public override void OnAuthorization(AuthorizationContext filterContext)
{
//no1: 判断是否登录
var user = filterContext.HttpContext.Session?["User"] as UserDto;
var controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var action = filterContext.ActionDescriptor.ActionName;
var method = filterContext.HttpContext.Request.HttpMethod;
var url = filterContext.HttpContext.Request.RawUrl;
var categoryKey = filterContext.HttpContext.Request.QueryString["CategoryKey"];
if (user != null)
{
var token = CacheHelper.GetCache(user.LoginName);
var info = AuthConfigXmlHelper.GetAuthConfigByXml(Api.PhysicsUrl + "/Config/AuthConfig.xml"
, url, controller, action, method, categoryKey);
_roles = BusinessHelper.BreakUpOptions(info.Roles, ',');
if (!AuthManager.TryAuthorize(filterContext, token.ToString(), _roles))
{
var respMessage = ResponseProvider.Error("你没有被授权访问此资源。", 401);
//异常处理模块接入
}
}
base.OnAuthorization(filterContext);
}
public ActionResult Save(ResourceDto model)
{
var saveState = BusinessHelper.BuildSaveState(Request);
var operationList = Request["OperationList"];
var array = BusinessHelper.BreakUpStr(operationList, ',');
_resourceBll.HttpPostSave(model, saveState, array);
var info = new AuthConfig
{
ControllerName = model.ControllerName,
ResourceId = model.ResourceId,
ResourceUrl = model.ResourceUrl,
Roles = ""
};
if (saveState.OperationState == OperationState.Add)
{
AuthConfigXmlHelper.AttachAuthConfigByXml(Api.PhysicsUrl + "/Config/AuthConfig.xml"
, info);
}
else
{
AuthConfigXmlHelper.UpateResourceAuthConfigByXml(Api.PhysicsUrl + "/Config/AuthConfig.xml"
, info);
}
return(RedirectToAction("Index", "Resource"));
}
public ActionResult Save()
{
var saveState = BusinessHelper.BuildSaveState(Request);
if (saveState == null)
{
throw new ArgumentNullException(nameof(saveState));
}
ViewBag.ActionList = AssemblyHelper.LoadAction(WebConfig.AssemblyName);
switch (saveState.OperationState)
{
case OperationState.Add:
case OperationState.Update:
var roleDto = _roleBll.Query(saveState);
var resourceTree = _resourceBll.GetSourceTree(false, null);
ViewBag.ResourceTree = resourceTree;
ViewBag.SaveState = saveState.ToJson();
ViewBag.InfoList = string.Join(",", roleDto.Resources.Select(p => p.ResourceId));
ViewBag.AuthConfigList = AuthConfigXmlHelper.GetAuthConfigListByXml(Api.PhysicsUrl + "/Config/AuthConfig.xml",
roleDto.Code);
return(View(roleDto));
case OperationState.Remove:
//逻辑删除
_roleBll.HttpGetSave(saveState);
return(RedirectToAction("Index", "Role"));
default:
throw new ArgumentOutOfRangeException();
}
}
public ActionResult Save(RoleDto model)
{
var saveState = BusinessHelper.BuildSaveState(Request);
var resourceList = Request["resourceList"];
var array = BusinessHelper.BreakUpStr(resourceList, ',');
var arrayStr = BusinessHelper.BreakUpOptions(resourceList, ',');
_roleBll.HttpPostSave(model, saveState, array);
var actionList = Request["actionList"];
var actionArr = BusinessHelper.BreakUpOptions(actionList, '|');
//资源授权
AuthConfigXmlHelper.UpateRolesAuthConfigByXml(Api.PhysicsUrl + "/Config/AuthConfig.xml"
, arrayStr, model.Code);
//Action授权
AuthConfigXmlHelper.UpateActionRolesAuthConfigByXml(Api.PhysicsUrl + "/Config/AuthConfig.xml"
, model.Code, actionArr);
return(RedirectToAction("Index", "Role"));
}
