【问题标题】:Logic wrong in custom loop on permissions authorization filter权限授权过滤器的自定义循环中的逻辑错误
【发布时间】:2021-05-16 04:07:07
【问题描述】:

我在这里得到误报。基本上,我想要发生的只是返回一个错误,例如,如果用户无权执行Create,但目前即使他们拥有该权限,它也会返回一个错误。

User Permission Active
12 Create True
12 Update False
12 Delete True

第一个例子

以下应返回true。确实如此,但这是误报,因为 ReadUpdateDelete 不存在。

[HasPermission("Create"); 

第二个例子

应该返回false,但返回ReadDelete不存在,而我只要求CreateUpdate

[HasPermission("Create,Update"); 

代码

string[] permissionValues = permission.Split(",");
Dictionary<string, bool> dict = new Dictionary<string, bool>();

foreach (var item in permissionValues)
{
    var permissions = db.AppWarehouseUserPermmissions.Any(w => w.Name == item && w.Controller == controllerName && w.isAcitve == true);
    dict.Add(item, permissions);
}
foreach (var item in dict)
{
    if (item.Key == "Create" || item.Key == "Read" || item.Key == "Update" || item.Key == "Delete" && item.Value == true)
    {
        isAuthorised = true;
               
    }
    if (item.Key == "Create" || item.Key == "Read" || item.Key=="Update" || item.Key=="Delete" && item.Value==false)
    {                                        
            _customError.Add(new CutomError() { Message = $"User has no {item.Key} permissions", ErrorCode = item.Key });
    }
}
return isAuthorised;

【问题讨论】:

    标签: c# asp.net-core


    【解决方案1】:

    我最终将逻辑放在单元测试中并让它工作有时最好的位置是将代码从主问题中取出并在单元测试中逐行处理。

    现在可以按预期工作,但我觉得可以做得更好。

     public void Setup()
     {
       permissionsList = new List<AppWarehouseUserPermmissions>(){
        new AppWarehouseUserPermmissions {
            Name="Create",
            Action="Create",
            Controller="StockItems",            
            isAcitve=true            
            //populate other properties  
        }, new AppWarehouseUserPermmissions {
            Name="Update",
            Action="Update",
            Controller="StockItems",
            isAcitve=false            
            //populate other properties  
        },new AppWarehouseUserPermmissions {
            Name="Delete",
            Action="Delete",
            Controller="StockItems",
            isAcitve=true            
            //populate other properties  
        },
           new AppWarehouseUserPermmissions
          {
              Name = "Read",
              Action = "Read",
              Controller = "Test",
              isAcitve = true
              //populate other properties  
          }
         };
         };
      }
    
    [TestCase("Create,Update", "StockItems", 1)]
    [TestCase("Delete,Update", "StockItems", 1)]
    [TestCase("Read,Update", "StockItems", 2)]
    [TestCase("Update", "StockItems", 1)]
    
    public void Vlaidate_Permissions_Returns_Corrrect_Errors(string permission,string controllerName,int expected)
    {
            bool isAuthorised = false;
            List<CutomError> _customError = new List<CutomError>();
            string[] permissionValues = permission.Split(",");
            Dictionary<string, bool> dict = new Dictionary<string, bool>();
    
            foreach (var item in permissionValues)
            {
                var permissions = permissionsList.Any(w => w.Name == item && w.Controller == controllerName && w.isAcitve == true);
                dict.Add(item, permissions);
            }
            foreach (var item in dict)
            {
                if (item.Key == "Create" || item.Key == "Read" || item.Key == "Update" || item.Key == "Delete" && item.Value == true)
                {
                    isAuthorised = true;
    
                }
               
            }
            foreach (var item in dict.Where(w => w.Value == false))
            {
                _customError.Add(new CutomError() { Message = $"Uwas has no {item.Key} permissions", ErrorCode = item.Key });
            }
            
            Assert.AreEqual(expected, _customError.Count);
        }
    }
    

    【讨论】:

      猜你喜欢
      • 2017-04-08
      • 1970-01-01
      • 2011-08-05
      • 2013-10-31
      • 1970-01-01
      • 2013-03-26
      • 1970-01-01
      • 2021-05-15
      • 2021-04-09
      相关资源
      最近更新 更多