fix auth
This commit is contained in:
@@ -1,4 +1,5 @@
|
||||
@using Microsoft.AspNetCore.Authorization
|
||||
@using System.Security.Claims
|
||||
@inject IPermissionService PermissionService
|
||||
@inject IAuthorizationService AuthorizationService
|
||||
|
||||
@@ -24,6 +25,8 @@
|
||||
</CascadingAuthenticationState>
|
||||
|
||||
@code {
|
||||
[CascadingParameter] Task<AuthenticationState>? AuthenticationStateTask { get; set; }
|
||||
|
||||
[Parameter] public RenderFragment? ChildContent { get; set; }
|
||||
[Parameter] public string? Permission { get; set; }
|
||||
[Parameter] public string[]? Permissions { get; set; }
|
||||
@@ -36,25 +39,83 @@
|
||||
|
||||
protected override async Task OnParametersSetAsync()
|
||||
{
|
||||
if (!string.IsNullOrEmpty(Policy))
|
||||
_hasPermission = false;
|
||||
|
||||
var authState = AuthenticationStateTask is null
|
||||
? await Task.FromResult(new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity())))
|
||||
: await AuthenticationStateTask;
|
||||
|
||||
var user = authState.User;
|
||||
|
||||
if (user?.Identity is null || !user.Identity.IsAuthenticated)
|
||||
{
|
||||
var authState = await AuthorizationService.AuthorizeAsync(null, Policy);
|
||||
_hasPermission = authState.Succeeded;
|
||||
_hasPermission = false;
|
||||
return;
|
||||
}
|
||||
else if (!string.IsNullOrEmpty(Permission))
|
||||
|
||||
// 优先基于声明快速判断(适用于 Server 与 WASM)
|
||||
if (!string.IsNullOrEmpty(Permission))
|
||||
{
|
||||
_hasPermission = await PermissionService.HasPermissionAsync(Permission);
|
||||
if (user.Claims.Any(c => c.Type == ClaimKeys.Permission && c.Value == Permission))
|
||||
{
|
||||
_hasPermission = true;
|
||||
return;
|
||||
}
|
||||
|
||||
// 回退:调用后端权限服务(适用于 Server-side 权限来源于数据库)
|
||||
_hasPermission = await SafeHasPermissionAsync(Permission);
|
||||
return;
|
||||
}
|
||||
else if (Permissions != null && Permissions.Length > 0)
|
||||
|
||||
if (Permissions != null && Permissions.Length > 0)
|
||||
{
|
||||
var userPermissions = user.Claims.Where(c => c.Type == ClaimKeys.Permission).Select(c => c.Value).ToHashSet();
|
||||
|
||||
if (RequireAll)
|
||||
{
|
||||
_hasPermission = await PermissionService.HasAllPermissionsAsync(Permissions);
|
||||
if (Permissions.All(p => userPermissions.Contains(p)))
|
||||
{
|
||||
_hasPermission = true;
|
||||
return;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_hasPermission = await PermissionService.HasAnyPermissionAsync(Permissions);
|
||||
if (Permissions.Any(p => userPermissions.Contains(p)))
|
||||
{
|
||||
_hasPermission = true;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// 回退:调用后端权限服务
|
||||
if (RequireAll)
|
||||
_hasPermission = await PermissionService.HasAllPermissionsAsync(Permissions);
|
||||
else
|
||||
_hasPermission = await PermissionService.HasAnyPermissionAsync(Permissions);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (!string.IsNullOrEmpty(Policy))
|
||||
{
|
||||
// 使用 AuthorizationService 并传入当前用户
|
||||
var result = await AuthorizationService.AuthorizeAsync(user, Policy);
|
||||
_hasPermission = result.Succeeded;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<bool> SafeHasPermissionAsync(string permission)
|
||||
{
|
||||
try
|
||||
{
|
||||
return await PermissionService.HasPermissionAsync(permission);
|
||||
}
|
||||
catch
|
||||
{
|
||||
// 出错时默认拒绝
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user