public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//IE 过滤
this.GetBrowserVersions(filterContext);
var user = UserHelper.GetCurrentUser();
var siteAdminName = VM.EnumRole.SiteAdmin.ToString().ToLower();
if (user != null && !user.RoleName.ToLower().Equals(siteAdminName))
{
var blnAllow = false;
var routeValue = new VM.RouteValue();
var values = filterContext.RouteData.Values;
routeValue.Area = filterContext.RouteData.DataTokens.ContainsKey("area") ? filterContext.RouteData.DataTokens["area"].ToString().ToLower() : string.Empty;
routeValue.Controller = values.ContainsKey("controller") ? values["controller"].ToString().ToLower() : string.Empty;
routeValue.Action = values.ContainsKey("action") ? values["action"].ToString().ToLower() : string.Empty;
blnAllow = BL.Permission.CheckPermission(routeValue, user);
if (!blnAllow)
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new ContentResult {
Content = @"抱歉,你不具有当前操作的权限!"
};
}
else
{
UrlHelper url = new UrlHelper(filterContext.RequestContext);
var path = url.Action("Index", "NoPermissions", new { area = "" });
filterContext.RequestContext.HttpContext.Response.Redirect(path);
}
}
}
else if (user == null)
{
UrlHelper url = new UrlHelper(filterContext.RequestContext);
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest() &&
filterContext.RequestContext.HttpContext.Request.Url.AbsolutePath != url.Action("UserRests", "Login"))
{
filterContext.Result = new JavaScriptResult {
Script = "<script>location.href='/'</script>"
};
}
}
base.OnActionExecuting(filterContext);
}
public static bool CheckPermission(VM.RouteValue routeData, IdentityModel user)
{
//如果是User的个人信息和修改密码,则跳过
if (routeData.Action.ToLower() == "useredit" || routeData.Action.ToLower() == "updatepassword")
{
return(true);
}
var result =
(from p in user.RoleSelectList
where
p.Area.ToLower() == routeData.Area.ToLower() &&
p.Controller.ToLower() == routeData.Controller.ToLower() &&
p.Action.ToLower() == routeData.Action.ToLower() &&
p.IsAvailable == false
select p.ModuleId).FirstOrDefault();
if (result > 0)
{
return(false);
}
else
{
//check for view index permission
routeData.Action = "index";
var results =
(from p in user.RoleSelectList
where
p.Area.ToLower() == routeData.Area.ToLower() &&
p.Controller.ToLower() == routeData.Controller.ToLower() &&
p.Action.ToLower() == routeData.Action.ToLower() &&
p.IsAvailable == false
select p.ModuleId).FirstOrDefault();
if (results > 0)
{
return(false);
}
}
return(true);
}
