ASP.NET Core中基于声明的授权

Question

I'm developing my own project in ASP.NET Core using Claims and I referenced to the following article: http://blog.geveo.com/Claim-based-authorization-ASP-core

It is difficult for me to understand, from where we have Permissions in step 05, because it wasn't defined earlier anywhere. Any ideas?

services.AddAuthorization(options =>
{
    options.AddPolicy(PolicyTypes.Teams.Manage, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.Manage);
    });
    options.AddPolicy(PolicyTypes.Teams.AddRemove, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.AddRemove);
    });
    options.AddPolicy(PolicyTypes.Users.Manage, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.Add);
    });
    options.AddPolicy(PolicyTypes.Users.EditRole, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.EditRole);
    });
}

Answer 1

Step 2 from that blog post is missing a class that wraps both the Users and Teams class. It should look like this:

public static class Permissions
{
    public static class Users
    {
        public const string Add = "users.add";
        public const string Edit = "users.edit";
        public const string EditRole = "users.edit.role";
    }

    public static class Teams
    {
        public const string AddRemove = "teams.addremove";
        public const string EditManagers = "teams.edit.managers";
        public const string Delete = "teams.delete";
    }
}

In the end, this just defines common values to be used throughout the application to identify the various permissions. You could also just pass some strings, but having them defined centrally makes it easier to use since you don't need to remember magic strings.