2

我似乎无法让我们的测试通过RequiredPermission我们的 ServiceStack 服务的属性。有人可以帮我弄清楚我要去哪里错了吗?

假设是RequiredPermission使用session.Permissions列表。

我们UserViewModel的设置如下

public class UserViewModel : ViewModelBase
{
    public UserViewModel()
    {
        Groups = new List<GroupModel>();
    }

    public string FirstName { get; set; }
    public string LastName { get; set; }
    public string Email { get; set; }
    public string Password { get; set; } // This should never be populated on the way out.

    public IList<GroupModel> Groups { get; set; }
}

GroupModel 与其中的列表类似SecuritySettings。对服务层的每次调用都会返回一个完全水合的 UserViewModel,其中包含一个组列表,每个组都包含一个 SecuritySettings 列表。

当用户进行身份验证时,我们运行这个

    public override void OnAuthenticated ( IServiceBase authService,
                                          IAuthSession session,
                                          IOAuthTokens tokens,
                                          Dictionary<string, string> authInfo )
    {
        session.Id = _userViewModel.Id.ToString();
        session.UserName = _userViewModel.Email;
        session.FirstName = _userViewModel.FirstName;
        session.DisplayName = string.Format( "{0} {1}", _userViewModel.FirstName, _userViewModel.LastName );

        session.Roles = new List<string>();
        session.Permissions = new List<string>();

        if ( _userViewModel.Groups != null )
        {
            foreach ( var group in _userViewModel.Groups )
            {
                // Add user Groups to "Roles"
                session.Roles.Add( group.Name );

                if ( @group.SecuritySettings == null ) continue;
                foreach ( var securitySetting in @group.SecuritySettings )
                {
                    // Add group SecuritySettings to "Permissions"
                    session.Permissions.Add( securitySetting.Name );
                }
            }
        }

        var mapper = new AutoMapper<UserModel>();
        _container.Register( mapper.BuildFrom( _userViewModel ) );

        //Important: You need to save the session!
        authService.SaveSession( session, SessionExpiry );
    }

我遇到的问题是我的测试仍然在我的 UserServiceInterface 方法上返回“未经授权”

    [RequiredPermission("Read User")]
    public object Get( UserRequest request )
    {
        return new UserResponse { User = _userService.GetById( request.Id ) };
    }

我可以确认UserViewModel.Groups[0].SecuritySettings[0].Name == "Read User".

4

2 回答 2

1

base.OnAuthenticated此问题的解决方法是在 CustomCredentialsAuthProvider.OnAuthenticated 方法的末尾调用该方法。

    public override void OnAuthenticated ( IServiceBase authService,
                                           IAuthSession session,
                                           IOAuthTokens tokens,
                                           Dictionary<string, string> authInfo )
    {

        // truncated for brevity

        //Important: You need to save the session!s
        authService.SaveSession( session, SessionExpiry );

        // THIS ENSURES THE SESSION IS ACCESSABLE BY THE APP 
        base.OnAuthenticated(authService, session, tokens, authInfo);
    }
于 2013-10-09T17:40:16.580 回答
0

这是RequiredPermissionAttribute的实现:

public bool HasAllPermissions(IAuthSession session)
{
    return this.RequiredPermissions
        .All(requiredPermission => session != null 
            && session.HasPermission(requiredPermission));
}

默认实现只检查AuthUserSession.HasPermission(),即:

public virtual bool HasPermission(string permission)
{
    return this.Permissions != null && this.Permissions.Contains(permission);
}

如果您使用的是 CustomAuthSession,这是可以覆盖的。我建议覆盖HasPermission()并放置一个断点,以便您可以自省会话实例 - 因为当前行为仅在会话没有所需权限时才会失败。

于 2013-10-09T17:34:33.880 回答