Abp 内部是基于 asp.net core 基于 策略的 授权方式,每个权限为一个策略
权限分为:
1、定义权限(先定义权限组,后添加权限),每个模块都应该创建一个PermissionDefinitionProvider的派生类。
public class TestPermissionDefinitionProvider : PermissionDefinitionProvider { public override void Define(IPermissionDefinitionContext context) {
//AddGroup([NotNull] string name, ILocalizableString displayName = null); var testGroup = context.AddGroup("TestGroup");
//public virtual PermissionDefinition AddPermission(string name, ILocalizableString displayName = null)
testGroup.AddPermission("TestPermission1");
}
}
2、定义权限值来源(系统默认提供三类:Client,Role,User,分别用于基于客户端、基于角色、基于用户授权) ,只要实现IPermissionValueProvider 接口即可
public class RolePermissionValueProvider : PermissionValueProvider { public const string ProviderName = "Role"; public override string Name => ProviderName; public RolePermissionValueProvider(IPermissionStore permissionStore) : base(permissionStore) { } public override async Task<PermissionGrantResult> CheckAsync(PermissionValueCheckContext context) { var roles = context.Principal?.FindAll(AbpClaimTypes.Role).Select(c => c.Value).ToArray(); if (roles == null || !roles.Any()) { return PermissionGrantResult.Undefined; } foreach (var role in roles) { if (await PermissionStore.IsGrantedAsync(context.Permission.Name, Name, role)) { return PermissionGrantResult.Granted; } } return PermissionGrantResult.Undefined; } }
然后添加到权限选项中
public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.AddAuthorization(); context.Services.AddSingleton<IAuthorizationHandler, PermissionRequirementHandler>(); Configure<PermissionOptions>(options => { options.ValueProviders.Add<UserPermissionValueProvider>(); options.ValueProviders.Add<RolePermissionValueProvider>(); options.ValueProviders.Add<ClientPermissionValueProvider>(); }); }
3、默认实现中,权限授权信息保存在 IPermissionStore 中 ,必须实现这个接口提供正确的授权信息。如
public class FakePermissionStore : IPermissionStore, ITransientDependency { public Task<bool> IsGrantedAsync(string name, string providerName, string providerKey) { var result = name == "TestPermission1" && providerName == UserPermissionValueProvider.ProviderName && providerKey == AuthTestController.FakeUserId.ToString(); return Task.FromResult(result); } }
4、在需要授权的地方加上授权标记就可以了 。