CSLA的权限控制如何整合到框架中
2012-01-14 09:52
459 查看
CSLA对类的属性读写控制做的很到位。
首先在BusinessBase继承的类中继承AddAuthorizationRules函数:
protected override void AddAuthorizationRules()
{
...
AuthorizationRules.AllowWrite(PasswordProperty, UserPrincipal.AdminRoleName);
}
然后将属性注册一下(这个注册机制还有其他用处;CSLA采用注册而非反射机制,看来主要还是考虑整体系统性能,不过辅以类似缓存的技术,性能也不会差到哪里,Phenix.Core.DataMapper就是这么做的):
private static PropertyInfo<string> PasswordProperty =
RegisterProperty<string>(typeof(User), new PropertyInfo<string>("Password"));
[Phenix.Core.DataMapperField(NeedUpdate = true, ColumnName = "US_Password")]
private string _password = PasswordProperty.DefaultValue;
/// <summary>
/// 登录口令
/// </summary>
public string Password
{
get
{
return GetProperty<string>(PasswordProperty, _password);
}
set
{
SetProperty<string>(PasswordProperty, ref _password, value);
}
}
至此,在UI界面上,仅需加上组件:ReadWriteAuthorization,那么相关的数据感知控件,比如输入框等,即可按照在AddAuthorizationRules函数中定义的读写权限进行只读和使能控制:
实现IExtenderProvider接口:
public bool CanExtend(object extendee)
{
if (IsPropertyImplemented(extendee, "ReadOnly")
|| IsPropertyImplemented(extendee, "Enabled"))
return true;
else
return false;
}
但是,CSLA对类的权限控制不是很到位,需要框架对此进行二次开发。
类的权限控制分为两个层次:
1,浏览权限;
2,增删改权限;
浏览权限是优先判断的,其次才对增删改进行判断。
根据目前CSLA提供的功能,在BusinessListBase中实现:
#region 权限控制
/// <summary>
/// 是否可以浏览数据
/// </summary>
[Browsable(false)]
public static bool AllowBrowse
{
get
{
return Csla.Security.AuthorizationRules.CanGetObject(typeof(T));
}
}
/// <summary>
/// 是否可以新增数据
/// </summary>
[Browsable(false)]
public new bool AllowNew
{
get
{
return Csla.Security.AuthorizationRules.CanCreateObject(this.GetType());
}
}
/// <summary>
/// 是否可以删除数据
/// </summary>
[Browsable(false)]
public new bool AllowRemove
{
get
{
if (Count == 0)
return false;
return Csla.Security.AuthorizationRules.CanDeleteObject(this.GetType());
}
}
/// <summary>
/// 是否可以编辑数据
/// </summary>
[Browsable(false)]
public new bool AllowEdit
{
get
{
if (Count == 0)
return false;
return Csla.Security.AuthorizationRules.CanEditObject(this.GetType());
}
}
#endregion
至此,只要在继承BusinessListBase的类中,实现AddObjectAuthorizationRules静态函数,比如:
protected static void AddObjectAuthorizationRules()
{
Csla.Security.AuthorizationRules.AllowGet(typeof(Users), UserPrincipal.AdminRoleName);
Csla.Security.AuthorizationRules.AllowCreate(typeof(Users), UserPrincipal.AdminRoleName);
Csla.Security.AuthorizationRules.AllowEdit(typeof(Users), UserPrincipal.AdminRoleName);
Csla.Security.AuthorizationRules.DenyDelete(typeof(Users), UserPrincipal.AdminRoleName);
}
就可以实现类的权限数据的获取,不过函数名不能写错,否则CSLA就找不到了:
internal class ObjectAuthorizationRules
{
...
internal static RolesForType GetRoles(Type objectType)
{
RolesForType result = null;
if (!_managers.TryGetValue(objectType, out result))
{
lock (_managers)
{
if (!_managers.TryGetValue(objectType, out result))
{
result = new RolesForType();
_managers.Add(objectType, result);
// invoke method to add auth roles
var flags =
BindingFlags.Static | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.FlattenHierarchy;
MethodInfo method = objectType.GetMethod(
"AddObjectAuthorizationRules", flags);
if (method != null)
method.Invoke(null, null);
}
}
}
return result;
}
...
}
但是,类的权限数据的处理和应用,现在只能靠开发者在业务系统中硬编码:
/// <summary>
/// 管理用户窗体
/// </summary>
public partial class UsersEditForm : Form
{
...
/// <summary>
/// 应用授权规则
/// </summary>
private void ApplyAuthorizationRules()
{
bindingNavigatorAddNewButton.Enabled = Users.AllowNew;
bindingNavigatorDeleteButton.Enabled = Users.AllowRemove;
usersBindingNavigatorCancelButton.Enabled = Users.IsDirty;
usersBindingNavigatorSaveButton.Enabled = Users.IsSavable;
readWriteAuthorization.ResetControlAuthorization();
}
...
}
首先在BusinessBase继承的类中继承AddAuthorizationRules函数:
protected override void AddAuthorizationRules()
{
...
AuthorizationRules.AllowWrite(PasswordProperty, UserPrincipal.AdminRoleName);
}
然后将属性注册一下(这个注册机制还有其他用处;CSLA采用注册而非反射机制,看来主要还是考虑整体系统性能,不过辅以类似缓存的技术,性能也不会差到哪里,Phenix.Core.DataMapper就是这么做的):
private static PropertyInfo<string> PasswordProperty =
RegisterProperty<string>(typeof(User), new PropertyInfo<string>("Password"));
[Phenix.Core.DataMapperField(NeedUpdate = true, ColumnName = "US_Password")]
private string _password = PasswordProperty.DefaultValue;
/// <summary>
/// 登录口令
/// </summary>
public string Password
{
get
{
return GetProperty<string>(PasswordProperty, _password);
}
set
{
SetProperty<string>(PasswordProperty, ref _password, value);
}
}
至此,在UI界面上,仅需加上组件:ReadWriteAuthorization,那么相关的数据感知控件,比如输入框等,即可按照在AddAuthorizationRules函数中定义的读写权限进行只读和使能控制:
实现IExtenderProvider接口:
public bool CanExtend(object extendee)
{
if (IsPropertyImplemented(extendee, "ReadOnly")
|| IsPropertyImplemented(extendee, "Enabled"))
return true;
else
return false;
}
但是,CSLA对类的权限控制不是很到位,需要框架对此进行二次开发。
类的权限控制分为两个层次:
1,浏览权限;
2,增删改权限;
浏览权限是优先判断的,其次才对增删改进行判断。
根据目前CSLA提供的功能,在BusinessListBase中实现:
#region 权限控制
/// <summary>
/// 是否可以浏览数据
/// </summary>
[Browsable(false)]
public static bool AllowBrowse
{
get
{
return Csla.Security.AuthorizationRules.CanGetObject(typeof(T));
}
}
/// <summary>
/// 是否可以新增数据
/// </summary>
[Browsable(false)]
public new bool AllowNew
{
get
{
return Csla.Security.AuthorizationRules.CanCreateObject(this.GetType());
}
}
/// <summary>
/// 是否可以删除数据
/// </summary>
[Browsable(false)]
public new bool AllowRemove
{
get
{
if (Count == 0)
return false;
return Csla.Security.AuthorizationRules.CanDeleteObject(this.GetType());
}
}
/// <summary>
/// 是否可以编辑数据
/// </summary>
[Browsable(false)]
public new bool AllowEdit
{
get
{
if (Count == 0)
return false;
return Csla.Security.AuthorizationRules.CanEditObject(this.GetType());
}
}
#endregion
至此,只要在继承BusinessListBase的类中,实现AddObjectAuthorizationRules静态函数,比如:
protected static void AddObjectAuthorizationRules()
{
Csla.Security.AuthorizationRules.AllowGet(typeof(Users), UserPrincipal.AdminRoleName);
Csla.Security.AuthorizationRules.AllowCreate(typeof(Users), UserPrincipal.AdminRoleName);
Csla.Security.AuthorizationRules.AllowEdit(typeof(Users), UserPrincipal.AdminRoleName);
Csla.Security.AuthorizationRules.DenyDelete(typeof(Users), UserPrincipal.AdminRoleName);
}
就可以实现类的权限数据的获取,不过函数名不能写错,否则CSLA就找不到了:
internal class ObjectAuthorizationRules
{
...
internal static RolesForType GetRoles(Type objectType)
{
RolesForType result = null;
if (!_managers.TryGetValue(objectType, out result))
{
lock (_managers)
{
if (!_managers.TryGetValue(objectType, out result))
{
result = new RolesForType();
_managers.Add(objectType, result);
// invoke method to add auth roles
var flags =
BindingFlags.Static | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.FlattenHierarchy;
MethodInfo method = objectType.GetMethod(
"AddObjectAuthorizationRules", flags);
if (method != null)
method.Invoke(null, null);
}
}
}
return result;
}
...
}
但是,类的权限数据的处理和应用,现在只能靠开发者在业务系统中硬编码:
/// <summary>
/// 管理用户窗体
/// </summary>
public partial class UsersEditForm : Form
{
...
/// <summary>
/// 应用授权规则
/// </summary>
private void ApplyAuthorizationRules()
{
bindingNavigatorAddNewButton.Enabled = Users.AllowNew;
bindingNavigatorDeleteButton.Enabled = Users.AllowRemove;
usersBindingNavigatorCancelButton.Enabled = Users.IsDirty;
usersBindingNavigatorSaveButton.Enabled = Users.IsSavable;
readWriteAuthorization.ResetControlAuthorization();
}
...
}
相关文章推荐
- CSLA的权限控制如何整合到框架中
- Shiro权限控制框架入门2:如何将Shiro非入侵地整合到SpringMVC等Web项目中
- shiro安全框架扩展教程--如何动态控制页面节点元素的权限
- shiro框架的权限控制(Spring整合)
- shiro安全框架扩展教程--如何动态控制页面节点元素的权限
- shiro权限控制(一):shiro介绍以及整合SSM框架
- shiro安全框架扩展教程--如何动态控制页面节点元素的权限
- 权限控制框架shiro与spring整合详解
- SharePoint项目实践中如何实现非打破继承看上去很美的权限控制
- 权限控制框架Shiro总结
- spring事务处理相关,整合mybatis的系统如何单独做事务控制
- 项目权限控制的管家——Apache Shiro框架
- bug列表(一):Iframe框架下如何控制滚动条。
- 如何在struts2中利用session进行权限控制
- ASP.NET MVC 中如何实现基于角色的权限控制
- 权限控制框架 - shiro
- 如何实现最精细的权限控制?(暂缺)
- 如何自定义注解实现简单的权限控制
- 如何在应用系统中实现数据权限的控制功能(2)
- Django之路- 如何开发通用且万能的的权限框架组件