可以向站点、群组和应用程序级别授予权限,以控制对平台每个区域的访问。该平台允许您创建和定义自己的权限集。这些权限包含默认配置,以后可由群组所有者或管理员配置。
为什么要创建权限?
在创建解决方案,要求平台能授予或限制对站点、群组或应用程序级别的用户访问权限时,可以实现 IPermissionRegistar。
创建权限
若要添加对创建权限的支持,需要实现 IPermissionRegistar 接口。IPermissionRegistrar 必须与 IPermission 接口一起实现,它在 Limyee.Core.dll 的 Limyee.Extensibility.Security.Version1 命名空间中定义。
using System;
using Limyee.Api.Content;
using Limyee.Extensibility.Security.Version1;
namespace Samples
{
public class SamplePermissions : IPermissionRegistrar
{
#region IPlugin
//...
#endregion
#region IPermissionRegistrar
//...
#endregion
}
public class SamplePermission : IPermission
{
//...
}
}
设置 RegisterPermissions 方法,需要先为权限生成新的 Guid。如果创建自定义应用程序,请确保 ApplicationTypeId 与应用程序的 ID 匹配,此 ApplicationTypeId 对应的应用程序必需已安装。在此示例中,使用了自定义链接应用程序 ID。选择有意义的名称和说明。然后通过创建新的 PermissionConfiguration 来确定默认配置。
PermissionConfiguration 将作为每个群组类型的默认配置。启用插件后,将自动设置默认权限。群组类型是通过使用 JoinlessGroupPermissionConfiguration 配置免加入群组和使用 MembershipGroupPermissionConfiguration 配置其他类型群组。布尔值将确定是否将向“Everyone”、“Managers”、“Members”、“Owners”和“RegisteredUsers”角色分配您的权限。
public void RegisterPermissions(IPermissionRegistrarController permissionController)
{
permissionController.Register(new SamplePermission(
new Guid("710A8E0E-1A1D-40FD-A04B-00B30BCA6E74"),
"创建内容",
"使用户能够创建内容。",
new Guid("C0F7FA13-AA91-4840-B6C3-9DE714AC1E62"),
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
//Register more permissions
}
注册权限的对象需要实现 IPermission。Guid ID 对于每个权限都是唯一的。选择描述您正在创建的权限的名称和描述。应用程序类型 Id 是来自预定义的应用程序 ID。最后,PermissionConfiguration 是前面提到的权限默认配置。
public class SamplePermission : IPermission
{
public SamplePermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
{
Id = id;
Name = name;
Description = description;
ApplicationTypeId = applicationTypeId;
DefaultConfiguration = defaultConfiguration;
}
public Guid Id { get; private set; }
public string Name { get; private set; }
public string Description { get; private set; }
public Guid ApplicationTypeId { get; private set; }
public PermissionConfiguration DefaultConfiguration { get; private set; }
}
下面是完整示例。
using System;
using Limyee.Core.Api.Content;
using Limyee.Extensibility.Api.Entities.Version1;
using Limyee.Extensibility.Content.Version1;
using Limyee.Extensibility.Security.Version1;
namespace Samples
{
public class SamplePermissions : IPermissionRegistrar
{
#region IPlugin
public string Name
{
get { return "权限示例"; }
}
public string Description
{
get { return "此插件将演示 IPermissionRegistrar 的工作原理"; }
}
public void Initialize()
{
//No initialization required for IPermissionRegistrar
}
#endregion
#region IPermissionRegistrar
public void RegisterPermissions(IPermissionRegistrarController permissionController)
{
permissionController.Register(new SamplePermission(
new Guid("710A8E0E-1A1D-40FD-A04B-00B30BCA6E73"),
"创建内容",
"使用户能够创建内容。",
new Guid("C0F7FA13-AA91-4840-B6C3-9DE714AC1E62"),
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
permissionController.Register(new SamplePermission(
new Guid("2DAE816B-B3D8-4389-A721-33146EF67973"),
"删除内容",
"使用户能够删除内容。",
new Guid("C0F7FA13-AA91-4840-B6C3-9DE714AC1E62"),
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
permissionController.Register(new SamplePermission(
new Guid("DCF213E3-B9E3-42FA-91D4-D652992D1C33"),
"编辑内容",
"使用户能够编辑内容。",
new Guid("C0F7FA13-AA91-4840-B6C3-9DE714AC1E62"),
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
}
#endregion
}
public class SamplePermission : IPermission
{
public SamplePermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
{
Id = id;
Name = name;
Description = description;
ApplicationTypeId = applicationTypeId;
DefaultConfiguration = defaultConfiguration;
}
public Guid Id { get; private set; }
public string Name { get; private set; }
public string Description { get; private set; }
public Guid ApplicationTypeId { get; private set; }
public PermissionConfiguration DefaultConfiguration { get; private set; }
}
}
启用插件后,将在群组管理面板中显示,管理群组 > 权限 > 站点角色/群组角色选项卡 > 角色。
微调权限
有时,授予权限不是“全有或全无”。例如,在开箱即用的安装中,允许用户编辑自己的论坛帖子,但限制在有限时间里。通过简单的权限,论坛应用程序必须授予用户有随时编辑所有论坛帖子的能力,或者任何时候都没有编辑任何论坛帖子的能力。ILogicPermission 接口是此类情况的解决方案。
此示例使用 Func<> 委托来表示 IsGranted 方法。这允许您实现 IPermissionRegistrar 来控制 ILogicPermission 的实现。
public class SampleLogicPermission : SamplePermission, ILogicPermission
{
private readonly Func<User, IContent, bool, bool> _isGrantedFunction;
public SampleLogicPermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
: base(id, name, description, applicationTypeId, defaultConfiguration) { }
public bool IsGranted(User user, IContent content, bool isGrantedBySystem)
{
return _isGrantedFunction(user, content, isGrantedBySystem);
}
}