如何在特定用户权限下调用Web API? [英] How to call web API under specific user permission?

问题描述

我有一个功能，允许最终用户执行Workflow(包含许多API)或安排它作为后台作业运行.

I have a function that allows the end user to execute a Workflow (containing many APIs) or schedule it to run as a background job.

示例:User1创建Workflow1，其中包含3个API(Api1，Api2，Api3)，并将其配置为每天9AM运行.

Example: User1 creates Workflow1, which contains 3 APIs (Api1, Api2, Api3), and configures it to run at 9AM every day.

我使用HttpClient这样调用每个API:

I use HttpClient to call each API like this:

var client = new HttpClient { BaseAddress = new Uri("http://localhost/") };
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.PostAsJsonAsync("/api/services/myApp/workflow/Api1?input=something", "").Result;

当用户未登录到应用程序时(因为它将作为计划的作业自动运行)，如何在请求中添加User1的凭据?

How do I add the credentials of User1 to the request while the user is not logged in to the application (because it will run automatically as a scheduled job)?

我决定使用反射调用字符串名称的API .

在直接执行API的情况下，如何在特定权限下运行它?

In the case of executing an API directly, how do I run it under a specific permission?

我已将代码放入using块中，但所有API均已成功触发:

I have put my code inside a using block, but all APIs were fired successfully:

using (_session.Use(1, 3)) // 3 is the Id of User1, who has no permissions
{
    // Execute operator
    switch (input.Operator.Type)
    {
        case "api":
            executeApiResult = await ExecuteApi(input);
            break;
        case "procedure":
            executeApiResult = await ExecuteProcedure(input);
            break;
        default:
            return new ExecuteOperatorOutput
            {
                Result = new ExecuteOperatorResult { Status = false, Message = $"Wrong operator type: {input.Operator.Type}" },
                WorkflowStatus = false
            };
    }
}

推荐答案

在直接执行API的情况下，如何在特定权限下运行它?

In the case of executing an API directly, how do I run it under a specific permission?

您可以覆盖当前会话值，然后在using块中调用您的方法.

You can override current session values and call your method inside the using block.

我已将代码放入using块中，但所有API均已成功触发

I have put my code inside a using block, but all APIs were fired successfully

将您的API方法声明为public virtual，因为 AbpAuthorize .

Declare your API methods as public virtual as there are some restrictions for AbpAuthorize.

这篇关于如何在特定用户权限下调用Web API?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！