PermissionAttribute.cs 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. using System;
  2. using System.Linq;
  3. using Microsoft.AspNetCore.Mvc;
  4. using Microsoft.AspNetCore.Mvc.Filters;
  5. using Microsoft.AspNetCore.Authorization;
  6. using Microsoft.Extensions.DependencyInjection;
  7. using Admin.Core.Auth;
  8. using Admin.Core.Common.Auth;
  9. namespace Admin.Core.Attributes
  10. {
  11. /// <summary>
  12. /// 启用权限
  13. /// </summary>
  14. [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
  15. public class PermissionAttribute : AuthorizeAttribute, IAuthorizationFilter
  16. {
  17. public async void OnAuthorization(AuthorizationFilterContext context)
  18. {
  19. //排除匿名访问
  20. if (context.ActionDescriptor.EndpointMetadata.Any(m => m.GetType() == typeof(AllowAnonymousAttribute)))
  21. return;
  22. //登录验证
  23. var user = context.HttpContext.RequestServices.GetService<IUser>();
  24. if (user == null || !(user?.Id > 0))
  25. {
  26. context.Result = new ChallengeResult();
  27. return;
  28. }
  29. //排除登录接口
  30. if (context.ActionDescriptor.EndpointMetadata.Any(m => m.GetType() == typeof(LoginAttribute)))
  31. return;
  32. //权限验证
  33. var httpMethod = context.HttpContext.Request.Method;
  34. var api = context.ActionDescriptor.AttributeRouteInfo.Template;
  35. var permissionHandler = context.HttpContext.RequestServices.GetService<IPermissionHandler>();
  36. var isValid = await permissionHandler.ValidateAsync(api, httpMethod);
  37. if (!isValid)
  38. {
  39. context.Result = new ForbidResult();
  40. }
  41. }
  42. }
  43. }