chenjingyong
/
DSWMS
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
NET31
FEST
NET8
dev
WUTONG
master
djz_new
djz
temp
sdgslk
test
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2083c9ab58'
${ noResults }
DSWMS/开发版dev/Vue.NetCore/Vue.Net/VOL.Core/Filters/ActionPermissionFilter.cs

115 lines
5.6 KiB
C#
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Linq;
using System.Threading.Tasks;
using VOL.Core.Configuration;
using VOL.Core.Enums;
using VOL.Core.ManageUser;
using VOL.Core.Services;
using VOL.Core.Utilities;
using VOL.Entity.AttributeManager;
namespace VOL.Core.Filters
{
/// <summary>
/// 1、控制器或controller设置了AllowAnonymousAttribute直接返回
/// 2、TableName、TableAction 同时为nullSysController为false的只判断是否登陆
/// 3、TableName、TableAction 都不null根据表名与action判断是否有权限
/// 4、SysController为true通过httpcontext获取表名与action判断是否有权限
/// 5、Roles对指定角色验证
/// </summary>
public class ActionPermissionFilter : IAsyncActionFilter
{
private WebResponseContent ResponseContent { get; set; }
private ActionPermissionRequirement ActionPermission;
private UserContext _userContext { get; set; }
// private ResponseType responseType;
public ActionPermissionFilter(ActionPermissionRequirement actionPermissionRequirement, UserContext userContext)
{
this.ResponseContent = new WebResponseContent();
this.ActionPermission = actionPermissionRequirement;
_userContext = userContext;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (OnActionExecutionPermission(context).Status)
{
await next();
return;
}
FilterResponse.SetActionResult(context, ResponseContent);
}
private WebResponseContent OnActionExecutionPermission(ActionExecutingContext context)
{
//!context.Filters.Any(item => item is IFixedTokenFilter))固定token的是否验证权限
//if ((context.Filters.Any(item => item is IAllowAnonymousFilter)
// && !context.Filters.Any(item => item is IFixedTokenFilter))
// || UserContext.Current.IsSuperAdmin
// )
if (context.Filters.Any(item => item is IAllowAnonymousFilter)
|| UserContext.Current.IsSuperAdmin)
return ResponseContent.OK();
//演示环境除了admin帐号其他帐号都不能增删改等操作
if (!_userContext.IsSuperAdmin && AppSetting.GlobalFilter.Enable
&& AppSetting.GlobalFilter.Actions.Contains(((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor).ActionName))
{
return ResponseContent.Error(AppSetting.GlobalFilter.Message);
}
//如果没有指定表的权限则默认为代码生成的控制器优先获取PermissionTableAttribute指定的表如果没有数据则使用当前控制器的名作为表名权限
if (ActionPermission.SysController)
{
object[] permissionArray = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor)?.ControllerTypeInfo.GetCustomAttributes(typeof(PermissionTableAttribute), false);
if (permissionArray == null || permissionArray.Length == 0)
{
ActionPermission.TableName = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor).ControllerName;
}
else
{
ActionPermission.TableName = (permissionArray[0] as PermissionTableAttribute).Name;
}
if (string.IsNullOrEmpty(ActionPermission.TableName))
{
//responseType = ResponseType.ParametersLack;
return ResponseContent.Error(ResponseType.ParametersLack);
}
}
//如果没有给定权限,不需要判断
if (string.IsNullOrEmpty(ActionPermission.TableName)
&& string.IsNullOrEmpty(ActionPermission.TableAction)
&& (ActionPermission.RoleIds == null || ActionPermission.RoleIds.Length == 0))
{
return ResponseContent.OK();
}
//是否限制的角色ID称才能访问
//权限判断角色ID,
if (ActionPermission.RoleIds != null && ActionPermission.RoleIds.Length > 0)
{
if (ActionPermission.RoleIds.Contains(_userContext.UserInfo.Role_Id)) return ResponseContent.OK();
//如果角色ID没有权限。并且也没控制器权限
if (string.IsNullOrEmpty(ActionPermission.TableAction))
{
return ResponseContent.Error(ResponseType.NoRolePermissions);
}
}
//2020.05.05移除x.TableName.ToLower()转换,获取权限时已经转换成为小写
var actionAuth = _userContext.GetPermissions(x => x.TableName == ActionPermission.TableName.ToLower())?.UserAuthArr;
if (actionAuth == null
|| actionAuth.Count() == 0
|| !actionAuth.Contains(ActionPermission.TableAction))
{
Logger.Info(LoggerType.Authorzie, $"没有权限操作," +
$"用户ID{_userContext.UserId}:{_userContext.UserTrueName}," +
$"角色ID:{_userContext.RoleId}:{_userContext.UserInfo.RoleName}," +
$"操作权限{ActionPermission.TableName}:{ActionPermission.TableAction}");
return ResponseContent.Error(ResponseType.NoPermissions);
}
return ResponseContent.OK();
}
}
}
Reference in New Issue View Git Blame Copy Permalink