Add Provider option to the PermissionDefinition

7 years ago · 54d14d952d
4 changed files with 57 additions and 7 deletions
--- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs
@ -28,6 +28,7 @@ namespace Volo.Abp.Authorization
            {
                options.ValueProviders.Add<UserPermissionValueProvider>();
                options.ValueProviders.Add<RolePermissionValueProvider>();
+                options.ValueProviders.Add<ClientPermissionValueProvider>();
            });
        }
    }
--- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionChecker.cs
@ -1,10 +1,10 @@
-using System;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Security.Claims;

@ -40,7 +40,7 @@ namespace Volo.Abp.Authorization.Permissions
                true
            );
        }
-        
+
        public virtual Task<PermissionGrantInfo> CheckAsync(string name)
        {
            return CheckAsync(PrincipalAccessor.Principal, name);
@ -57,6 +57,12 @@ namespace Volo.Abp.Authorization.Permissions

            foreach (var provider in ValueProviders)
            {
+                if (context.Permission.Providers.Any() &&
+                    !context.Permission.Providers.Contains(provider.Name))
+                {
+                    continue;
+                }
+
                var result = await provider.CheckAsync(context);
                if (result.IsGranted)
                {
--- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinition.cs
@ -18,6 +18,8 @@ namespace Volo.Abp.Authorization.Permissions
        /// </summary>
        public PermissionDefinition Parent { get; private set; }

+        public List<string> Providers { get; }
+
        public ILocalizableString DisplayName
        {
            get => _displayName;
@ -53,6 +55,7 @@ namespace Volo.Abp.Authorization.Permissions
            DisplayName = displayName ?? new FixedLocalizableString(name);

            Properties = new Dictionary<string, object>();
+            Providers = new List<string>();
            _children = new List<PermissionDefinition>();
        }

@ -68,6 +71,30 @@ namespace Volo.Abp.Authorization.Permissions
            return child;
        }

+        /// <summary>
+        /// Sets a property in the <see cref="Properties"/> dictionary.
+        /// This is a shortcut for nested calls on this object.
+        /// </summary>
+        public virtual PermissionDefinition WithProperty(string key, object value)
+        {
+            Properties[key] = value;
+            return this;
+        }
+
+        /// <summary>
+        /// Sets a property in the <see cref="Properties"/> dictionary.
+        /// This is a shortcut for nested calls on this object.
+        /// </summary>
+        public virtual PermissionDefinition WithProviders(params string[] providers)
+        {
+            if (!providers.IsNullOrEmpty())
+            {
+                Providers.AddRange(providers);
+            }
+
+            return this;
+        }
+
        public override string ToString()
        {
            return $"[{nameof(PermissionDefinition)} {Name}]";
--- a/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
+++ b/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs
@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Localization;
@ -51,6 +52,11 @@ namespace Volo.Abp.PermissionManagement

                foreach (var permission in group.GetPermissionsWithChildren())
                {
+                    if (permission.Providers.Any() && !permission.Providers.Contains(providerName))
+                    {
+                        continue;
+                    }
+
                    var grantInfoDto = new PermissionGrantInfoDto
                    {
                        Name = permission.Name,
@ -75,7 +81,10 @@ namespace Volo.Abp.PermissionManagement
                    groupDto.Permissions.Add(grantInfoDto);
                }

-                result.Groups.Add(groupDto);
+                if (groupDto.Permissions.Any())
+                {
+                    result.Groups.Add(groupDto);
+                }
            }

            return result;
@ -85,9 +94,16 @@ namespace Volo.Abp.PermissionManagement
        {
            await CheckProviderPolicy(providerName);

-            foreach (var permission in input.Permissions)
+            foreach (var permissionDto in input.Permissions)
            {
-                await _permissionManager.SetAsync(permission.Name, providerName, providerKey, permission.IsGranted);
+                var permissionDefinition = _permissionDefinitionManager.Get(permissionDto.Name);
+                if (permissionDefinition.Providers.Any() && 
+                    !permissionDefinition.Providers.Contains(providerName))
+                {
+                    throw new ApplicationException($"The permission named '{permissionDto.Name}' has not compatible with the provider named '{providerName}'");
+                }
+
+                await _permissionManager.SetAsync(permissionDto.Name, providerName, providerKey, permissionDto.IsGranted);
            }
        }