/// <summary> /// 在执行操作方法之前由 ASP.NET MVC 框架调用。 /// </summary> /// <param name="filterContext"></param> public override void OnActionExecuting(ActionExecutingContext filterContext) { bool islogin = false; #region 登录验证 UserInfo user = BaseHelper.getCookie(); if (user != null && user.userID.Trim() != "") { islogin = true; } if (!islogin) { filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" })); return; } #endregion fcinfo = new filterContextInfo(filterContext); string[] actions = fcinfo.actionName.Split('_'); string controller = fcinfo.controllerName; #region action或controller为空 if (fcinfo.actionName.Trim() == "" || controller.Trim() == "") { filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" })); return; } #endregion //取权限 string strSql = "select c.power " + "from UserInfo a, PowerGroup b, PowerGroupPower c, SystemModule d " + "where a.powergroupID=b.ID and b.ID=c.groupID and c.moduleID=d.ID and d.controller=@controller and d.action=@action and a.id=@id"; SqlParameter[] param = new SqlParameter[] { new SqlParameter("@controller", controller), new SqlParameter("@action", actions[0]), new SqlParameter("@id", user.id) }; DataTable dt = SqlHelper.ExecuteDataset(BaseHelper.DBConnStr, CommandType.Text, strSql, param).Tables[0]; //没有设置权限或禁止 if (dt.Rows.Count == 0 || dt.Rows[0]["power"].ToString() == "0") { filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" }; return; } //只读 int power = Convert.ToInt32(dt.Rows[0]["power"]); if (actions.Length > 1 && (actions[1].IndexOf("add") != -1 || actions[1].IndexOf("edit") != -1 || actions[1].IndexOf("remove") != -1 || actions[1].IndexOf("output") != -1) && power < 2) { filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" }; return; } }
/// <summary> /// 在执行操作方法之前由 ASP.NET MVC 框架调用。 /// </summary> /// <param name="filterContext"></param> public override void OnActionExecuting(ActionExecutingContext filterContext) { bool islogin = false; #region 登录验证 UserInfo user = BaseHelper.getCookie(); if (user != null && user.userID.Trim() != "") islogin = true; if (!islogin) { filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" })); return; } #endregion fcinfo = new filterContextInfo(filterContext); string[] actions = fcinfo.actionName.Split('_'); string controller = fcinfo.controllerName; #region action或controller为空 if (fcinfo.actionName.Trim() == "" || controller.Trim() == "") { filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" })); return; } #endregion //取权限 string strSql = "select c.power " + "from UserInfo a, PowerGroup b, PowerGroupPower c, SystemModule d " + "where a.powergroupID=b.ID and b.ID=c.groupID and c.moduleID=d.ID and d.controller=@controller and d.action=@action and a.id=@id"; SqlParameter[] param = new SqlParameter[] { new SqlParameter("@controller", controller), new SqlParameter("@action", actions[0]), new SqlParameter("@id", user.id) }; DataTable dt = SqlHelper.ExecuteDataset(BaseHelper.DBConnStr, CommandType.Text, strSql, param).Tables[0]; //没有设置权限或禁止 if (dt.Rows.Count == 0 || dt.Rows[0]["power"].ToString() == "0") { filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" }; return; } //只读 int power = Convert.ToInt32(dt.Rows[0]["power"]); if (actions.Length > 1 && (actions[1].IndexOf("add") != -1 || actions[1].IndexOf("edit") != -1 || actions[1].IndexOf("remove") != -1 || actions[1].IndexOf("output") != -1) && power < 2) { filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" }; return; } }