ECS / ECS_EquipmentMangaSystem_BingChengTaiGuang · Files

OperationAuthorizeRequirement.cs 2.66 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 
using HHECS.Application.Service;
using HHECS.WebCommon.AuthorizationExtensions;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http.Features;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;

namespace HHECS.WebCommon.AuthorizationPolicy
{
    /// <summary>
    /// 实现操作权限,与操作授权特性结合使用
    /// <see cref="OperationAuthorizeAttribute"/>
    /// </summary>
    public class OperationAuthorizeRequirement : AuthorizationHandler<OperationAuthorizeRequirement>, IAuthorizationRequirement
    {
        private readonly PermissionService permissionService;

        public OperationAuthorizeRequirement(PermissionService permissionService)
        {
            this.permissionService = permissionService;
        }

        /// <summary>
        /// 实现操作权限验证
        /// </summary>
        /// <param name="context"></param>
        /// <param name="requirement"></param>
        /// <param name="bllService"></param>
        /// <param name="permissionService"></param>
        /// <returns></returns>
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizeRequirement requirement)
        {
            if (context.HasFailed)
            {
                context.Fail();
            }
            else
            {
                var p = context.GetCurrentHttpContext().Features.Get<IEndpointFeature>().Endpoint.Metadata.GetMetadata<OperationAuthorizeAttribute>().OperationPermission;
                var userCode = context.User.Claims.FirstOrDefault(t => t.Type == ClaimTypes.Sid)?.Value;
                var password = context.User.Claims.FirstOrDefault(t => t.Type == "Password")?.Value;
                if (string.IsNullOrWhiteSpace(userCode) || string.IsNullOrWhiteSpace(password))
                {
                    context.Fail();
                }
                else
                {
                    var result = permissionService.GetUserWithRoles(userCode, password);
                    if (!result.Success)
                    {
                        context.Fail();
                    }
                    else
                    {
                        var pers = result.Data.Roles.SelectMany(t => t.Permissions).ToList();
                        if (pers.Exists(t => t.Perms == p))
                        {
                            context.Succeed(requirement);
                        }
                        else
                        {
                            context.Fail();
                        }
                    }
                }
            }


            return Task.CompletedTask;
        }
    }
}