Fork me on GitHub

Azure DevOps 扩展之 Hub 插件的菜单权限控制配置

这是 Hub 插件的描述配置代码片段:

{
    "contributions": [
        {
            "id": "feature-hidden-fields-manager-hub",
            "type": "ms.vss-web.feature",
            "targets": [
                "ms.vss-web.managed-features",
                "ms.vss-web.managed-features-onprem"
            ],
            "description": "Enable Work Item Type Hidden Fields Manager Feature",
            "properties": {
                "name": "Enable Work Item Type Hidden Fields Manager",
                "userConfigurable": false,
                "hostConfigurable": true,
                "defaultState": false,
                "hostScopes": [
                    null,
                    "collection"
                ]
            }
        },
        {
            "id": "hidden-fields-manager-hub",
            "type": "ms.vss-web.hub",
            "targets": [
                "ms.vss-web.collection-admin-hub-group"
            ],
            "includes": [
                "ms.vss-tfs-web.tfs-page-data-service",
                "ms.vss-features.host-navigation-service",
                "ms.vss-features.extension-data-service",
                "ms.vss-features.host-dialog-service"
            ],
            "properties": {
                "iconProps": {
                    "iconName": "WorkItem",
                    "className": "admin-tab-icon"
                },
                "name": "Work Item Type Hidden Fields Manager",
                "order": 101,
                "uri": "dist/Hub/HiddenFieldManagerHub.html",
                "supportsMobile": true
            },
            "constraints": [
                {
                    "name": "Security",
                    "properties":{
                        "namespaceId": "3E65F728-F8BC-4ecd-8764-7E378B19BFA7",
                        "namespaceToken": "NAMESPACE",
                        "permission": 32,
                        "allowSystemContext": true,
                        "serviceInstanceType": "00000028-0000-8888-8000-000000000000"
                    }
                },
                {
                    "name": "Feature",
                    "properties": {
                        "featureId": "Allen.hidden-fields-manager.feature-hidden-fields-manager-hub"
                    }
                }
            ]
        }
    ]
}

实现菜单按当前登录用户的权限显示与隐藏的主要配置是 constraints 下名为 Securityproperties 配置。

例如:我需要使用该 Hub 插件的人,必须有 ProcessTemplates 进程模板 (3E65F728-F8BC-4ecd-8764-7E378B19BFA7) 管理权限,才能看到菜单(入口)。

其中 namespaceId 的常量值,来自权限空间ID列表:https://docs.microsoft.com/en-us/azure/devops/organizations/security/namespace-reference?view=azure-devops

Azure DevOps Serverdll 中反编译后找到的部分 SecurityNamespaceId

namespaceId 常量值 参考代码:

namespace Microsoft.TeamFoundation.Framework.Common
{
	public static class FrameworkSecurity
	{
		public static readonly Guid FrameworkNamespaceId = new Guid("1f4179b3-6bac-4d01-b421-71ea09171400");

		public static readonly Guid EventSubscriptionNamespaceId = new Guid("58B176E7-3411-457a-89D0-C6D0CCB3C52B");

		public static readonly Guid EventSubscriberNamespaceId = new Guid("2BF24A2B-70BA-43D3-AD97-3D9E1F75622F");

		public static readonly Guid JobNamespaceId = new Guid("2a887f97-db68-4b7c-9ae3-5cebd7add999");

		public static readonly Guid RegistryNamespaceId = new Guid("4ae0db5d-8437-4ee8-a18b-1f6fb38bd34c");

		public static readonly Guid CollectionManagementNamespaceId = new Guid("f66fc5d6-60e1-443e-9d16-851364ce3b99");

		public static readonly Guid CatalogNamespaceId = new Guid("6BACCF73-1500-476f-8B2B-94F4489A59AA");

		public static readonly Guid IdentitiesNamespaceId = new Guid("5A27515B-CCD7-42c9-84F1-54C998F03866");

		public static readonly Guid Identities2NamespaceId = new Guid("C2EFB788-4DD2-4301-B2EE-EC8ED6955B4E");

		public static readonly Guid LocationNamespaceId = LocationSecurityConstants.NamespaceId;

		public static readonly Guid StrongBoxNamespaceId = new Guid("4A9E8381-289A-4DFD-8460-69028EAA93B3");

		public static readonly Guid DiagnosticNamespaceId = new Guid("A1178DF8-8630-4786-B2A0-3A580DDF63EA");

		public static readonly Guid TaggingNamespaceId = new Guid("BB50F182-8E5E-40B8-BC21-E8752A1E7AE2");

		public static readonly Guid TracingNamespaceId = new Guid("0F623D1C-A21B-4A66-B4AE-07DD445502FB");

		public static readonly Guid ProcessTemplatesNamespaceId = new Guid("3E65F728-F8BC-4ecd-8764-7E378B19BFA7");

		public static readonly Guid ProcessNamespaceId = new Guid("2DAB47F9-BD70-49ED-9BD5-8EB051E59C02");

		public static readonly Guid MessageQueueNamespaceId = new Guid("F3E9DDE6-32CD-48BB-B62D-1D73BCAF42F1");

		public static readonly string MessageQueueNamespaceRootToken = "Tfsmq";

		public static readonly char MessageQueuePathSeparator = '/';

		public static readonly string FrameworkNamespaceToken = "FrameworkGlobalSecurity";

		public static readonly string JobNamespaceToken = "AllJobs";

		public static readonly string CollectionManagementNamespaceToken = "AllCollections";

		public static readonly char CollectionManagementPathSeparator = '/';

		public static readonly char RegistryPathSeparator = '/';

		public static readonly string RegistryNamespaceRootToken = FrameworkSecurity.RegistryPathSeparator.ToString();

		public static readonly char IdentitySecurityPathSeparator = '\\';

		public static readonly string IdentitySecurityRootToken = "$";

		public static readonly char LocationPathSeparator = LocationSecurityConstants.PathSeparator;

		public static readonly string LocationNamespaceRootToken = LocationSecurityConstants.NamespaceRootToken;

		public static readonly string ServiceDefinitionsToken = LocationSecurityConstants.ServiceDefinitionsToken;

		public static readonly string AccessMappingsToken = LocationSecurityConstants.AccessMappingsToken;

		public static readonly char StrongBoxSecurityPathSeparator = '/';

		public static readonly string StrongBoxSecurityNamespaceRootToken = "StrongBox";

		public static readonly string ProcessTemplateNamespaceToken = "NAMESPACE";

		public static readonly char DiagnosticPathSeparator = '/';

		public static readonly string DiagnosticNamespaceToken = "Diagnostic";

		public static readonly Guid TeamProjectNamespaceId = TeamProjectSecurityConstants.NamespaceId;

		public static readonly Guid TeamProjectCollectionNamespaceId = new Guid("3E65F728-F8BC-4ecd-8764-7E378B19BFA7");

		public static readonly string TeamProjectCollectionNamespaceToken = "NAMESPACE";

		public static readonly string TracingNamespaceToken = "Global";

		public static readonly Guid ProxyNamespaceId = new Guid("CB4D56D2-E84B-457E-8845-81320A133FBB");

		public static readonly string ProxyNamespaceToken = "Proxy";
	}
}

permission 常量值 参考代码:

namespace Microsoft.TeamFoundation.Framework.Common
{
	public static class FrameworkPermissions
	{
		public const int GenericRead = 1;

		public const int GenericWrite = 2;

		public const int Impersonate = 4;

		public const int TriggerEvent = 16;

		public const int AllPermissions = 23;
	}
}
posted @ 2020-11-05 23:16  VAllen  阅读(392)  评论(0编辑  收藏  举报