Skip to content

Commit

Permalink
Merge pull request #100 from EasyAbp/refactor-file-operation-authoriz…
Browse files Browse the repository at this point in the history 
…ation-handler

Refactor `FileOperationAuthorizationHandler`
  • Loading branch information
@gdlcf88
gdlcf88 committed Oct 14, 2023
2 parents b6c317a + dbf0917 commit ac651eb
Show file tree
Hide file tree
Showing 15 changed files with 474 additions and 320 deletions.
2 changes: 1 addition & 1 deletion common.props
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<Project>
<PropertyGroup>
<LangVersion>latest</LangVersion>
<Version>4.0.0-preview.1</Version>
<Version>4.0.0-preview.2</Version>
<NoWarn>$(NoWarn);CS1591</NoWarn>
<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
<Authors>EasyAbp Team</Authors>
Expand Down
139 changes: 74 additions & 65 deletions host/EasyAbp.FileManagement.HttpApi.Host/CommonContainerFileOperationAuthorizationHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,88 +8,97 @@
using Volo.Abp.DependencyInjection;
using Volo.Abp.Timing;

namespace EasyAbp.FileManagement
namespace EasyAbp.FileManagement;

public class CommonContainerFileOperationAuthorizationHandler : FileOperationAuthorizationHandler, ITransientDependency
{
public class CommonContainerFileOperationAuthorizationHandler : FileOperationAuthorizationHandler, ITransientDependency
private readonly IClock _clock;

public CommonContainerFileOperationAuthorizationHandler(IClock clock)
{
private readonly IClock _clock;
_clock = clock;

public CommonContainerFileOperationAuthorizationHandler(IClock clock)
{
_clock = clock;

SpecifiedFileContainerNames = new[]
{FileContainerNameAttribute.GetContainerName(typeof(CommonFileContainer))}; // Only for CommonFileContainer
}

protected override async Task HandleGetInfoAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
SpecifiedFileContainerNames = new[]
{
context.Succeed(requirement); // Allow everyone to see the files.
FileContainerNameAttribute.GetContainerName(typeof(CommonFileContainer))
}; // Only for CommonFileContainer
}

await Task.CompletedTask;
}
protected override async Task HandleGetInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetInfoOperationInfoModel resource)
{
context.Succeed(requirement); // Allow everyone to get the file info.

protected override async Task HandleGetDownloadInfoAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
{
if (_clock.Now <= resource.File.CreationTime + TimeSpan.FromDays(7))
{
context.Succeed(requirement); // Everyone can download in 7 days from the file was uploaded.
return;
}

context.Fail();

await Task.CompletedTask;
}
await Task.CompletedTask;
}

protected override async Task HandleGetListAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetListOperationInfoModel resource)
{
context.Succeed(requirement); // Allow everyone to see the files.

protected override async Task HandleCreateAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
await Task.CompletedTask;
}

protected override async Task HandleGetDownloadInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetDownloadInfoOperationInfoModel resource)
{
if (_clock.Now <= resource.File.CreationTime + TimeSpan.FromDays(7))
{
if (context.User.FindUserId() == resource.OwnerUserId)
{
context.Succeed(requirement); // Owner users can upload a new file.
return;
}

context.Fail();

await Task.CompletedTask;
context.Succeed(requirement); // Everyone can download in 7 days from the file was uploaded.
return;
}

protected override async Task HandleUpdateAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
context.Fail();

await Task.CompletedTask;
}

protected override async Task HandleCreateAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileCreationOperationInfoModel resource)
{
if (context.User.FindUserId() == resource.OwnerUserId)
{
if (context.User.FindTenantId() == null && context.User.FindUserId() == resource.OwnerUserId)
{
context.Succeed(requirement); // Host-side owner users can update their uploaded files.
return;
}

context.Fail();

await Task.CompletedTask;
context.Succeed(requirement); // Owner users can upload a new file.
return;
}

protected override async Task HandleMoveAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
context.Fail();

await Task.CompletedTask;
}

protected override async Task HandleUpdateInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileUpdateInfoOperationInfoModel resource)
{
if (context.User.FindTenantId() == null && context.User.FindUserId() == resource.OwnerUserId)
{
if (resource.File.FileType == FileType.Directory)
{
context.Fail(); // Directories (a special type of file) cannot be moved.
return;
}

context.Succeed(requirement);

await Task.CompletedTask;
context.Succeed(requirement); // Host-side owner users can update their uploaded files.
return;
}

protected override async Task HandleDeleteAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
context.Fail();

await Task.CompletedTask;
}

protected override async Task HandleMoveAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileMoveOperationInfoModel resource)
{
if (resource.File.FileType == FileType.Directory)
{
context.Fail(); // Files cannot be deleted.
context.Fail(); // Directories (a special type of file) cannot be moved.
return;
}

context.Succeed(requirement);

await Task.CompletedTask;
}

protected override async Task HandleDeleteAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileDeletionOperationInfoModel resource)
{
context.Fail(); // Files cannot be deleted.
}
}
151 changes: 80 additions & 71 deletions host/EasyAbp.FileManagement.Web.Unified/CommonContainerFileOperationAuthorizationHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,95 +8,104 @@
using Volo.Abp.DependencyInjection;
using Volo.Abp.Timing;

namespace EasyAbp.FileManagement
namespace EasyAbp.FileManagement;

public class CommonContainerFileOperationAuthorizationHandler : FileOperationAuthorizationHandler, ITransientDependency
{
public class CommonContainerFileOperationAuthorizationHandler : FileOperationAuthorizationHandler, ITransientDependency
private readonly IClock _clock;

public CommonContainerFileOperationAuthorizationHandler(IClock clock)
{
private readonly IClock _clock;
_clock = clock;

public CommonContainerFileOperationAuthorizationHandler(IClock clock)
{
_clock = clock;

SpecifiedFileContainerNames = new[]
{FileContainerNameAttribute.GetContainerName(typeof(CommonFileContainer))}; // Only for CommonFileContainer
}

protected override async Task HandleGetInfoAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
SpecifiedFileContainerNames = new[]
{
context.Succeed(requirement); // Allow everyone to see the files.
FileContainerNameAttribute.GetContainerName(typeof(CommonFileContainer)) // Only for CommonFileContainer
};
}

await Task.CompletedTask;
}
protected override async Task HandleGetInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetInfoOperationInfoModel resource)
{
context.Succeed(requirement); // Allow everyone to get the file info.

await Task.CompletedTask;
}

protected override async Task HandleGetListAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetListOperationInfoModel resource)
{
context.Succeed(requirement); // Allow everyone to see the files.

await Task.CompletedTask;
}

protected override async Task HandleGetDownloadInfoAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
protected override async Task HandleGetDownloadInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileGetDownloadInfoOperationInfoModel resource)
{
if (_clock.Now <= resource.File.CreationTime + TimeSpan.FromDays(7))
{
if (_clock.Now <= resource.File.CreationTime + TimeSpan.FromDays(7))
{
context.Succeed(requirement); // Everyone can download in 7 days from the file was uploaded.
return;
}

// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();

await Task.CompletedTask;
context.Succeed(requirement); // Everyone can download in 7 days from the file was uploaded.
return;
}

protected override async Task HandleCreateAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();

await Task.CompletedTask;
}

protected override async Task HandleCreateAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileCreationOperationInfoModel resource)
{
if (context.User.FindUserId() == resource.OwnerUserId)
{
if (context.User.FindUserId() == resource.OwnerUserId)
{
context.Succeed(requirement); // Owner users can upload a new file.
return;
}

// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();

await Task.CompletedTask;
context.Succeed(requirement); // Owner users can upload a new file.
return;
}

protected override async Task HandleUpdateAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();

await Task.CompletedTask;
}

protected override async Task HandleUpdateInfoAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileUpdateInfoOperationInfoModel resource)
{
if (context.User.FindTenantId() == null && context.User.FindUserId() == resource.OwnerUserId)
{
if (context.User.FindTenantId() == null && context.User.FindUserId() == resource.OwnerUserId)
{
context.Succeed(requirement); // Host-side owner users can update their uploaded files.
return;
}

// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();

await Task.CompletedTask;
context.Succeed(requirement); // Host-side owner users can update their uploaded files.
return;
}

protected override async Task HandleMoveAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();

await Task.CompletedTask;
}

protected override async Task HandleMoveAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileMoveOperationInfoModel resource)
{
if (resource.File.FileType == FileType.Directory)
{
if (resource.File.FileType == FileType.Directory)
{
context.Fail(); // Directories (a special type of file) cannot be moved.
return;
}

context.Succeed(requirement);

await Task.CompletedTask;
context.Fail(); // Directories (a special type of file) cannot be moved.
return;
}

protected override async Task HandleDeleteAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement,
FileOperationInfoModel resource)
{
// Files cannot be deleted.
await Task.CompletedTask;
context.Succeed(requirement);

// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();
}
await Task.CompletedTask;
}

protected override async Task HandleDeleteAsync(AuthorizationHandlerContext context,
OperationAuthorizationRequirement requirement, FileDeletionOperationInfoModel resource)
{
// Files cannot be deleted.
await Task.CompletedTask;

// We don't set fail, so admin (with "manage" permission) can do it.
// context.Fail();
}
}

0 comments on commit ac651eb

Please sign in to comment.