如何在特定用户权限下调用 Web API? [英] How to call web API under specific user permission?

问题描述

我有一个函数，允许最终用户执行一个Workflow(包含许多 API)或安排它作为后台作业运行.

I have a function that allows the end user to execute a Workflow (containing many APIs) or schedule it to run as a background job.

示例:User1 创建 Workflow1，其中包含 3 个 API(Api1、Api2、Api3)，并将其配置为每天上午 9 点运行.

Example: User1 creates Workflow1, which contains 3 APIs (Api1, Api2, Api3), and configures it to run at 9AM every day.

我使用 HttpClient 像这样调用每个 API:

I use HttpClient to call each API like this:

var client = new HttpClient { BaseAddress = new Uri("http://localhost/") };
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.PostAsJsonAsync("/api/services/myApp/workflow/Api1?input=something", "").Result;

如何在用户未登录应用程序时将 User1 的凭据添加到请求中(因为它会作为计划作业自动运行)?

How do I add the credentials of User1 to the request while the user is not logged in to the application (because it will run automatically as a scheduled job)?

我决定使用反射来调用字符串名称的 API.

直接执行API的情况下，如何在特定权限下运行?

In the case of executing an API directly, how do I run it under a specific permission?

我已将代码放在 using 块中，但所有 API 均已成功触发:

I have put my code inside a using block, but all APIs were fired successfully:

using (_session.Use(1, 3)) // 3 is the Id of User1, who has no permissions
{
    // Execute operator
    switch (input.Operator.Type)
    {
        case "api":
            executeApiResult = await ExecuteApi(input);
            break;
        case "procedure":
            executeApiResult = await ExecuteProcedure(input);
            break;
        default:
            return new ExecuteOperatorOutput
            {
                Result = new ExecuteOperatorResult { Status = false, Message = $"Wrong operator type: {input.Operator.Type}" },
                WorkflowStatus = false
            };
    }
}

推荐答案

直接执行API的情况下，如何在特定权限下运行?

In the case of executing an API directly, how do I run it under a specific permission?

您可以覆盖当前会话值和在 using 块内调用您的方法.

You can override current session values and call your method inside the using block.

我已将代码放在 using 块中，但所有 API 均已成功触发

I have put my code inside a using block, but all APIs were fired successfully

将您的 API 方法声明为 public virtual，因为 AbpAuthorize.

Declare your API methods as public virtual as there are some restrictions for AbpAuthorize.

这篇关于如何在特定用户权限下调用 Web API?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！