我已经做了一个月的C#所以请原谅这个问题的“本地化”但是我已经研究了几个小时而且我已经碰壁了。
我已经看到了使用IIdentity和IPrincipal的WPF应用程序的基于角色的授权的左右示例。
我找不到很多信息,但是,更多基于权限的授权方法,在这个应用程序中,想象没有组,只有权限和用户列表,你可以任何人都可以给予任何许可。
我希望能够:
1)能够根据用户权限控制UI /元素,其状态包括:Enabled,ReadOnly,Invisible,Collapsed(如此处https://uiauth.codeplex.com/所示)
2)能够在类或方法级别指定需要哪些权限(类似于http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/)
而不是:
[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
我想要类似的东西:
[PrincipalPermission(SecurityAction.Demand, Permission = "Can add users")]
现在,我看到如何执行此操作的唯一方法是利用ICommand并使用大量字符串比较在CanExecute方法中放置授权逻辑,以查看用户是否具有执行所需的权限请求的行动如下:
// Employee class
public bool HasRight(SecurityRight right)
{
return employee.Permissions.Contains(right);
}
// Implementation, check if employee has right to continue
if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users")))
{
// Allowed to perform action
}
else
{
// User does not have right to continue
throw SecurityException;
}
我被告知Enum Flags可能正是我正在寻找的What does the [Flags] Enum Attribute mean in C#?
我认为我理解enum / flag / bits但不足以完成实现......
如果我有:
EmployeeModel
EmployeeViewModel
ThingTwoModel
ThingTwoViewModel
MainView
我不确定一切都在哪里以及如何将它们联系在一起....这就是我到目前为止所做的事情(我意识到这不是一个有效的例子......这就是我的问题!):
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
public static void testFlag()
{
Permissions p;
var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User);
var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create;
if (x & p == desiredPermissions)
{
//the user can be created and read by this operator
}
}
感谢您提供任何指导。
答案 0 :(得分:1)
好testFlag无法正常工作。我想你想要的东西(LINQPad c#程序片段):
void Main()
{
//can create user but not read the information back
var userCanBeCreatedPermission = Permissions.Create | Permissions.User;
//can create and readback
var userCanBeCreatedAndReadBackPermission = userCanBeCreatedPermission | Permissions.Read;
userCanBeCreatedPermission.HasFlag(Permissions.User).Dump(); //returns true
(userCanBeCreatedPermission.HasFlag(Permissions.User) && userCanBeCreatedPermission.HasFlag(Permissions.Read)).Dump(); //returns false
//alternative way of checking flags is to combine the flags and do an And mask check
//the above can be written as
((userCanBeCreatedPermission & (Permissions.User | Permissions.Read)) == (Permissions.User | Permissions.Read)).Dump(); //returns false
//using a variable to have combined permissions for readibility & using And mask:
var desiredPermissions = Permissions.User | Permissions.Read;
//checking with user that has both Create & Read permissions
((userCanBeCreatedAndReadBackPermission & desiredPermissions) == desiredPermissions).Dump(); // returns true because the user information can be read back by this user
((userCanBeCreatedAndReadBackPermission & Permissions.Delete) == Permissions.Delete).Dump(); // returns false because the user can't be deleted
}
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
这会回答你的问题吗?
答案 1 :(得分:1)
最终解决方案(.linq):
void Main()
{
// Permissions definition
var userCreate = new Authorization<User>(Permissions.Create);
var userRead = new Authorization<User>(Permissions.Read);
var carrotCreate = new Authorization<Carrot>(Permissions.Create);
var carrotRead = new Authorization<Carrot>(Permissions.Read);
// User
var user = new User();
// User has no permissions yet
if(user.IsAuthorized<User>(Permissions.Create))
"I can create User".Dump();
else
"No creating User for me".Dump();
// Now user can Create users
user.Authorizations.Add(userCreate);
if(user.IsAuthorized<User>(Permissions.Create))
"I can create User".Dump();
else
"No creating User for me".Dump();
// User can read carrots
user.Authorizations.Add(carrotRead);
if(user.IsAuthorized<Carrot>(Permissions.Create))
"I can create carrots".Dump();
else
"No creating carrots for me".Dump();
if(user.IsAuthorized<Carrot>(Permissions.Read))
"I can read carrots".Dump();
else
"No reading carrots for me".Dump();
// User can now create carrots
user.Authorizations.Add(carrotCreate);
if(user.IsAuthorized<Carrot>(Permissions.Create))
"I can create carrots".Dump();
else
"No creating carrots for me".Dump();
}
[Flags]
public enum Permissions : ulong
{
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3
}
public abstract class Auth{
}
public class Authorization<T> : Auth {
public Authorization(Permissions permissions){ this.Permissions = permissions; }
public Permissions Permissions {get;set;}
}
public class Carrot{
public int Id{get; set;}
}
public class User{
public User(){ Authorizations = new List<Auth>(); }
public List<Auth> Authorizations{get; set;}
public bool IsAuthorized<T>(Permissions permission){
foreach(var auth in Authorizations)
if(auth is Authorization<T>){
var a = auth as Authorization<T>;
if(a.Permissions == permission)
return true;
}
return false;
}
}