; |
|||
public interface IPermissionDefinitionContext |
|||
{ |
|||
} |
@ -0,0 +1,15 @@ |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Linq; |
|||
using System.Text; |
|||
using System.Threading.Tasks; |
|||
|
|||
namespace Easy.Authorization.Abstractions; |
|||
public interface IPermissionDefinitionProvider |
|||
{ |
|||
void PreDefine(IPermissionDefinitionContext context); |
|||
|
|||
void Define(IPermissionDefinitionContext context); |
|||
|
|||
void PostDefine(IPermissionDefinitionContext context); |
|||
} |
@ -0,0 +1,16 @@ |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Linq; |
|||
using System.Text; |
|||
using System.Threading.Tasks; |
|||
|
|||
namespace Easy.Authorization.Abstractions; |
|||
interface IPermissionValueProvider |
|||
{ |
|||
string Name { get; } |
|||
|
|||
//TODO: Rename to GetResult? (CheckAsync throws exception by naming convention)
|
|||
Task<PermissionGrantResult> CheckAsync(PermissionValueCheckContext context); |
|||
|
|||
Task<MultiplePermissionGrantResult> CheckAsync(PermissionValuesCheckContext context); |
|||
} |
@ -0,0 +1,17 @@ |
|||
using Easy.DI; |
|||
|
|||
namespace Easy.Authorization.Abstractions; |
|||
public abstract class PermissionDefinitionProvider : IPermissionDefinitionProvider, ITransientDependency |
|||
{ |
|||
public virtual void PreDefine(IPermissionDefinitionContext context) |
|||
{ |
|||
|
|||
} |
|||
|
|||
public abstract void Define(IPermissionDefinitionContext context); |
|||
|
|||
public virtual void PostDefine(IPermissionDefinitionContext context) |
|||
{ |
|||
|
|||
} |
|||
} |
@ -0,0 +1,19 @@ |
|||
using Easy.Authorization.Realizations; |
|||
using System.Security.Claims; |
|||
|
|||
namespace Easy.Authorization.Contexts; |
|||
|
|||
public class PermissionValueCheckContext |
|||
{ |
|||
public PermissionDefinition Permission { get; } |
|||
|
|||
public ClaimsPrincipal Principal { get; } |
|||
|
|||
public PermissionValueCheckContext( |
|||
PermissionDefinition permission, |
|||
ClaimsPrincipal principal) |
|||
{ |
|||
Permission = permission; |
|||
Principal = principal; |
|||
} |
|||
} |
@ -0,0 +1,17 @@ |
|||
<Project Sdk="Microsoft.NET.Sdk"> |
|||
|
|||
<PropertyGroup> |
|||
<TargetFramework>net6.0</TargetFramework> |
|||
<ImplicitUsings>enable</ImplicitUsings> |
|||
<!--<Nullable>enable</Nullable>--> |
|||
</PropertyGroup> |
|||
|
|||
<ItemGroup> |
|||
<PackageReference Include="Microsoft.AspNetCore.Authorization" Version="6.0.2" /> |
|||
</ItemGroup> |
|||
|
|||
<ItemGroup> |
|||
<ProjectReference Include="..\Easy.DI\Easy.DI.csproj" /> |
|||
</ItemGroup> |
|||
|
|||
</Project> |
@ -0,0 +1,22 @@ |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Linq; |
|||
using System.Text; |
|||
using System.Threading.Tasks; |
|||
|
|||
namespace Easy.Authorization.Enums; |
|||
public enum PermissionGrantResult |
|||
{ |
|||
/// <summary>
|
|||
/// 代表当前无法确定是否授予或禁止权限, 返回UnDefined由其他权限值提供程序检查权限.
|
|||
/// </summary>
|
|||
Undefined, |
|||
/// <summary>
|
|||
/// 授予用户权限,如果没有其他的授权值提供程序返回 Prohibited, 那么最后会返回 Granted.
|
|||
/// </summary>
|
|||
Granted, |
|||
/// <summary>
|
|||
/// 禁止授权用户,任何一个授权值提供程序返回了 Prohibited, 那么其他的提供程序返回的值都不再重要.
|
|||
/// </summary>
|
|||
Prohibited |
|||
} |
@ -0,0 +1,30 @@ |
|||
using Easy.Authorization.Contexts; |
|||
using Easy.Authorization.Enums; |
|||
using System.Security.Claims; |
|||
|
|||
namespace Easy.Authorization.PermissionValueProviders; |
|||
public class RolePermissionValueProvider |
|||
{ |
|||
public const string ProviderName = "R"; |
|||
|
|||
|
|||
public override async Task<PermissionGrantResult> CheckAsync(PermissionValueCheckContext context) |
|||
{ |
|||
var roles = context.Principal?.FindAll(ClaimTypes.Role).Select(c => c.Value).ToArray(); |
|||
|
|||
if (roles == null || !roles.Any()) |
|||
{ |
|||
return PermissionGrantResult.Undefined; |
|||
} |
|||
|
|||
foreach (var role in roles.Distinct()) |
|||
{ |
|||
if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, role)) |
|||
{ |
|||
return PermissionGrantResult.Granted; |
|||
} |
|||
} |
|||
|
|||
return PermissionGrantResult.Undefined; |
|||
} |
|||
} |
@ -0,0 +1,27 @@ |
|||
using Microsoft.AspNetCore.Authorization; |
|||
using Microsoft.Extensions.Options; |
|||
|
|||
namespace Easy.Authorization.Realizations; |
|||
public class CustomAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider |
|||
{ |
|||
public CustomAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) : base(options) |
|||
{ |
|||
} |
|||
|
|||
public override async Task<AuthorizationPolicy> GetPolicyAsync(string policyName) |
|||
{ |
|||
var policy = await base.GetPolicyAsync(policyName); |
|||
if (policy != null) |
|||
{ |
|||
return policy; |
|||
} |
|||
|
|||
//TODO: Optimize & Cache!
|
|||
var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty<string>()); |
|||
policyBuilder.Requirements.Add(new PermissionRequirement(policyName)); |
|||
return policyBuilder.Build(); |
|||
|
|||
//return null;
|
|||
} |
|||
|
|||
} |
@ -0,0 +1,4 @@ |
|||
namespace Easy.Authorization.Realizations; |
|||
public class PermissionDefinition |
|||
{ |
|||
} |
@ -0,0 +1,29 @@ |
|||
using Easy.Authorization.Abstractions; |
|||
using System; |
|||
using System.Collections.Generic; |
|||
using System.Linq; |
|||
using System.Text; |
|||
using System.Threading.Tasks; |
|||
|
|||
namespace Easy.Authorization.Realizations; |
|||
public class PermissionDefinitionContext : IPermissionDefinitionContext |
|||
{ |
|||
|
|||
} |
|||
public class PermissionGroupDefinition |
|||
{ |
|||
public Dictionary<string, PermissionDefinition> Groups { get; } |
|||
|
|||
} |
|||
|
|||
public class PermissionDefinition |
|||
{ |
|||
/// <summary>
|
|||
/// 权限名称
|
|||
/// </summary>
|
|||
public string Name { get; set; } |
|||
/// <summary>
|
|||
/// 显示名称
|
|||
/// </summary>
|
|||
public string DisplayName { get; set; } |
|||
} |
@ -0,0 +1,17 @@ |
|||
using Microsoft.AspNetCore.Authorization; |
|||
|
|||
namespace Easy.Authorization.Realizations; |
|||
public class PermissionRequirement : IAuthorizationRequirement |
|||
{ |
|||
public string PermissionName { get; } |
|||
|
|||
public PermissionRequirement(string permissionName) |
|||
{ |
|||
PermissionName = permissionName; |
|||
} |
|||
|
|||
public override string ToString() |
|||
{ |
|||
return $"PermissionRequirement: {PermissionName}"; |
|||
} |
|||
} |
Loading…
Reference in new issue