wip: 在DataAuthService中实现指定实体类型的忽略数据权限检查

dotnetcore · Feb 27, 2024 · f2b1e71 · f2b1e71
1 parent 8e82062
commit f2b1e71
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 23 deletions.
diff --git a/src/OSharp.Hosting.Core/Identity/Events/Logout_RemoveRefreshTokenEventHandler.cs b/src/OSharp.Hosting.Core/Identity/Events/Logout_RemoveRefreshTokenEventHandler.cs
@@ -1,4 +1,4 @@
-// -----------------------------------------------------------------------
+// -----------------------------------------------------------------------
 //  <copyright file="Logout_RemoveRefreshTokenEventHandler.cs" company="OSharp开源团队">
 //      Copyright (c) 2014-2022 OSharp. All rights reserved.
 //  </copyright>
@@ -16,16 +16,14 @@ namespace OSharp.Hosting.Identity.Events;
 
 public class Logout_RemoveRefreshTokenEventHandler : EventHandlerBase<LogoutEventData>
 {
-    private readonly IPrincipal _principal;
-    private readonly UserManager<User> _userManager;
+    private readonly IServiceProvider _provider;
 
     /// <summary>
     /// 初始化一个<see cref="Logout_RemoveRefreshTokenEventHandler"/>类型的新实例
     /// </summary>
-    public Logout_RemoveRefreshTokenEventHandler(UserManager<User> userManager, IPrincipal principal)
+    public Logout_RemoveRefreshTokenEventHandler(IServiceProvider provider)
     {
-        _userManager = userManager;
-        _principal = principal;
+        _provider = provider;
     }
 
     /// <summary>
@@ -45,7 +43,8 @@ public override void Handle(LogoutEventData eventData)
     /// <returns>是否成功</returns>
     public override async Task HandleAsync(LogoutEventData eventData, CancellationToken cancelToken = default(CancellationToken))
     {
-        ClaimsIdentity identity = _principal.Identity as ClaimsIdentity;
+        IPrincipal principal = _provider.GetCurrentUser();
+        ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
         if (identity?.IsAuthenticated != true)
         {
             return;
@@ -57,6 +56,10 @@ public override void Handle(LogoutEventData eventData)
             return;
         }
 
-        await _userManager.RemoveRefreshToken(eventData.UserId.ToString(), clientId);
+        var dataAuthService = _provider.GetService<IDataAuthService>();
+        dataAuthService.SetIgnoreDataAuth(typeof(User));
+
+        var userManager = _provider.GetService<UserManager<User>>();
+        await userManager.RemoveRefreshToken(eventData.UserId.ToString(), clientId);
     }
 }
diff --git a/src/OSharp.Identity/Authentication/JwtBearer/JwtBearerService.cs b/src/OSharp.Identity/Authentication/JwtBearer/JwtBearerService.cs
@@ -7,6 +7,9 @@
 //  <last-date>2019-06-15 13:26</last-date>
 // -----------------------------------------------------------------------
 
+using OSharp.Authorization;
+
+
 namespace OSharp.Authentication.JwtBearer;
 
 /// <summary>
@@ -117,8 +120,9 @@ private async Task<JsonWebToken> CreateToken(string userId, string userName, Req
         var (token, expires) = CreateToken(claims, _jwtOptions, JwtTokenType.RefreshToken, refreshToken);
         string refreshTokenStr = token;
         //关闭数据权限检查
-        ScopedDictionary scopedDict = _provider.GetService<ScopedDictionary>();
-        scopedDict.IsIgnoreDataAuth = true;
+        var dataAuthService = _provider.GetService<IDataAuthService>();
+        dataAuthService.SetIgnoreDataAuth(typeof(TUser));
+
         IUnitOfWork unitOfWork = _provider.GetUnitOfWork(true);
         UserManager<TUser> userManager = _provider.GetService<UserManager<TUser>>();
         refreshToken = new RefreshToken() { ClientId = clientId, Value = refreshTokenStr, EndUtcTime = expires };

diff --git a/src/OSharp/Authorization/DataAuthService.cs b/src/OSharp/Authorization/DataAuthService.cs
@@ -45,6 +45,8 @@ public DataAuthService(IServiceProvider provider)
     /// </summary>
     protected ScopedDictionary ScopedDictionary => _provider.GetService<ScopedDictionary>();
 
+    protected IList<Type> IgnoreDataAuthTypes { get; } = new List<Type>();
+
     /// <summary>
     /// 获取指定实体的数据权限过滤表达式
     /// </summary>
@@ -111,13 +113,7 @@ public Expression<Func<T, bool>> GetDataFilter<T>(DataAuthOperation operation, F
     /// <returns>是否有权限</returns>
     public bool CheckDataAuth<TEntity>(DataAuthOperation operation, params TEntity[] entities)
     {
-        if (entities.Length == 0)
-        {
-            return true;
-        }
-
-        ScopedDictionary dict = _provider.GetService<ScopedDictionary>();
-        if (dict.IsIgnoreDataAuth)
+        if (entities.Length == 0 || IgnoreDataAuthTypes.Contains(typeof(TEntity)))
         {
             return true;
         }
@@ -127,4 +123,13 @@ public bool CheckDataAuth<TEntity>(DataAuthOperation operation, params TEntity[]
         bool has = entities.All(func);
         return has;
     }
+
+    /// <summary>
+    /// 设置当前请求中忽略数据权限验证的实体类型
+    /// </summary>
+    /// <param name="entityType">实体类型</param>
+    public void SetIgnoreDataAuth(Type entityType)
+    {
+        IgnoreDataAuthTypes.AddIfNotExist(entityType);
+    }
 }
diff --git a/src/OSharp/Authorization/IDataAuthService.cs b/src/OSharp/Authorization/IDataAuthService.cs
@@ -31,4 +31,10 @@ public interface IDataAuthService
     /// <param name="entities">待检测的实体数据</param>
     /// <returns>是否有权限</returns>
     bool CheckDataAuth<TEntity>(DataAuthOperation operation, params TEntity[] entities);
-}
+
+    /// <summary>
+    /// 设置当前请求中忽略数据权限验证的实体类型
+    /// </summary>
+    /// <param name="entityType">实体类型</param>
+    void SetIgnoreDataAuth(Type entityType);
+}
diff --git a/src/OSharp/Dependency/ScopedDictionary.cs b/src/OSharp/Dependency/ScopedDictionary.cs
@@ -34,11 +34,6 @@ public sealed class ScopedDictionary : ConcurrentDictionary<string, object>, IDi
     /// </summary>
     public ClaimsIdentity Identity { get; set; }
 
-    /// <summary>
-    /// 获取或设置 是否忽略数据权限检查
-    /// </summary>
-    public bool IsIgnoreDataAuth { get; set; } = false;
-
     /// <summary>释放资源.</summary>
     public void Dispose()
     {