我已经使用C#一个月了,所以请原谅这个问题的“局部性”,但是我研究了几个小时,却遇到了麻烦。
我已经看到了使用IIdentity
和IPrincipal
的WPF应用程序基于角色的授权的左右示例。
但是,在基于权限的授权方法上,我找不到很多信息,在此应用程序中,您可以想象没有组,只有权限和用户列表,您可以为任何人分配任何权限。
我希望能够:
1)能够基于用户权限控制UI /元素,并具有以下状态:启用,只读,不可见,折叠(如此处https://uiauth.codeplex.com/所示)
2)能够在类或方法级别上指定需要哪些权限(类似于http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/)
代替:[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]
我想要类似的东西:[PrincipalPermission(SecurityAction.Demand, Permission = "Can add users")]
现在,我看到的唯一方法是利用ICommand
并使用大量字符串比较将授权逻辑放入CanExecute
方法中,以查看用户是否具有执行以下请求的操作所需的权限:
// Employee class
public bool HasRight(SecurityRight right)
{
return employee.Permissions.Contains(right);
}
// Implementation, check if employee has right to continue
if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users")))
{
// Allowed to perform action
}
else
{
// User does not have right to continue
throw SecurityException;
}
有人告诉我Enum Flags可能是我要寻找的What does the [Flags] Enum Attribute mean in C#?
我想我了解枚举/标志/位,但不足以完成实现...
如果我有:
员工模型
EmployeeViewModel
ThingTwo模型
ThingTwoViewModel
主视图
我不确定一切进展顺利,如何将它们结合在一起。...这就是我到目前为止(我意识到这不是一个可行的例子...这就是我的问题!):
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
public static void testFlag()
{
Permissions p;
var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User);
var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create;
if (x & p == desiredPermissions)
{
//the user can be created and read by this operator
}
}
感谢您的指导。
最佳答案
testFlag
不能按原样工作。我认为您想要一些类似(LINQPad c#程序片段)的东西:
void Main()
{
//can create user but not read the information back
var userCanBeCreatedPermission = Permissions.Create | Permissions.User;
//can create and readback
var userCanBeCreatedAndReadBackPermission = userCanBeCreatedPermission | Permissions.Read;
userCanBeCreatedPermission.HasFlag(Permissions.User).Dump(); //returns true
(userCanBeCreatedPermission.HasFlag(Permissions.User) && userCanBeCreatedPermission.HasFlag(Permissions.Read)).Dump(); //returns false
//alternative way of checking flags is to combine the flags and do an And mask check
//the above can be written as
((userCanBeCreatedPermission & (Permissions.User | Permissions.Read)) == (Permissions.User | Permissions.Read)).Dump(); //returns false
//using a variable to have combined permissions for readibility & using And mask:
var desiredPermissions = Permissions.User | Permissions.Read;
//checking with user that has both Create & Read permissions
((userCanBeCreatedAndReadBackPermission & desiredPermissions) == desiredPermissions).Dump(); // returns true because the user information can be read back by this user
((userCanBeCreatedAndReadBackPermission & Permissions.Delete) == Permissions.Delete).Dump(); // returns false because the user can't be deleted
}
[Flags]
public enum Permissions
{
None = 0,
Create = 1 << 0,
Read = 1 << 1,
Update = 1 << 2,
Delete = 1 << 3,
User = 1 << 4,
Group = 1 << 5
}
这是否回答你的问题?
关于c# - 使用枚举标志位的基于WPF权限的授权,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/18384490/