在需求上添加具有可变参数的 .Net Core 策略 [英] Adding .Net Core Policy with variable Parameters on Requirements
问题描述
我正在尝试实施一项非常精细的政策.这个想法就像图片中的一样.
I am trying to implement a Policy that is quite granular level. The idea is like in the image.
每个实体始终与右侧的实体具有一对多关系.一个机构可以有多个课程,每个课程可以有多个科目,每个科目> 可以有很多教学大纲等...
Each entity has always the One-To-Many relation with the entity on the right. One Institution can have many Courses, each Course can have many Subjects, each Subject can have many Syllabus, etc...
有3个角色:Administrator、Contributor、Viewer
如果您在顶级实体之一中拥有角色,则此角色将传播到其余实体.例如:如果您是课程管理员,则您是学科、教学大纲等的管理员...
If you have a Role in one of the top entities this role will be propagated to the rest bellow. E.g: If you are an Administrator of Course you are administrator of Subject, Syllabus, etc...
如果您是其中一个教学大纲的贡献者,您将成为该教学大纲的以下课程和视频的贡献者.
If you are Contributor of one of the Syllabus you will be Contributor for bellow Lessons and Videos of this Syllabus.
我尝试使用 Custom Policies 解决它:
I have tried to solve it using Custom Policies:
添加如下需求:
public class AdministratorRequirement : IAuthorizationRequirement
{
public int UserId { get; private set; }
public EntityType EntityType { get; private set; }
public int EntityId { get; private set; }
public AdministratorRequirement(int userId, EntityType entityType, int entityId)
{
UserId = userId;
EntityType = entityType;
EntityId = entityId;
}
}
并添加如下策略处理程序:
And adding the Policy Handler as bellow:
public class AdministratorHandler : AuthorizationHandler<AdministratorRequirement>
{
public IRolesRepository RolesRepository {get;set;}
public AdministratorHandler(IRolesRepository rolesRepository)
{
RolesRepository = rolesRepository;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AdministratorRequirement requirement)
{
// Save User object to access claims
bool isAdministrator = RolesRepository.CheckUserRole(requirement.UserId, requirement.EntityType, requirement.EntityId, "Administrator");
if (isAdministrator)
context.Succeed(requirement);
return Task.CompletedTask;
}
}
问题是我想在 Startup 类上定义变量需求:
The problem is that I would like to define variable requirement on the Startup class:
options.AddPolicy("CourseAdministrator",
policy => policy
.Requirements
.Add(
new AdministratorRequirement(
/*userId - should be variable*/ 0,
EntityType.Course,
/*int entityId - should be variable*/ 0))
并在类似的东西上使用它
And use it on something like
[Authorize(/*pass some parameters in here like user Id and course Id*/)]
[HttpPost]
[Route("create")]
public async Task<IActionResult> CreateCourse([FromBody] Course course)
{
//Or call the policy handler programatically in here.
CleanCacheOnUpdateCourse();
return Ok(await Services.CreateCourse(course, EmauaUser));
}
不知道有没有这样的解决方案?
Do you know if there is such a solution?
推荐答案
对于Policy,需要传递satic变量.
For Policy, you need to pass the satic variable.
如果你想动态检查权限,你可以实现自己的IAuthorizationFilter,如
If you want to check the permission dynamically, you could implement your own IAuthorizationFilter like
自定义
IAuthorizationFilter
public class CustomAuthorize : IAuthorizationFilter
{
private readonly int _input;
public CustomAuthorize(int input)
{
_input = input;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
//custom validation rule
if (_input == 1)
{
context.Result = new ForbidResult();
}
}
}
自定义
CustomAuthorizeAttribute
public class CustomAuthorizeAttribute : TypeFilterAttribute
{
public CustomAuthorizeAttribute(int input) : base(typeof(CustomAuthorize))
{
Arguments = new object[] { input };
}
}
使用
Use
[CustomAuthorizeAttribute(1)]
public IActionResult About()
这篇关于在需求上添加具有可变参数的 .Net Core 策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
