Skip to content

Commit

Permalink
wip: 在DataAuthService中实现指定实体类型的忽略数据权限检查
Browse files Browse the repository at this point in the history
  • Loading branch information
gmf520 committed Feb 27, 2024
1 parent 8e82062 commit f2b1e71
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 23 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// -----------------------------------------------------------------------
// -----------------------------------------------------------------------
// <copyright file="Logout_RemoveRefreshTokenEventHandler.cs" company="OSharp开源团队">
// Copyright (c) 2014-2022 OSharp. All rights reserved.
// </copyright>
Expand All @@ -16,16 +16,14 @@ namespace OSharp.Hosting.Identity.Events;

public class Logout_RemoveRefreshTokenEventHandler : EventHandlerBase<LogoutEventData>
{
private readonly IPrincipal _principal;
private readonly UserManager<User> _userManager;
private readonly IServiceProvider _provider;

/// <summary>
/// 初始化一个<see cref="Logout_RemoveRefreshTokenEventHandler"/>类型的新实例
/// </summary>
public Logout_RemoveRefreshTokenEventHandler(UserManager<User> userManager, IPrincipal principal)
public Logout_RemoveRefreshTokenEventHandler(IServiceProvider provider)
{
_userManager = userManager;
_principal = principal;
_provider = provider;
}

/// <summary>
Expand All @@ -45,7 +43,8 @@ public override void Handle(LogoutEventData eventData)
/// <returns>是否成功</returns>
public override async Task HandleAsync(LogoutEventData eventData, CancellationToken cancelToken = default(CancellationToken))
{
ClaimsIdentity identity = _principal.Identity as ClaimsIdentity;
IPrincipal principal = _provider.GetCurrentUser();
ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
if (identity?.IsAuthenticated != true)
{
return;
Expand All @@ -57,6 +56,10 @@ public override void Handle(LogoutEventData eventData)
return;
}

await _userManager.RemoveRefreshToken(eventData.UserId.ToString(), clientId);
var dataAuthService = _provider.GetService<IDataAuthService>();
dataAuthService.SetIgnoreDataAuth(typeof(User));

var userManager = _provider.GetService<UserManager<User>>();
await userManager.RemoveRefreshToken(eventData.UserId.ToString(), clientId);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@
// <last-date>2019-06-15 13:26</last-date>
// -----------------------------------------------------------------------

using OSharp.Authorization;


namespace OSharp.Authentication.JwtBearer;

/// <summary>
Expand Down Expand Up @@ -117,8 +120,9 @@ private async Task<JsonWebToken> CreateToken(string userId, string userName, Req
var (token, expires) = CreateToken(claims, _jwtOptions, JwtTokenType.RefreshToken, refreshToken);
string refreshTokenStr = token;
//关闭数据权限检查
ScopedDictionary scopedDict = _provider.GetService<ScopedDictionary>();
scopedDict.IsIgnoreDataAuth = true;
var dataAuthService = _provider.GetService<IDataAuthService>();
dataAuthService.SetIgnoreDataAuth(typeof(TUser));

IUnitOfWork unitOfWork = _provider.GetUnitOfWork(true);
UserManager<TUser> userManager = _provider.GetService<UserManager<TUser>>();
refreshToken = new RefreshToken() { ClientId = clientId, Value = refreshTokenStr, EndUtcTime = expires };
Expand Down
19 changes: 12 additions & 7 deletions src/OSharp/Authorization/DataAuthService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ public DataAuthService(IServiceProvider provider)
/// </summary>
protected ScopedDictionary ScopedDictionary => _provider.GetService<ScopedDictionary>();

protected IList<Type> IgnoreDataAuthTypes { get; } = new List<Type>();

/// <summary>
/// 获取指定实体的数据权限过滤表达式
/// </summary>
Expand Down Expand Up @@ -111,13 +113,7 @@ public Expression<Func<T, bool>> GetDataFilter<T>(DataAuthOperation operation, F
/// <returns>是否有权限</returns>
public bool CheckDataAuth<TEntity>(DataAuthOperation operation, params TEntity[] entities)
{
if (entities.Length == 0)
{
return true;
}

ScopedDictionary dict = _provider.GetService<ScopedDictionary>();
if (dict.IsIgnoreDataAuth)
if (entities.Length == 0 || IgnoreDataAuthTypes.Contains(typeof(TEntity)))
{
return true;
}
Expand All @@ -127,4 +123,13 @@ public bool CheckDataAuth<TEntity>(DataAuthOperation operation, params TEntity[]
bool has = entities.All(func);
return has;
}

/// <summary>
/// 设置当前请求中忽略数据权限验证的实体类型
/// </summary>
/// <param name="entityType">实体类型</param>
public void SetIgnoreDataAuth(Type entityType)
{
IgnoreDataAuthTypes.AddIfNotExist(entityType);
}
}
8 changes: 7 additions & 1 deletion src/OSharp/Authorization/IDataAuthService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,10 @@ public interface IDataAuthService
/// <param name="entities">待检测的实体数据</param>
/// <returns>是否有权限</returns>
bool CheckDataAuth<TEntity>(DataAuthOperation operation, params TEntity[] entities);
}

/// <summary>
/// 设置当前请求中忽略数据权限验证的实体类型
/// </summary>
/// <param name="entityType">实体类型</param>
void SetIgnoreDataAuth(Type entityType);
}
5 changes: 0 additions & 5 deletions src/OSharp/Dependency/ScopedDictionary.cs
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ public sealed class ScopedDictionary : ConcurrentDictionary<string, object>, IDi
/// </summary>
public ClaimsIdentity Identity { get; set; }

/// <summary>
/// 获取或设置 是否忽略数据权限检查
/// </summary>
public bool IsIgnoreDataAuth { get; set; } = false;

/// <summary>释放资源.</summary>
public void Dispose()
{
Expand Down

0 comments on commit f2b1e71

Please sign in to comment.