add hangfire dashboard authorization

5 years ago · b374984508
6 changed files with 200 additions and 1 deletions
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs
@ -8,6 +8,7 @@ using LINGYUN.Abp.ExceptionHandling;
 using LINGYUN.Abp.ExceptionHandling.Notifications;
 using LINGYUN.Abp.Hangfire.Storage.MySql;
 using LINGYUN.Abp.IM.SignalR;
+using LINGYUN.Abp.MessageService.Authorization;
 using LINGYUN.Abp.MessageService.EntityFrameworkCore;
 using LINGYUN.Abp.MessageService.Localization;
 using LINGYUN.Abp.MessageService.MultiTenancy;
@ -253,7 +254,10 @@ namespace LINGYUN.Abp.MessageService
            // 审计日志
            app.UseAuditing();
            app.UseHangfireServer();
-            app.UseHangfireDashboard();
+            app.UseHangfireDashboard(options =>
+            {
+                options.UseAuthorization(new HangfireDashboardAuthorizationFilter());
+            });
            // 路由
            app.UseConfiguredEndpoints();
        }
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Authorization/HangfireDashboardAuthorizationFilter.cs
@ -0,0 +1,46 @@
+using Hangfire.Annotations;
+using Hangfire.Dashboard;
+using LINGYUN.Abp.MessageService.Permissions;
+using Microsoft.Extensions.DependencyInjection;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Threading;
+
+namespace LINGYUN.Abp.MessageService.Authorization
+{
+    public class HangfireDashboardAuthorizationFilter : IDashboardAuthorizationFilter
+    {
+        public bool Authorize([NotNull] DashboardContext context)
+        {
+            var httpContext = context.GetHttpContext();
+
+            var permissionChecker = httpContext.RequestServices.GetService<IPermissionChecker>();
+
+            if (permissionChecker != null)
+            {
+                // 可以详细到每个页面授权,这里就免了
+                return AsyncHelper.RunSync(async () => await permissionChecker.IsGrantedAsync(AbpMessageServicePermissions.Hangfire.ManageQueue));
+            }
+            return new LocalRequestsOnlyAuthorizationFilter().Authorize(context);
+        }
+
+        public override int GetHashCode()
+        {
+            // 类型相同就行了
+            return GetType().FullName.GetHashCode();
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (obj == null)
+            {
+                return false;
+            }
+            // 类型相同就行了
+            if (GetType().Equals(obj.GetType()))
+            {
+                return true;
+            }
+            return base.Equals(obj);
+        }
+    }
+}
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/DashboardOptionsExtensions.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/DashboardOptionsExtensions.cs
@ -0,0 +1,74 @@
+using Hangfire.Dashboard;
+using JetBrains.Annotations;
+using System.Collections.Generic;
+using Volo.Abp;
+
+namespace Hangfire
+{
+    public static class DashboardOptionsExtensions
+    {
+        public static DashboardOptions AddAuthorization(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IDashboardAuthorizationFilter authorizationFilter)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilter, nameof(authorizationFilter));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>();
+            filters.AddRange(options.Authorization);
+            filters.AddIfNotContains(authorizationFilter);
+
+            options.Authorization = filters;
+
+            return options;
+        }
+
+        public static DashboardOptions AddAuthorizations(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IEnumerable<IDashboardAuthorizationFilter> authorizationFilters)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilters, nameof(authorizationFilters));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>();
+            filters.AddRange(options.Authorization);
+            filters.AddIfNotContains(authorizationFilters);
+
+            options.Authorization = filters;
+
+            return options;
+        }
+
+        public static DashboardOptions UseAuthorization(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IDashboardAuthorizationFilter authorizationFilter)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilter, nameof(authorizationFilter));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>
+            {
+                authorizationFilter
+            };
+
+            options.Authorization = filters;
+
+            return options;
+        }
+
+        public static DashboardOptions UseAuthorizations(
+            [NotNull] this DashboardOptions options,
+            [NotNull] IEnumerable<IDashboardAuthorizationFilter> authorizationFilters)
+        {
+            Check.NotNull(options, nameof(options));
+            Check.NotNull(authorizationFilters, nameof(authorizationFilters));
+
+            List<IDashboardAuthorizationFilter> filters = new List<IDashboardAuthorizationFilter>();
+            filters.AddRange(authorizationFilters);
+
+            options.Authorization = filters;
+
+            return options;
+        }
+    }
+}
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireApplicationBuilderExtensions.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Hangfire/HangfireApplicationBuilderExtensions.cs
@ -0,0 +1,41 @@
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Builder;
+using System;
+using Volo.Abp;
+
+namespace Hangfire
+{
+    public static class HangfireApplicationBuilderExtensions
+    {
+        public static IApplicationBuilder UseHangfireDashboard(
+            [NotNull] this IApplicationBuilder app,
+            [CanBeNull] Action<DashboardOptions> setup = null)
+        {
+            Check.NotNull(app, nameof(app));
+            return app.UseHangfireDashboard("/hangfire", setup, null);
+        }
+
+        public static IApplicationBuilder UseHangfireDashboard(
+            [NotNull] this IApplicationBuilder app,
+            [CanBeNull] string pathMatch = "/hangfire",
+            [CanBeNull] Action<DashboardOptions> setup = null)
+        {
+            Check.NotNull(app, nameof(app));
+            return app.UseHangfireDashboard(pathMatch, setup, null);
+        }
+
+        public static IApplicationBuilder UseHangfireDashboard(
+            [NotNull] this IApplicationBuilder app,
+            [CanBeNull] string pathMatch = "/hangfire",
+            [CanBeNull] Action<DashboardOptions> setup = null,
+            [CanBeNull] JobStorage storage = null)
+        {
+            Check.NotNull(app, nameof(app));
+
+            var options = new DashboardOptions();
+            setup?.Invoke(options);
+
+            return app.UseHangfireDashboard(pathMatch: pathMatch, options: options, storage: storage);
+        }
+    }
+}
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissionDefinitionProvider.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissionDefinitionProvider.cs
@ -0,0 +1,22 @@
+using LINGYUN.Abp.MessageService.Localization;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.Localization;
+
+namespace LINGYUN.Abp.MessageService.Permissions
+{
+    public class AbpMessageServicePermissionDefinitionProvider : PermissionDefinitionProvider
+    {
+        public override void Define(IPermissionDefinitionContext context)
+        {
+            var group = context.GetGroup(MessageServicePermissions.GroupName);
+
+            var hangfirePermission = group.AddPermission(AbpMessageServicePermissions.Hangfire.Default, L("Permission:Hangfire"));
+            hangfirePermission.AddChild(AbpMessageServicePermissions.Hangfire.ManageQueue, L("Permission:ManageQueue"));
+        }
+
+        private static LocalizableString L(string name)
+        {
+            return LocalizableString.Create<MessageServiceResource>(name);
+        }
+    }
+}
--- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissions.cs
+++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/Permissions/AbpMessageServicePermissions.cs
@ -0,0 +1,12 @@
+namespace LINGYUN.Abp.MessageService.Permissions
+{
+    public class AbpMessageServicePermissions
+    {
+        public class Hangfire
+        {
+            public const string Default = MessageServicePermissions.GroupName + ".Hangfire";
+
+            public const string ManageQueue = Default + ".ManageQueue";
+        }
+    }
+}