public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpRequestBase req = filterContext.HttpContext.Request;
string queryString = req.Url.Query.Substring(1);//AbsoluteUri.Substring(req.Url.AbsoluteUri.IndexOf('?') + 1);
//queryString = HttpUtility.UrlDecode(queryString);
queryString = DecodeBase.Decrypt(queryString);
string path = req.FilePath;
NameValueCollection QS = ParseQueryString(queryString);
ParameterDescriptor[] pds = filterContext.ActionDescriptor.GetParameters();
filterContext.ActionParameters.Clear();
foreach (var pd in pds)
{
string ParameterValue = QS.Get(pd.ParameterName);
string typeName = pd.ParameterType.Name;
filterContext.ActionParameters.Add(pd.ParameterName, Convert.ChangeType(ParameterValue, pd.ParameterType));
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (pubfunc(filterContext))
{
Uri url = filterContext.HttpContext.Request.Url;
string pathandquery = url.AbsolutePath, xmlstr = "", queryString = "";
//先解密
if (url.Query != "")
{
queryString = DecodeBase.Decrypt(url.Query.Substring(1));
if (queryString == "")
{
queryString = url.Query.Substring(1);
} //解密是空的话,根本就没加密,没加密就还原
}
if (queryString != "")
{
pathandquery = pathandquery + "?" + queryString;
} //带入数据库值
//带入xml值
if (queryString.Contains("menuxml"))
{
xmlstr = url.AbsolutePath + "?" + queryString.Substring(0, queryString.IndexOf("&"));
}
else
{
xmlstr = url.AbsolutePath;
}
XDocument doc = XDocument.Load("http://" + url.Authority + "/FileUpload/SubMenuFile.xml");
string str = "";
//foreach (XElement e in doc.Root.Descendants("submenu"))//doc.Root.Elements("submenu")
//{
// if (e.Value.Equals(xmlstr))
// {
// str = e.Parent.Element("menu").Value;
// break;
// }
//}
var text1 = doc.Descendants("rootmenu")
.Where(p =>
{
//if (p.Element("submenu").Value.Equals(xmlstr))
//{
// str = p.Element("menu").Value;
// return true;
//}
//return false;
foreach (var item in p.Elements("submenu"))
{
if (item.Value.Equals(xmlstr))
{
str = item.Parent.Element("menu").Value; break;
}
}
if (str != "")
{
return(true);
}
return(false);
}).ToList();
if (str != "")
{
pathandquery = str;
}
JObject json_user = Extension.Get_UserInfo(filterContext.HttpContext.User.Identity.Name);
string sql = @"select count(1) from sysmodule t where t.MODULEID IN (select MODULEID FROM sys_moduleuser where userid='{0}') and lower(t.url)=lower('{1}')";
sql = string.Format(sql, json_user.GetValue("ID"), pathandquery);
DataTable dt = DBMgr.GetDataTable(sql);
if (dt.Rows[0][0].ToString() == "0")//无权限
{
filterContext.Result = new RedirectResult("/Account/NoPower");
}
//----------------------------------------------------
//20180103临时加上权限:因 委托单位 跟 接单单位 共用一个界面,只是控制新增按钮而已,接单单位可以新增,委托单位不可以
if (queryString == "" && (xmlstr.ToLower() == "/orderairout/create" || xmlstr.ToLower() == "/orderairin/create" || xmlstr.ToLower() == "/orderlandout/create" ||
xmlstr.ToLower() == "/orderlandin/create" || xmlstr.ToLower() == "/orderseaout/create" || xmlstr.ToLower() == "/orderseain/create" ||
xmlstr.ToLower() == "/orderdomestic/create" || xmlstr.ToLower() == "/orderspecial/create"))//代表的是新增界面
{
JObject jsonu = Extension.Get_UserInfo(filterContext.HttpContext.User.Identity.Name);
if (json_user.Value <string>("ISRECEIVER") != "1")
{
filterContext.Result = new RedirectResult("/Account/NoPower");
}
}
//----------------------------------------------------
}
}
public string Decrypt()//进行DES解密。
{
return(DecodeBase.Decrypt(Request["para"].ToString()));
}
public string Header()
{
string result = "<li><a href=\"/Home/Index\"><i class=\"icon iconfont\"></i> 首页</a></li>";
if (string.IsNullOrEmpty(HttpContext.User.Identity.Name))
{
}
else
{
JObject json_user = Extension.Get_UserInfo(HttpContext.User.Identity.Name);
string sql = @"select MODULEID,NAME,PARENTID,URL,SORTINDEX,IsLeaf,ICON from sysmodule t
where t.parentid='91a0657f-1939-4528-80aa-91b202a593ab' and t.MODULEID IN (select MODULEID FROM sys_moduleuser where userid='{0}')
order by sortindex";
sql = string.Format(sql, json_user.GetValue("ID"));
DataTable dt1 = DBMgr.GetDataTable(sql);
for (int i = 0; i < dt1.Rows.Count; i++)
{
string icon = string.Empty;
if (!string.IsNullOrEmpty(dt1.Rows[i]["ICON"] + ""))
{
icon = "<i class=\"icon iconfont\">&#x" + dt1.Rows[i]["ICON"] + ";</i> ";
}
result += "<li><a>" + icon + dt1.Rows[i]["NAME"] + "</a>";
sql = @"select MODULEID,NAME,PARENTID,URL,SORTINDEX,IsLeaf,ICON from sysmodule t where t.parentid='{0}'
and t.MODULEID IN (select MODULEID FROM sys_moduleuser where userid='{1}') order by sortindex";
sql = string.Format(sql, dt1.Rows[i]["MODULEID"], json_user.GetValue("ID"));
DataTable dt2 = DBMgr.GetDataTable(sql);
if (dt2.Rows.Count > 0)
{
result += "<ul>";
for (int j = 0; j < dt2.Rows.Count; j++)
{
icon = string.Empty;
if (!string.IsNullOrEmpty(dt2.Rows[j]["ICON"] + ""))
{
icon = "<i class=\"icon iconfont\">&#x" + dt2.Rows[j]["ICON"] + ";</i> ";
}
if (string.IsNullOrEmpty(dt2.Rows[j]["URL"] + ""))
{
result += "<li><a>" + icon + dt2.Rows[j]["NAME"] + "</a>";
}
else
{
//result += "<li><a href=\"" + icon + dt2.Rows[j]["URL"] + "\">" + dt2.Rows[j]["NAME"] + "</a>";
//result += "<li><a href=\"" + dt2.Rows[j]["URL"] + "\">" + icon + dt2.Rows[j]["NAME"] + "</a>";
if (dt2.Rows[j]["URL"].ToString().IndexOf("?") > 0)
{
result += "<li><a href=\""
+ dt2.Rows[j]["URL"].ToString().Substring(0, dt2.Rows[j]["URL"].ToString().IndexOf("?") + 1)
+ DecodeBase.Encrypt(dt2.Rows[j]["URL"].ToString().Substring(dt2.Rows[j]["URL"].ToString().IndexOf("?") + 1))
+ "\">" + icon + dt2.Rows[j]["NAME"] + "</a>";
}
else
{
result += "<li><a href=\"" + dt2.Rows[j]["URL"] + "\">" + icon + dt2.Rows[j]["NAME"] + "</a>";
}
}
sql = @"select MODULEID,NAME,PARENTID,URL,SORTINDEX,IsLeaf,ICON from sysmodule t where t.parentid='{0}'
and t.MODULEID IN (select MODULEID FROM sys_moduleuser where userid='{1}') order by sortindex";
sql = string.Format(sql, dt2.Rows[j]["MODULEID"], json_user.GetValue("ID"));
DataTable dt3 = DBMgr.GetDataTable(sql);
if (dt3.Rows.Count > 0)
{
result += "<ul>";
for (int k = 0; k < dt3.Rows.Count; k++)
{
icon = string.Empty;
if (!string.IsNullOrEmpty(dt3.Rows[k]["ICON"] + ""))
{
icon = "<i class=\"icon iconfont\">&#x" + dt3.Rows[k]["ICON"] + ";</i> ";
}
if (string.IsNullOrEmpty(dt3.Rows[k]["URL"] + ""))
{
result += "<li><a>" + icon + dt3.Rows[k]["NAME"] + "</a></li>";
}
else
{
//result += "<li><a href=\"" + dt3.Rows[k]["URL"] + "\">" + icon + dt3.Rows[k]["NAME"] + "</a></li>";
if (dt3.Rows[k]["URL"].ToString().IndexOf("?") > 0)
{
result += "<li><a href=\""
+ dt3.Rows[k]["URL"].ToString().Substring(0, dt3.Rows[k]["URL"].ToString().IndexOf("?") + 1)
+ DecodeBase.Encrypt(dt3.Rows[k]["URL"].ToString().Substring(dt3.Rows[k]["URL"].ToString().IndexOf("?") + 1))
+ "\">" + icon + dt3.Rows[k]["NAME"] + "</a>";
}
else
{
result += "<li><a href=\"" + dt3.Rows[k]["URL"] + "\">" + icon + dt3.Rows[k]["NAME"] + "</a>";
}
}
}
result += "</ul></li>";
}
else
{
result += "</li>";
}
}
result += "</ul></li>";
}
else
{
result += "</li>";
}
}
}
return(result);
}