Wpf用户安全策略 [英] Wpf User Security Strategy

问题描述

背景:

我正在创建WPF应用程序(带有MVVM-Light的.NET 4.5)

I am creating a WPF application (.NET 4.5 with MVVM-Light)

我已经在支持WPF应用程序的数据库中创建了用户角色，WPF应用程序的用户在其中分配了角色(即用户，经理，所有者，管理员)

I have created user roles in the database that backs the WPF application where the users of the WPF App have an assigned role (i.e. user, manager, owner, admin)

我想要的:

我的客户希望能够根据其角色来限制用户看到的内容以及用户可以执行的操作.所有用户都将看到一些视图，因此，根据用户角色，应隐藏或禁用某些视觉元素(网格，按钮等).

My client wants to be able to restrict what the users see and what the users can do based on their role. There are some views that will be seen by all users, therfore some visual elements (grids, buttons etc..) should be hidden or disabled depending on the users role.

我所拥有的:

我创建了一个IUserService，并将其注入每个视图模型中.我创建的角色有一个标记其安全级别的字段(仅是1到5的整数).我希望能够基于此数字来限制视觉元素的可见性.

I have created an IUserService that gets injected into every viewmodel. The roles that I have created have a field that marks their security level(simply an integer 1 through 5). I want to be able to restrict the visiblity of visual elements based on this number.

例如，我的计划是将元素的可见性绑定到视图模型(Level1，Level2等)中的布尔属性(使用boolToVisibility Converter)，并且该属性将在用户级别匹配或更大时返回true.比房地产水平高.

For example, My plan is to bind the visibility of the element to a boolean property (using a boolToVisibility Converter) in the viewmodel (Level1, Level2, etc) and that property would return true if the users level matches or is greater than the property level.

我的担忧:

我担心的是，这需要在每个视图模型和每个可视元素上实现很多工作.另外，我已经有了一些受其他业务逻辑影响的视觉元素.

My concern is that this is a lot of work to implement in every viewmodel and on every visual element that is needed. Also, I already have some visual elements that are affected by other business logic.

问题:

什么是有效的方法来限制用户根据用户角色策略查看"视觉元素的能力?

What is an efficient way to restrict users ability to "view" visual elements based on a user role strategy?

我准备开始这项工作，但是我很想听听社区中有关WPF应用程序中如何实现基于用户角色的安全性的其他想法.

I am prepared to start this work, But I would love to hear some other ideas from the community on how user role based security is implemented in a WPF application.

推荐答案

您可以创建

You can create an attached property to determine each control's access level

public class VisibilitySecurityLevel 
{
    public static readonly DependencyProperty SecurityLevelProperty = 
        DependencyProperty.RegisterAttached("SecurityLevel", typeof(int), typeof(FrameworkElement), new PropertyMetadata(5));

    public static void SetSecurityLevel(UIElement element, int value)
    {
        element.SetValue(SecurityLevelProperty, value);
    }
    public static int GetSecurityLevel(UIElement element)
    {
        return (int)element.GetValue(SecurityLevelProperty);
    }
}

将其应用于要由用户角色管理的控件

Apply it to the control's you want to be managed by user role

    <Button local:VisibilitySecurityLevel.SecurityLevel="3"/>
    <CheckBox local:VisibilitySecurityLevel.SecurityLevel="2"/>

使用基本的隐式样式，该样式将使用转换器根据安全级别绑定控件的可见性

use a base implicit style that will bind the visibilty of the controls based on thier security level using a converter

       <local:AccessLevelToVisibilityConverter x:Key="AccessLevelToVisibilityConverter"/>
       <Style TargetType="{x:Type FrameworkElement}">
            <Setter Property="Visibility">
                <Setter.Value>
                    <MultiBinding Converter="{StaticResource AccessLevelToVisibilityConverter}">
                        <Binding Path="UserRole"/>
                        <Binding RelativeSource="{RelativeSource Mode=Self}"/>
                    </MultiBinding>
                </Setter.Value>
            </Setter>
        </Style>

转换器:

public class AccessLevelToVisibilityConverter : IMultiValueConverter
{
    public object Convert(object[] values, Type targetType, object parameter, CultureInfo culture)
    {
        int userRole = (int)values[0];
        int controlAccessLevel = (int)(values[1] as FrameworkElement).GetValue(VisibilitySecurityLevel.SecurityLevelProperty);

        return (userRole <= controlAccessLevel) ? Visibility.Visible : Visibility.Hidden;
    }

    public object[] ConvertBack(object value, Type[] targetTypes, object parameter, CultureInfo culture)
    {
        throw new NotSupportedException();
    }
}

请注意，在我的实现中，最低的用户角色5是最受限制的角色(只能看到访问级别为5的控件)，而用户角色1是特权最高的(可以看到访问级别为1 -5的控件). 这就是为什么默认访问级别为5(new PropertyMetadata(5))和 转换器绑定到viewModel中的整数UserRole属性，该属性指示用户的访问特权(1-5)

Note that in my implementation the lowest user role 5 is the most restricted one (can only see controls with access level of 5) and user role 1 is the most privileged (can see controls with access levels 1 -5). This is why the default access level is 5 (new PropertyMetadata(5)) and The converter is binded to an integer UserRole property in the viewModel indicating the user's access priviliages (1 - 5)

希望这会有所帮助

这篇关于Wpf用户安全策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！