我已经使用C#一个月了,所以请原谅这个问题的“局部性”,但是我研究了几个小时,却遇到了麻烦。

我已经看到了使用IIdentityIPrincipal的WPF应用程序基于角色的授权的左右示例。

但是,在基于权限的授权方法上,我找不到很多信息,在此应用程序中,您可以想象没有组,只有权限和用户列表,您可以为任何人分配任何权限。

我希望能够:

1)能够基于用户权限控制UI /元素,并具有以下状态:启用,只读,不可见,折叠(如此处https://uiauth.codeplex.com/所示)
2)能够在类或方法级别上指定需要哪些权限(类似于http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/

代替:

[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]

我想要类似的东西:

[PrincipalPermission(SecurityAction.Demand, Permission = "Can add users")]

现在,我看到的唯一方法是利用ICommand并使用大量字符串比较将授权逻辑放入CanExecute方法中,以查看用户是否具有执行以下请求的操作所需的权限:

// Employee class
public bool HasRight(SecurityRight right)
{
    return employee.Permissions.Contains(right);
}

// Implementation, check if employee has right to continue
if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users")))
{
    // Allowed to perform action
}
else
{
    // User does not have right to continue
    throw SecurityException;
}


有人告诉我Enum Flags可能是我要寻找的What does the [Flags] Enum Attribute mean in C#?

我想我了解枚举/标志/位,但不足以完成实现...

如果我有:

员工模型
EmployeeViewModel
ThingTwo模型
ThingTwoViewModel
主视图

我不确定一切进展顺利,如何将它们结合在一起。...这就是我到目前为止(我意识到这不是一个可行的例子...这就是我的问题!):

    [Flags]
    public enum Permissions
    {
        None = 0,
        Create = 1 << 0,
        Read = 1 << 1,
        Update = 1 << 2,
        Delete = 1 << 3,

        User = 1 << 4,
        Group = 1 << 5
    }

    public static void testFlag()
    {
        Permissions p;
        var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User);
        var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create;
        if (x & p == desiredPermissions)
        {
            //the user can be created and read by this operator
        }
    }


感谢您的指导。

最佳答案

testFlag不能按原样工作。我认为您想要一些类似(LINQPad c#程序片段)的东西:

void Main()
{
    //can create user but not read the information back
    var userCanBeCreatedPermission = Permissions.Create | Permissions.User;

    //can create and readback
    var userCanBeCreatedAndReadBackPermission = userCanBeCreatedPermission | Permissions.Read;

    userCanBeCreatedPermission.HasFlag(Permissions.User).Dump(); //returns true

    (userCanBeCreatedPermission.HasFlag(Permissions.User) && userCanBeCreatedPermission.HasFlag(Permissions.Read)).Dump(); //returns false

    //alternative way of checking flags is to combine the flags and do an And mask check
    //the above can be written as
    ((userCanBeCreatedPermission & (Permissions.User | Permissions.Read)) == (Permissions.User | Permissions.Read)).Dump(); //returns false

    //using a variable to have combined permissions for readibility & using And mask:
    var desiredPermissions = Permissions.User | Permissions.Read;

    //checking with user that has both Create & Read permissions

    ((userCanBeCreatedAndReadBackPermission & desiredPermissions) == desiredPermissions).Dump(); // returns true because the user information can be read back by this user

    ((userCanBeCreatedAndReadBackPermission & Permissions.Delete) == Permissions.Delete).Dump(); // returns false because the user can't be deleted
}

[Flags]
public enum Permissions
{
   None = 0,
   Create = 1 << 0,
   Read = 1 << 1,
   Update = 1 << 2,
   Delete = 1 << 3,

   User = 1 << 4,
   Group = 1 << 5
}


这是否回答你的问题?

关于c# - 使用枚举标志位的基于WPF权限的授权,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/18384490/

10-11 23:17
查看更多