基于WPF权限的授权使用枚举标志位 [英] WPF permission-based authorization using Enum Flag Bit

问题描述

我一直在做一个月的C＃，所以请原谅这个问题的本地化，但我已经研究了几个小时，我打砖墙。

我看到了使用 IIdentity 的WPF应用程序的基于角色的授权 IPrincipal 。

I've seen examples left and right for Role-based authorization for WPF applications utilizing IIdentity and IPrincipal.

我找不到很多信息，但是，在更多的在这个应用程序中，在这个应用程序中，想像没有组，只是一个权限和用户列表，你可以任意授予任何人。

I can't find a lot of information, however, on a more Permission-based authorization approach, in this app imagine there are no Groups but just a list of permissions and users and you can assign anyone any permission.

我会喜欢能够：

1）能够根据用户权限控制UI /元素，例如：启用，只读，隐形，折叠（如图所示）这里是 https://uiauth.codeplex.com/ ）

2）能够在类或方法级别指定哪些权限是必需的（类似于 http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/ ）

1) Be able to control the UI/elements based on user permissions with such states as: Enabled, ReadOnly, Invisible, Collapsed (as seen here https://uiauth.codeplex.com/)
2) Be able to specify at the class or method level which permissions are required (similar to http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/)

而不是：

[PrincipalPermission（SecurityAction.Demand，Role =Administrators）]

我想要的东西如下：

[PrincipalPermission（SecurityAction.Demand ，Permission =可以添加用户）]

现在，我看到如何做到这一点的唯一方法是利用 ICommand ，并将授权逻辑放在 CanExecute 方法中，使用大量的字符串比较来查看用户是否具有执行请求的操作所需的权限，例如：

Right now the only way I see how to do this is utilizing ICommand and putting authorization logic in the CanExecute methods using a lot of string comparison to see if the user has the required rights to perform requested actions like:

// Employee class
public bool HasRight(SecurityRight right)
{
    return employee.Permissions.Contains(right);
}

// Implementation, check if employee has right to continue
if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users")))
{
    // Allowed to perform action
}
else
{
    // User does not have right to continue
    throw SecurityException;
}

我被告知Enum Flags可能正在寻找< a href =https://stackoverflow.com/questions/8447/enum-flags-attribute/8462#8462> C＃中的[Flags]枚举属性是什么意思？

I've been told Enum Flags may be what I'm looking for What does the [Flags] Enum Attribute mean in C#?

我认为我知道枚举/标志/位，但不足以完成实现...

I think I understand enum/flag/bits but not enough to complete the implementation...

如果我有：

EmployeeModel

EmployeeViewModel

ThingTwoModel

ThingTwoViewModel

MainView

EmployeeModel
EmployeeViewModel
ThingTwoModel
ThingTwoViewModel
MainView

我不知道一切如何，如何将它们整合在一起....这里是我迄今为止（我意识到这不是一个工作的例子...这是我的问题！） ：

I'm not sure where everything goes and how to tie it all together.... here's what I have so far (I realize this isnt a working example... thats my problem!):

    [Flags]
    public enum Permissions
    {
        None = 0,
        Create = 1 << 0,
        Read = 1 << 1,
        Update = 1 << 2,
        Delete = 1 << 3,

        User = 1 << 4,
        Group = 1 << 5
    }

    public static void testFlag()
    {
        Permissions p;
        var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User);
        var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create;
        if (x & p == desiredPermissions)
        {
            //the user can be created and read by this operator
        }
    }

感谢您的指导。

推荐答案

好的 testFlag 将无法正常工作。我想你想要的东西（ LINQPad c＃程序片段）：

well the testFlag won't work as it is. I think you want something along the lines of (LINQPad c# program snippet):

void Main()
{
    //can create user but not read the information back
    var userCanBeCreatedPermission = Permissions.Create | Permissions.User;

    //can create and readback
    var userCanBeCreatedAndReadBackPermission = userCanBeCreatedPermission | Permissions.Read;

    userCanBeCreatedPermission.HasFlag(Permissions.User).Dump(); //returns true

    (userCanBeCreatedPermission.HasFlag(Permissions.User) && userCanBeCreatedPermission.HasFlag(Permissions.Read)).Dump(); //returns false

    //alternative way of checking flags is to combine the flags and do an And mask check
    //the above can be written as
    ((userCanBeCreatedPermission & (Permissions.User | Permissions.Read)) == (Permissions.User | Permissions.Read)).Dump(); //returns false

    //using a variable to have combined permissions for readibility & using And mask:
    var desiredPermissions = Permissions.User | Permissions.Read;

    //checking with user that has both Create & Read permissions

    ((userCanBeCreatedAndReadBackPermission & desiredPermissions) == desiredPermissions).Dump(); // returns true because the user information can be read back by this user

    ((userCanBeCreatedAndReadBackPermission & Permissions.Delete) == Permissions.Delete).Dump(); // returns false because the user can't be deleted
}

[Flags]
public enum Permissions
{
   None = 0,
   Create = 1 << 0,
   Read = 1 << 1,
   Update = 1 << 2,
   Delete = 1 << 3,

   User = 1 << 4,
   Group = 1 << 5
}

这是否会回答您的问题？

Does that answer your question?

这篇关于基于WPF权限的授权使用枚举标志位的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！