Pandax.EasyPermission 1.0.3

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package Pandax.EasyPermission --version 1.0.3
                    


                    

                
NuGet\Install-Package Pandax.EasyPermission -Version 1.0.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Pandax.EasyPermission" Version="1.0.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Pandax.EasyPermission" Version="1.0.3" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Pandax.EasyPermission" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Pandax.EasyPermission --version 1.0.3
                    


                    

                
#r "nuget: Pandax.EasyPermission, 1.0.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Pandax.EasyPermission@1.0.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Pandax.EasyPermission&version=1.0.3
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Pandax.EasyPermission&version=1.0.3
                    


                            Install as a Cake Tool

Pandax.EasyPermission

基于 ASP.Net Core 实现简易的权限验证组件

如何使用

在控制器上标记

[Authorize]
[ApiController]
[Route("api/[controller]")]
[HasPermissions("test")]
public class TestController : ControllerBase
{
    // 拥有 test 权限即可访问该资源
    public IActionResult Details(string id) => ...
}

当控制器标记了权限,而 Action 没有显式标记时,系统将默认采用控制器的权限。

在控制器Action标记

// 拥有 order.delete 权限即可访问该资源
[HasPermissions("order.delete")]
[HttpDelete("{id}/delete")]
public IActionResult Delete(string id) => Ok($"order {id} deleted");

一旦 Action 标记了权限,即使即时控制器也标记了权限,系统仍将根据 Action 标记的权限进行判断。

在Minimal API中这样标记

app.MapDelete("product/{id}/delete",
        [HasPermissions("product.delete")](string id) => $"product {id} deleted")
    .RequireAuthorization();

实现 IEasyPermissionsValidator 权限验证接口

public class EasyPermissionsValidator : IEasyPermissionsValidator
{
    public Task<bool> IsAuthorized(AuthorizationHandlerContext context, ICollection<string> hasPermissions)
    {
        var userPermissions = context.User.Claims
            .Where(x => x.Type == "permission")
            .Select(x => x.Value)
            .ToHashSet();

        // 拥有所需的权限才能通过验证
        // 将 .All() 改成 .Any() 可切换成拥有任意一个权限即可通过验证
        var x = hasPermissions.All(permission => userPermissions.Contains(permission));
        return Task.FromResult(x);
    }
}

注册权限验证

builder.Services.AddEasyPermissionsValidator<EasyPermissionsValidator>(ApiKeyDefaults.AuthenticationScheme);

这里传入 ApiKeyDefaults.AuthenticationScheme 值是自定义身份认证Scheme名称,如果用的是Jwt身份认证则换成JwtBearerDefaults.AuthenticationScheme或其它自定义Scheme名称,如果有多个Schemes可以一起添加,比如:

builder.Services
    .AddEasyPermissionsValidator<EasyPermissionsValidator>(
        JwtBearerDefaults.AuthenticationScheme,
        ApiKeyDefaults.AuthenticationScheme,
        "MyTestScheme");

如果需要自定义AddAuthorization(options)选项时则不要传入Schames参数,然后手动添加权限验证策略,比如这样:

// 注册权限验证服务
builder.Services.AddEasyPermissionsValidator<EasyPermissionsValidator>();
// 然后手动添加策略,比如以下场景:
builder.Services.AddAuthorization(options =>
{
    // 添加默认策略,支持配置的任意身份认证策略
    options.DefaultPolicy = new AuthorizationPolicyBuilder(
            CustomAuthSchemes.SupabaseJwt,
            CustomAuthSchemes.KeycloakJwt,
            CustomAuthSchemes.ApiKey)
        .RequireAuthenticatedUser()
        .Build();

    // 这里手动增加策略:添加资源权限策略
    options.AddPolicy(
        EasyPermissionRequirement.RequirePermission,
        policy =>
        {
            // 为以下Schemes设定权限判断要求
            policy.AddAuthenticationSchemes(
                CustomAuthSchemes.SupabaseJwt,
                CustomAuthSchemes.KeycloakJwt,
                CustomAuthSchemes.ApiKey);
            policy.RequireAuthenticatedUser();
            policy.Requirements.Add(new EasyPermissionRequirement());
        }
    );
});

测试

dotnet test --no-build --verbosity normal
Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net9.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.3 88 5/24/2025
1.0.1 171 4/11/2025
1.0.0 190 4/10/2025