一、前言
上一张讲解了AbpVnext自带的用户、角色、权限、及用户角色授权对应的后端框架表结构,这章主要讲讲在AbpVnext中如何添加自定义权限条目事项;
二、权限如何使用
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Volo.Abp.Application.Services;
namespace AoRuiDe.GasMonitoring
{
[Authorize] //需要登录即可访问
public class ResourceAppService: ApplicationService, IResourceAppService
{
public Task<List<ResourceDto>> GetListAsync()
{
...
}
[AllowAnonymous] //无需登录 公开所有人皆可访问
public Task<ResourceDto> GetAsync(Guid id)
{
...
}
[Authorize("GasMonitoring.Logs.Create")] // 用户需要先登录且具有GasMonitoring.Logs.Create 权限方可访问
public Task CreateAsync(CreateResourceDto input)
{
...
}
}
}
三、如何定义自己的权限:
- 找到应用层契约项目:xxx.Application.Contracts
- 找到默认的自定义权限类:xxxPermissionDefinitionProvider.cs
- 自定义权限:定义好项目自动发现,在前端通过接口获取权限时可以提取到,用于选择授权;
using AoRuiDe.GasMonitoring.Localization;
using Volo.Abp.Authorization.Permissions;
using Volo.Abp.Localization;
namespace AoRuiDe.GasMonitoring.Permissions
{
public class GasMonitoringPermissionDefinitionProvider : PermissionDefinitionProvider
{
public override void Define(IPermissionDefinitionContext context)
{
var myGroup = context.AddGroup("GasMonitoring");//定义权限组
PermissionDefinition tmpLogManagement = myGroup.AddPermission("Logs");//定义一级权限(数据库中并未单独存放权限数据,只有在给某个指定用户或者角色授权后,相应的权限项目才会以归属的形式记录到数据库)
tmpLogManagement.AddChild("Logs.Create");//子权限
tmpLogManagement.AddChild("Logs.Update");//子权限
tmpLogManagement.AddChild("Logs.Delete");//子权限
tmpLogManagement.AddChild("Logs.Select");//子权限
}
private static LocalizableString L(string name)
{
return LocalizableString.Create<GasMonitoringResource>(name);
}
}
}
四、如何给角色绑定初始化权限
-
admin管理员权限:
所有自定义权限会在种子数据初始化的时候自动绑定到管理员admin角色下面,具体记录在表 “abppermissiongrants” -
创建默认角色:
using AoRuiDe.GasMonitoring.DeviceDomain.AreaCruises;
//********
namespace AoRuiDe.GasMonitoring.Data
{
public class DefaultDataSeederContributor : IDataSeedContributor, ITransientDependency
{
private readonly IRepository<IdentityRole> _identityRoles;
public DefaultDataSeederContributor(IRepository<IdentityRole> identityRoles)
{
_identityRoles = identityRoles;
}
public async Task SeedAsync(DataSeedContext context)
{
//4、初始化各种角色
await CreateRolesDataAsync();
}
/// <summary>
/// 初始化角色数据
/// </summary>
/// <returns></returns>
private async Task CreateRolesDataAsync()
{
List<IdentityRole> tmpIdentityRoleLst = new List<IdentityRole>()
{
new IdentityRole(Guid.NewGuid(),"Boss"),
new IdentityRole(Guid.NewGuid(),"Minister"),
new IdentityRole(Guid.NewGuid(),"Director"),
new IdentityRole(Guid.NewGuid(),"Operator"),
new IdentityRole(Guid.NewGuid(),"visitor")
};
foreach (var item in tmpIdentityRoleLst)
{
var tmpIdentityRole = await _identityRoles.FirstOrDefaultAsync(p => p.Name == item.Name);
if (tmpIdentityRole != null)
{
await _identityRoles.DeleteAsync(tmpIdentityRole);
}
await _identityRoles.InsertAsync(item);
}
}
}
}
- 给某个指定角色或者用户绑定指定权限与上面操作类似
/// <summary>
/// 给管理员授予告警日志删除权限
/// </summary>
/// <returns></returns>
public async Task CreatePermissionGrantDataAsync()
{
List<PermissionGrant> permissionGrantLst = new List<PermissionGrant>()
{
new PermissionGrant(Guid.NewGuid(),"Warn","R","Boss"),//给Boss角色绑定初始权限
new PermissionGrant(Guid.NewGuid(),"Warn.Create","R","Boss"),
new PermissionGrant(Guid.NewGuid(),"Warn.Update","R","Boss"),
new PermissionGrant(Guid.NewGuid(),"Warn.Delete","R","Boss"),
new PermissionGrant(Guid.NewGuid(),"Warn.Select","R","Boss")
new PermissionGrant(Guid.NewGuid(),"Warn","R","userID"),//给某个指定用户绑定权限
new PermissionGrant(Guid.NewGuid(),"Warn.Create","R","userID"),
};
foreach (var item in permissionGrantLst)
{
var tmpPermission = await _permissionGrants.FirstOrDefaultAsync(p => p.Name == item.Name && p.ProviderKey == item.ProviderKey);
if (tmpPermission != null)
{
await _permissionGrants.DeleteAsync(tmpPermission);
}
await _permissionGrants.InsertAsync(item);
}
}
五、总结
数据库中并未单独存放自定义权限数据,只有在给某个指定用户或者角色授权后,相应的权限条目才会以归属的形式记录到数据库;
用户角色权限具体讲解详见上一章节;