fix authorize

2025-12-05 00:27:43 +08:00
parent bd95848972
commit 00dd4fa958
18 changed files with 300 additions and 168 deletions
--- a/Atomx.Admin/Atomx.Admin.Client/Components/AuthorizeCheck.razor
+++ b/Atomx.Admin/Atomx.Admin.Client/Components/AuthorizeCheck.razor
@@ -0,0 +1,90 @@
+@inherits ComponentBase
+
+<CascadingAuthenticationState>
+    <AuthorizeView Context="authContext">
+        <Authorized>
+            @if (_isAuthorized)
+            {
+                @ChildContent
+            }
+            else if (!string.IsNullOrEmpty(NotAuthorizedContent))
+            {
+                @NotAuthorizedContent
+            }
+        </Authorized>
+        <NotAuthorized>
+            @if (!string.IsNullOrEmpty(NotAuthenticatedContent))
+            {
+                @NotAuthenticatedContent
+            }
+        </NotAuthorized>
+    </AuthorizeView>
+</CascadingAuthenticationState>
+
+@code {
+    [CascadingParameter] private Task<AuthenticationState>? AuthenticationStateTask { get; set; }
+
+    [Parameter] public RenderFragment? ChildContent { get; set; }
+    [Parameter] public string? NotAuthorizedContent { get; set; }
+    [Parameter] public string? NotAuthenticatedContent { get; set; }
+
+    [Parameter] public string? Permission { get; set; } // 单个权限
+    [Parameter] public string[]? AnyPermissions { get; set; } // 多个权限
+    [Parameter] public string[]? Roles { get; set; } // 多个角色
+    [Parameter] public string? Policy { get; set; } // 策略名称
+
+    private bool _isAuthorized = false;
+
+    protected override async Task OnInitializedAsync()
+    {
+        // 如果 Claims 中没有权限信息，使用 PermissionService 异步检查
+        if (AuthenticationStateTask != null)
+        {
+            var authState = await AuthenticationStateTask;
+            var user = authState.User;
+
+            if (user.Identity?.IsAuthenticated ?? false)
+            {
+                var userPermissions = user.Claims.Where(c => c.Type == ClaimKeys.Permission).Select(c => c.Value).SingleOrDefault()?.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries).ToList();
+                if(userPermissions == null)
+                {
+                    userPermissions = new List<string>();
+                }
+                // 检查单个权限
+                if (Roles?.Length > 0)
+                {
+                    var hasRole = Roles.Any(role => user.IsInRole(role));
+                    if (!hasRole)
+                    {
+                        _isAuthorized = true;
+                        return;
+                    }
+                }
+
+                if (!string.IsNullOrEmpty(Permission))
+                {
+                    var hasAllPermissions = userPermissions.Contains(Permission);
+                    if (hasAllPermissions)
+                    {
+                        _isAuthorized = true;
+                        return;
+                    }
+                }
+
+                if (AnyPermissions?.Length > 0)
+                {
+                    var hasAnyPermission = AnyPermissions.Any(p => userPermissions.Contains(p));
+                    if (!hasAnyPermission)
+                    {
+                        _isAuthorized = true;
+                        return;
+                    }
+                }
+            }
+            else
+            {
+                _isAuthorized = false;
+            }
+        }
+    }
+}