Created permission integration to asp.net core authorization system.

8 years ago · 6de1fa43d8
parent fc710a3d4f
commit 6de1fa43d8
15 changed files with 155 additions and 93 deletions
--- a/src/AbpDesk/AbpDesk.Web.Mvc/Controllers/AuthTestController.cs
+++ b/src/AbpDesk/AbpDesk.Web.Mvc/Controllers/AuthTestController.cs
@ -1,9 +1,7 @@
 using System.Linq;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Volo.Abp.AspNetCore.Mvc;
-using Volo.Abp.Authorization;

 namespace AbpDesk.Web.Mvc.Controllers
 {
@ -21,25 +19,5 @@ namespace AbpDesk.Web.Mvc.Controllers
        {
            return Content("OK: " + User.Claims.First(c => c.Type == "phone_number")?.Value);
        }
-
-        //[RequirePermission("AllowedPermission")]
-        public async Task<ContentResult> AllowedPermissionTest()
-        {
-
-            var a = "..";
-            var result = await _authorizationService.AuthorizeAsync(User, a);
-            if (result.Succeeded)
-            {
-                //...
-            }
-
-            return Content("OK: AllowedPermission");
-        }
-        
-        [RequiresPermission("NotAllowedPermission")]
-        public ContentResult NotAllowedPermissionTest()
-        {
-            return Content("OK: NotAllowedPermission");
-        }
    }
 }
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationModule.cs
@ -8,23 +8,9 @@ namespace Volo.Abp.Authorization
    {
        public override void ConfigureServices(IServiceCollection services)
        {
-            services.AddAuthorization(options =>
-            {
-                options.AddPolicy("AllowedPermission", policy =>
-                {
-                    policy.Requirements.Add(new RequiresPermissionRequirement
-                    {
-                        PermissionName = "AllowedPermission"
-                    });
-                });
+            services.AddAuthorization();

-                options.AddPolicy("NotAllowedPermission", policy =>
-                {
-                    policy.Requirements.Add(new RequiresPermissionRequirement { PermissionName = "NotAllowedPermission" });
-                });
-            });
-
-            services.AddSingleton<IAuthorizationHandler, RequiresPermissionHandler>();
+            services.AddSingleton<IAuthorizationHandler, PermissionRequirementHandler>();

            services.AddAssemblyOf<AbpAuthorizationModule>();
        }
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationPolicyProvider.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/AbpAuthorizationPolicyProvider.cs
@ -0,0 +1,38 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.DependencyInjection;
+
+namespace Volo.Abp.Authorization
+{
+    public class AbpAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider, ITransientDependency
+    {
+        private readonly IPermissionDefinitionManager _permissionDefinitionManager;
+
+        public AbpAuthorizationPolicyProvider(
+            IOptions<AuthorizationOptions> options,
+            IPermissionDefinitionManager permissionDefinitionManager) 
+            : base(options)
+        {
+            _permissionDefinitionManager = permissionDefinitionManager;
+        }
+
+        public override async Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
+        {
+            var permission = _permissionDefinitionManager.GetOrNull(policyName);
+
+            if (permission == null)
+
+            {
+                return await base.GetPolicyAsync(policyName);
+            }
+
+            //TODO: Optimize!
+            var policyBuilder = new AuthorizationPolicyBuilder(Array.Empty<string>());
+            policyBuilder.Requirements.Add(new PermissionRequirement(policyName));
+            return policyBuilder.Build();
+        }
+    }
+}
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/PermissionRequirement.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/PermissionRequirement.cs
@ -0,0 +1,17 @@
+using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Volo.Abp.Authorization
+{
+    public class PermissionRequirement : IAuthorizationRequirement
+    {
+        public string PermissionName { get; }
+
+        public PermissionRequirement([NotNull]string permissionName)
+        {
+            Check.NotNull(permissionName, nameof(permissionName));
+
+            PermissionName = permissionName;
+        }
+    }
+}
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/PermissionRequirementHandler.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/PermissionRequirementHandler.cs
@ -0,0 +1,26 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Volo.Abp.Authorization.Permissions;
+
+namespace Volo.Abp.Authorization
+{
+    public class PermissionRequirementHandler : AuthorizationHandler<PermissionRequirement>
+    {
+        private readonly IPermissionChecker _permissionChecker;
+
+        public PermissionRequirementHandler(IPermissionChecker permissionChecker)
+        {
+            _permissionChecker = permissionChecker;
+        }
+
+        protected override async Task HandleRequirementAsync(
+            AuthorizationHandlerContext context,
+            PermissionRequirement requirement)
+        {
+            if (await _permissionChecker.IsGrantedAsync(requirement.PermissionName))
+            {
+                context.Succeed(requirement);
+            }
+        }
+    }
+}
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionDefinitionManager.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/IPermissionDefinitionManager.cs
@ -8,6 +8,9 @@ namespace Volo.Abp.Authorization.Permissions
        [NotNull]
        PermissionDefinition Get([NotNull] string name);

+        [CanBeNull]
+        PermissionDefinition GetOrNull([NotNull] string name);
+
        IReadOnlyList<PermissionDefinition> GetPermissions();

        IReadOnlyList<PermissionGroupDefinition> GetGroups();
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinitionManager.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/Permissions/PermissionDefinitionManager.cs
@ -37,8 +37,6 @@ namespace Volo.Abp.Authorization.Permissions

        public virtual PermissionDefinition Get(string name)
        {
-            Check.NotNull(name, nameof(name));
-
            var permission = GetOrNull(name);

            if (permission == null)
@ -49,6 +47,13 @@ namespace Volo.Abp.Authorization.Permissions
            return permission;
        }

+        public virtual PermissionDefinition GetOrNull(string name)
+        {
+            Check.NotNull(name, nameof(name));
+
+            return PermissionDefinitions.GetOrDefault(name);
+        }
+
        public virtual IReadOnlyList<PermissionDefinition> GetPermissions()
        {
            return PermissionDefinitions.Values.ToImmutableList();
@ -59,11 +64,6 @@ namespace Volo.Abp.Authorization.Permissions
            return PermissionGroupDefinitions.Values.ToImmutableList();
        }

-        public virtual PermissionDefinition GetOrNull(string name)
-        {
-            return PermissionDefinitions.GetOrDefault(name);
-        }
-
        protected virtual List<IPermissionDefinitionProvider> CreatePermissionProviders()
        {
            return Options
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/RequiresPermissionAttribute.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/RequiresPermissionAttribute.cs
@ -1,12 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Volo.Abp.Authorization
-{
-    public class RequiresPermissionAttribute : AuthorizeAttribute
-    {
-        public RequiresPermissionAttribute(string permissionName)
-        {
-            Policy = permissionName;
-        }
-    }
-}
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/RequiresPermissionHandler.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/RequiresPermissionHandler.cs
@ -1,20 +0,0 @@
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
-
-namespace Volo.Abp.Authorization
-{
-    public class RequiresPermissionHandler : AuthorizationHandler<RequiresPermissionRequirement>
-    {
-        protected override Task HandleRequirementAsync(
-            AuthorizationHandlerContext context,
-            RequiresPermissionRequirement requirement)
-        {
-            if (requirement.PermissionName == "AllowedPermission")
-            {
-                context.Succeed(requirement);
-            }
-
-            return Task.CompletedTask;
-        }
-    }
-}
--- a/src/Volo.Abp.Authorization/Volo/Abp/Authorization/RequiresPermissionRequirement.cs
+++ b/src/Volo.Abp.Authorization/Volo/Abp/Authorization/RequiresPermissionRequirement.cs
@ -1,9 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Volo.Abp.Authorization
-{
-    public class RequiresPermissionRequirement : IAuthorizationRequirement
-    {
-        public string PermissionName { get; set; }
-    }
-}
--- a/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/AbpAspNetCoreMvcTestModule.cs
+++ b/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/AbpAspNetCoreMvcTestModule.cs
@ -4,6 +4,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.AspNetCore.Modularity;
 using Volo.Abp.AspNetCore.Mvc.Authorization;
 using Volo.Abp.AspNetCore.TestBase;
+using Volo.Abp.Authorization.Permissions;
 using Volo.Abp.Autofac;
 using Volo.Abp.MemoryDb;
 using Volo.Abp.Modularity;
@ -50,6 +51,11 @@ namespace Volo.Abp.AspNetCore.Mvc
                });
            });

+            services.Configure<PermissionOptions>(options =>
+            {
+                options.DefinitionProviders.Add<TestPermissionDefinitionProvider>();
+            });
+
            services.AddAssemblyOf<AbpAspNetCoreMvcTestModule>();
        }

--- a/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/AuthTestController.cs
+++ b/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/AuthTestController.cs
@ -8,7 +8,7 @@ namespace Volo.Abp.AspNetCore.Mvc.Authorization
    [Authorize]
    public class AuthTestController : AbpController
    {
-        public static Guid FakeUserId { get; } = new Guid();
+        public static Guid FakeUserId { get; } = Guid.NewGuid();

        [AllowAnonymous]
        public ActionResult AnonymousTest()
@ -25,13 +25,18 @@ namespace Volo.Abp.AspNetCore.Mvc.Authorization
        [Authorize("MyClaimTestPolicy")]
        public ActionResult CustomPolicyTest()
        {
+            CurrentUser.Id.ShouldBe(FakeUserId);
+            var claim = CurrentUser.FindClaim("MyCustomClaimType");
+            claim.ShouldNotBeNull();
+            claim.Value.ShouldBe("42");
            return Content("OK");
        }

-        //[Authorize("TestPermission")]
-        //public ActionResult PermissionTest()
-        //{
-        //    return Content("OK");
-        //}
+        [Authorize("TestPermission1")]
+        public ActionResult PermissionTest()
+        {
+            CurrentUser.Id.ShouldBe(FakeUserId);
+            return Content("OK");
+        }
    }
 }
--- a/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/AuthTestController_Tests.cs
+++ b/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/AuthTestController_Tests.cs
@ -7,7 +7,6 @@ using Volo.Abp.Autofac;
 using Volo.Abp.MemoryDb;
 using Volo.Abp.Modularity;
 using Volo.Abp.Security.Claims;
-using Volo.Abp.Session;
 using Xunit;

 namespace Volo.Abp.AspNetCore.Mvc.Authorization
@ -73,5 +72,17 @@ namespace Volo.Abp.AspNetCore.Mvc.Authorization
                await GetResponseAsStringAsync("/AuthTest/CustomPolicyTest")
            );
        }
+
+        [Fact]
+        public async Task Should_Authorize_For_Defined_And_Allowed_Permission()
+        {
+            _fakeRequiredService.Claims.AddRange(new[]
+            {
+                new Claim(AbpClaimTypes.UserId, AuthTestController.FakeUserId.ToString())
+            });
+
+            var result = await GetResponseAsStringAsync("/AuthTest/PermissionTest");
+            result.ShouldBe("OK");
+        }
    }
 }
--- a/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/FakePermissionStore.cs
+++ b/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/FakePermissionStore.cs
@ -0,0 +1,19 @@
+using System.Threading.Tasks;
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.DependencyInjection;
+using Volo.Abp.Session;
+
+namespace Volo.Abp.AspNetCore.Mvc.Authorization
+{
+    public class FakePermissionStore : IPermissionStore, ITransientDependency
+    {
+        public Task<bool> IsGrantedAsync(string name, string providerName, string providerKey)
+        {
+            var result = name == "TestPermission1" &&
+                         providerName == UserPermissionValueProvider.ProviderName &&
+                         providerKey == AuthTestController.FakeUserId.ToString();
+
+            return Task.FromResult(result);
+        }
+    }
+}
--- a/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/TestPermissionDefinitionProvider.cs
+++ b/test/Volo.Abp.AspNetCore.Mvc.Tests/Volo/Abp/AspNetCore/Mvc/Authorization/TestPermissionDefinitionProvider.cs
@ -0,0 +1,14 @@
+using Volo.Abp.Authorization.Permissions;
+
+namespace Volo.Abp.AspNetCore.Mvc.Authorization
+{
+    public class TestPermissionDefinitionProvider : PermissionDefinitionProvider
+    {
+        public override void Define(IPermissionDefinitionContext context)
+        {
+            var testGroup = context.AddGroup("TestGroup");
+
+            testGroup.AddPermission("TestPermission1");
+        }
+    }
+}