我已经使用 C# 一个月了,所以请原谅这个问题的“本地性”,但我研究了几个小时,但遇到了困难。
我已经看到过使用 IIdentity
和 IPrincipal
的 WPF 应用程序基于角色的授权的示例。
我找不到很多信息,但是,关于更多基于权限的授权方法,在这个应用程序中假设没有组,只有权限和用户列表,您可以向任何人分配任何权限。
我希望能够:
1) 能够根据用户权限控制 UI/元素,状态如下:启用、只读、不可见、折叠(如此处所示 https://uiauth.codeplex.com/ )
2)能够在类或方法级别指定需要哪些权限(类似于http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/)
而不是:
[PrincipalPermission(SecurityAction.Demand, Role = "管理员")]
我想要这样的东西:
[PrincipalPermission(SecurityAction.Demand, Permission = "可以添加用户")]
现在,我看到如何做到这一点的唯一方法是利用 ICommand
并将授权逻辑放入 CanExecute
方法中,使用大量字符串比较来查看用户是否拥有执行请求的操作所需的权限,例如:
// Employee class
public bool HasRight(SecurityRight right)
{
return employee.Permissions.Contains(right);
}
// Implementation, check if employee has right to continue
if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users")))
{
// Allowed to perform action
}
else
{
// User does not have right to continue
throw SecurityException;
}
有人告诉我 Enum Flags 可能就是我正在寻找的 What does the [Flags] Enum Attribute mean in C#?
我想我理解枚举/标志/位,但不足以完成实现......
如果我有:
员工模型
员工 View 模型
ThingTwo模型
ThingTwoViewModel
主视图
我不确定一切都去哪里以及如何将它们联系在一起......这是我到目前为止所拥有的(我意识到这不是一个有效的例子......那是我的问题!):
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
public static void testFlag()
{
Permissions p;
var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User);
var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create;
if (x & p == desiredPermissions)
{
//the user can be created and read by this operator
}
}
感谢您的指导。
最佳答案
那么 testFlag
将无法按原样工作。我想你想要一些类似于(LINQPadc#程序片段)的东西:
void Main()
{
//can create user but not read the information back
var userCanBeCreatedPermission = Permissions.Create | Permissions.User;
//can create and readback
var userCanBeCreatedAndReadBackPermission = userCanBeCreatedPermission | Permissions.Read;
userCanBeCreatedPermission.HasFlag(Permissions.User).Dump(); //returns true
(userCanBeCreatedPermission.HasFlag(Permissions.User) && userCanBeCreatedPermission.HasFlag(Permissions.Read)).Dump(); //returns false
//alternative way of checking flags is to combine the flags and do an And mask check
//the above can be written as
((userCanBeCreatedPermission & (Permissions.User | Permissions.Read)) == (Permissions.User | Permissions.Read)).Dump(); //returns false
//using a variable to have combined permissions for readibility & using And mask:
var desiredPermissions = Permissions.User | Permissions.Read;
//checking with user that has both Create & Read permissions
((userCanBeCreatedAndReadBackPermission & desiredPermissions) == desiredPermissions).Dump(); // returns true because the user information can be read back by this user
((userCanBeCreatedAndReadBackPermission & Permissions.Delete) == Permissions.Delete).Dump(); // returns false because the user can't be deleted
}
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
这能回答你的问题吗?
关于c# - 使用枚举标志位的 WPF 基于权限的授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18384490/