IMethodReturn IInterceptionBehavior.Invoke(IMethodInvocation input, GetNextInterceptionBehaviorDelegate getNext)
{
var mb = input.MethodBase;
object[] attrObj = mb.GetCustomAttributes(typeof(RightAttribute), false);
if (attrObj.Count() > 0)
{
string badge = "";
for (int i = 0; i < input.Arguments.Count; i++)
{
if (input.Arguments[i] != null)
{
string x = input.Arguments[i].GetType().ToString();
if (x == "SchoolCheckIn.CheckIn.Model.Employee")
{
var tmpEmployee = (SchoolCheckIn.CheckIn.Model.Employee)input.Arguments[i];
badge = tmpEmployee.Badge;
break;
}
}
}
var rightInfo = (RightAttribute)attrObj[0];
User u = rightService.GetUserByBadge(badge);
if (u == null)
{
throw new Exception("未对登录用户分配权限用户!");
}
List <Role> userRole = rightService.GetRoleByUser(u);
if (userRole == null)
{
throw new Exception("未对用户分配角色权限!");
}
//查找当前用户的角色,判断权限
bool havePermission = rightService.HaveRight(badge, rightInfo.ResourceName, rightInfo.OperationCode);
if (havePermission)
{
var methodReturn = getNext().Invoke(input, getNext); //可调用执行方法
return(methodReturn);
}
else
{
throw new Exception("没有权限!");
}
}
else
{
var methodReturn = getNext().Invoke(input, getNext); //调用执行方法
return(methodReturn);
}
}
public JsonResult AddUserInRole(int roleId, string badge, string name, string department)
{
string msg = string.Empty;
bool state = true;
try
{
Right.Entity.Role r = ars.GetRole(roleId);
Right.Entity.User u = ars.GetUserByBadge(badge);
if (u == null)
{
u = new Right.Entity.User();
u.Badge = badge;
u.UserName = name;
u.Department = department;
ars.SaveUser(u);
ars.AddRoleToUser(r, u);
}
else
{
var roles = ars.GetRoleByUser(u);
if (roles.Where(a => a.RoleId == r.RoleId).Count() > 0)
{
throw new Exception("本角色已包含用户" + u.UserName + "!");
}
ars.AddRoleToUser(r, u);
}
}
catch (Exception e)
{
state = false;
msg = e.Message;
}
return(new JsonResult {
Data = new { State = state, Msg = msg }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
});
}