Casbin permission check

This commit is contained in:
2025-04-11 00:23:55 +08:00
parent 0bf265926a
commit 5cef6d72e4
14 changed files with 640 additions and 72 deletions

View File

@ -0,0 +1,34 @@
using Casbin;
using Microsoft.AspNetCore.Authorization;
namespace DysonNetwork.Sphere.Auth;
public class CasbinRequirement(string domain, string obj, string act) : IAuthorizationRequirement
{
public string Domain { get; } = domain;
public string Object { get; } = obj;
public string Action { get; } = act;
}
public class CasbinAuthorizationHandler(IEnforcer enforcer)
: AuthorizationHandler<CasbinRequirement>
{
protected override async Task HandleRequirementAsync(
AuthorizationHandlerContext context,
CasbinRequirement requirement)
{
var userId = context.User.FindFirst("user_id")?.Value;
if (userId == null) return;
var isSuperuser = context.User.FindFirst("is_superuser")?.Value == "1";
if (isSuperuser) userId = "super:" + userId;
var allowed = await enforcer.EnforceAsync(
userId,
requirement.Domain,
requirement.Object,
requirement.Action
);
if (allowed) context.Succeed(requirement);
}
}