-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathCommonContainerFileOperationAuthorizationHandler.cs
98 lines (82 loc) · 3.6 KB
/
CommonContainerFileOperationAuthorizationHandler.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
using System;
using System.Security.Principal;
using System.Threading.Tasks;
using EasyAbp.FileManagement.Files;
using EasyAbp.FileManagement.Options.Containers;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Infrastructure;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Timing;
namespace EasyAbp.FileManagement;
public class CommonContainerFileOperationAuthorizationHandler : FileOperationAuthorizationHandler, ITransientDependency
{
private readonly IClock _clock;
public CommonContainerFileOperationAuthorizationHandler(IClock clock)
{
_clock = clock;
SpecifiedFileContainerNames = new[]
{
FileContainerNameAttribute.GetContainerName(typeof(CommonFileContainer)) // Only for CommonFileContainer
};
}
protected override async Task HandleGetInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetInfoOperationInfoModel resource)
{
context.Succeed(requirement); // Allow everyone to get the file info.
}
protected override async Task HandleGetListAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetListOperationInfoModel resource)
{
context.Succeed(requirement); // Allow everyone to see the files.
}
protected override async Task HandleGetDownloadInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetDownloadInfoOperationInfoModel resource)
{
if (_clock.Now <= resource.File.CreationTime + TimeSpan.FromDays(7))
{
context.Succeed(requirement); // Everyone can download in 7 days from the file was uploaded.
return;
}
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();
}
protected override async Task HandleCreateAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileCreationOperationInfoModel resource)
{
if (context.User.FindUserId() == resource.OwnerUserId)
{
context.Succeed(requirement); // Owner users can upload a new file.
return;
}
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();
}
protected override async Task HandleUpdateInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileUpdateInfoOperationInfoModel resource)
{
if (context.User.FindTenantId() == null && context.User.FindUserId() == resource.OwnerUserId)
{
context.Succeed(requirement); // Host-side owner users can update their uploaded files.
return;
}
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();
}
protected override async Task HandleMoveAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileMoveOperationInfoModel resource)
{
if (resource.File.FileType == FileType.Directory)
{
context.Fail(); // Directories (a special type of file) cannot be moved.
return;
}
context.Succeed(requirement);
}
protected override async Task HandleDeleteAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileDeletionOperationInfoModel resource)
{
// Files cannot be deleted.
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();
}
}