/// <summary>
/// 权限验证,无需权限请在action或controller标记AllowAnonymousAttribute
/// </summary>
/// <param name="filterContext"></param>
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
#region 站点配置
ViewBag.SiteSetting = SiteSetting;
#endregion
#region 获取用户信息
var UserCK = Request.Cookies.Get(Const.SessionId);
if (UserCK != null && !String.IsNullOrEmpty(UserCK.Value))
{
try
{
User = JsonConvert.DeserializeObject<yy_User>(
HttpUtility.UrlDecode(UserCK.Value)
);
}
catch { }
}
#endregion
#region 如果无需权限验证直接跳过
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
base.OnActionExecuting(filterContext);
return;
}
#endregion
#region 登陆失败,或没有登陆
if (User == null)
{
filterContext.Result = new RedirectResult("/Admin/Login");
return;
}
#endregion
#region 没有权限访问当前页面
String ActionPath = "/" +
filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower() +
"/" +
filterContext.ActionDescriptor.ActionName.ToLower();
var CurrentViewPage = Permission.Where(x => x.PageName == ActionPath).FirstOrDefault();
if (CurrentViewPage == null)
{
filterContext.Result = new RedirectResult("/Admin/NoPermission");
return;
}
//当前访问的页面,用于在客户端定位页面所属的菜单类目,做选中效果
ViewBag.CurrentPage = CurrentViewPage;
base.OnActionExecuting(filterContext);
#endregion
ViewBag.User = User;
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
#region 如果无需权限验证直接跳过
if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0)
{
base.OnActionExecuting(actionContext);
return;
}
#endregion
String UserStr = String.Empty;
try
{
UserStr = actionContext.Request.Headers.GetCookies().FirstOrDefault()
.Cookies.FirstOrDefault().Value;
UserStr = HttpUtility.UrlDecode(UserStr);
}
catch
{
}
if (!String.IsNullOrEmpty(UserStr))
{
try
{
User = JsonConvert.DeserializeObject<yy_User>(UserStr);
}
catch { User = null; }
}
if (User == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
{
Content = new StringContent("无效的用户",
Encoding.UTF8,
"application/json")
};
return;
}
//String ActionPath = "/" + actionContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower() + "/" + actionContext.ActionDescriptor.ActionName.ToLower();
//如果没有权限访问当前API方法
//如果需要验证每一个API的权限可继续验证,这里暂时不需要了
}
public ResponseItem Put(yy_User value)
{
var _Operator = DB.yy_User.Find(value.ID);
if (_Operator != null)
{
if (!_Operator.UserPwd.Equals(value.UserPwd))
{
value.UserPwd = MD5(value.UserPwd);
_Operator.UserPwd = value.UserPwd;
}
_Operator.Address = value.Address;
_Operator.CityID = value.CityID;
_Operator.CountryID = value.CountryID;
_Operator.CreateDate = value.CreateDate;
_Operator.DistrictID = value.DistrictID;
_Operator.Gender = value.Gender;
_Operator.LockFlag = value.LockFlag;
_Operator.Mail = value.Mail;
_Operator.Mobile = value.Mobile;
_Operator.Permission = value.Permission;
_Operator.ProvinceID = value.ProvinceID;
_Operator.Role = value.Role;
_Operator.HeadImgUrl = value.HeadImgUrl;
DB.SaveChanges();
return new ResponseItem(0, "");
}
return new ResponseItem(1, "不存在的用户。");
}
public ResponseItem ShowHide(yy_User value)
{
var _News = DB.yy_User.Find(value.ID);
if (_News != null)
{
_News.LockFlag = value.LockFlag;
DB.SaveChanges();
return new ResponseItem(0, "");
}
return new ResponseItem(2, "不存在的用户。");
}
public ResponseItem Post(yy_User value)
{
var ExistsUser = DB.yy_User.Where(x => x.UserName == value.UserName).FirstOrDefault();
if (ExistsUser!=null)
{
return new ResponseItem(1, "已存在的用户账号。");
}
try
{
DB.yy_User.Add(value);
DB.SaveChanges();
return new ResponseItem(0, "添加用户成功。");
}
catch (Exception ex)
{
return new ResponseItem(2, ex.Message);
}
}
