Ejemplo n.º 1
0
        /// <summary>授权发生时触发</summary>
        /// <param name="filterContext"></param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            /*
             * 验证范围:
             * 1,魔方区域下的所有控制器
             * 2,所有带有EntityAuthorize特性的控制器或动作
             */
            var act  = filterContext.ActionDescriptor;
            var ctrl = act.ControllerDescriptor;

            // 允许匿名访问时,直接跳过检查
            if (act.IsDefined(typeof(AllowAnonymousAttribute), true) || ctrl.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                return;
            }

            // 如果控制器或者Action放有该特性,则跳过全局
            var hasAtt = act.IsDefined(typeof(EntityAuthorizeAttribute), true) || ctrl.IsDefined(typeof(EntityAuthorizeAttribute), true);

            if (IsGlobal && hasAtt)
            {
                return;
            }

            // 只验证管辖范围
            var create = false;

            if (!AreaRegistrationBase.Contains(filterContext.Controller))
            {
                if (!hasAtt)
                {
                    return;
                }
                // 不属于魔方而又加了权限特性,需要创建菜单
                create = true;
            }

            // 根据控制器定位资源菜单
            var menu = GetMenu(filterContext, create);

            // 如果已经处理过,就不处理了
            if (filterContext.Result != null)
            {
                return;
            }

            base.OnAuthorization(filterContext);
        }
Ejemplo n.º 2
0
        /// <summary>拦截异常</summary>
        /// <param name="ctx"></param>
        public override void OnException(ExceptionContext ctx)
        {
            // 判断控制器是否在管辖范围之内,不拦截其它控制器的异常信息
            if (!ctx.ExceptionHandled && AreaRegistrationBase.Contains(ctx.Controller))
            {
                XTrace.WriteException(ctx.Exception);
                ctx.ExceptionHandled = true;

                var vr = new ViewResult();
                vr.ViewName        = "Error";
                vr.ViewBag.Context = ctx;

                ctx.Result = vr;
            }

            base.OnException(ctx);
        }
Ejemplo n.º 3
0
        /// <summary>拦截异常</summary>
        /// <param name="ctx"></param>
        public override void OnException(ExceptionContext ctx)
        {
            // 判断控制器是否在管辖范围之内,不拦截其它控制器的异常信息
            if (!ctx.ExceptionHandled && AreaRegistrationBase.Contains(ctx.Controller))
            {
                //XTrace.WriteException(ctx.Exception);
                var ex = ctx.Exception?.GetTrue();
                if (ex != null)
                {
                    // 避免反复出现缺少文件
                    if (ex is HttpException hex && (UInt32)hex.ErrorCode == 0x80004005)
                    {
                        var url = HttpContext.Current.Request.RawUrl + "";
                        if (!NotFoundFiles.Contains(url))
                            NotFoundFiles.Add(url);
                        else
                            ex = null;
                    }

                    if (ex != null) XTrace.WriteException(ex);
                }

                ctx.ExceptionHandled = true;

                if (ctx.RequestContext.HttpContext.Request.IsAjaxRequest())
                {
                    var act = "操作";
                    if (ctx.RouteData.Values.ContainsKey("action")) act = "[{0}]".F(ctx.RouteData.Values["action"]);
                    ctx.Result = ControllerHelper.JsonTips("{0}失败!{1}".F(act, ex.Message));
                }
                else
                {
                    var vr = new ViewResult
                    {
                        ViewName = "CubeError"
                    };
                    vr.ViewBag.Context = ctx;

                    ctx.Result = vr;
                }
            }

            base.OnException(ctx);
        }
Ejemplo n.º 4
0
        /// <summary>拦截异常</summary>
        /// <param name="ctx"></param>
        public override void OnException(ExceptionContext ctx)
        {
            // 判断控制器是否在管辖范围之内,不拦截其它控制器的异常信息
            if (!ctx.ExceptionHandled && AreaRegistrationBase.Contains(ctx.Controller))
            {
                //XTrace.WriteException(ctx.Exception);
                var ex = ctx.Exception?.GetTrue();
                if (ex != null)
                {
                    // 避免反复出现缺少文件
                    var hex = ex as HttpException;
                    if (hex != null && (UInt32)hex.ErrorCode == 0x80004005)
                    {
                        var url = HttpContext.Current.Request.RawUrl + "";
                        if (!NotFoundFiles.Contains(url))
                        {
                            NotFoundFiles.Add(url);
                        }
                        else
                        {
                            ex = null;
                        }
                    }

                    if (ex != null)
                    {
                        XTrace.WriteException(ex);
                    }
                }

                ctx.ExceptionHandled = true;

                var vr = new ViewResult();
                vr.ViewName        = "Error";
                vr.ViewBag.Context = ctx;

                ctx.Result = vr;
            }

            base.OnException(ctx);
        }
Ejemplo n.º 5
0
        /// <summary>授权发生时触发</summary>
        /// <param name="filterContext"></param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            //// 基类方法会检查AllowAnonymous
            //base.OnAuthorization(filterContext);
            //if (filterContext.Result == null) return;

            // 只验证管辖范围
            if (!AreaRegistrationBase.Contains(filterContext.Controller))
            {
                return;
            }

            var act = filterContext.ActionDescriptor;

            // 如果控制器或者Action放有该特性,则跳过全局
            if (IsGlobal)
            {
                if (act.IsDefined(typeof(EntityAuthorizeAttribute), true) || act.ControllerDescriptor.IsDefined(typeof(EntityAuthorizeAttribute), true))
                {
                    return;
                }
            }

            // 允许匿名访问时,直接跳过检查
            if (act.IsDefined(typeof(AllowAnonymousAttribute), true) || act.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                return;
            }

            // 判断当前登录用户
            var user = ManageProvider.User;

            if (user == null)
            {
                HandleUnauthorizedRequest(filterContext);
                return;
            }

            // 根据请求Url定位资源菜单
            var url  = filterContext.HttpContext.Request.AppRelativeCurrentExecutionFilePath;
            var menu = ManageProvider.Menu.Current;

            if (menu != null)
            {
                var role = (user as IUser).Role;
                if (role.Has(menu.ID, Permission))
                {
                    return;
                }
            }
            else
            {
                XTrace.WriteLine("设计错误!验证权限时无法找到[{0}]的菜单", url);
            }

            var vr = new ViewResult();

            vr.ViewName           = "NoPermission";
            vr.ViewBag.Context    = filterContext;
            vr.ViewBag.Resource   = menu != null ? (menu + "") : url;
            vr.ViewBag.Permission = Permission;

            filterContext.Result = vr;
        }
Ejemplo n.º 6
0
        /// <summary>授权发生时触发</summary>
        /// <param name="filterContext"></param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            // 只验证管辖范围
            if (!AreaRegistrationBase.Contains(filterContext.Controller))
            {
                return;
            }

            ManageProvider.Provider.SetPrincipal();

            var act = filterContext.ActionDescriptor;

            // 如果控制器或者Action放有该特性,则跳过全局
            if (IsGlobal)
            {
                if (act.IsDefined(typeof(EntityAuthorizeAttribute), true) || act.ControllerDescriptor.IsDefined(typeof(EntityAuthorizeAttribute), true))
                {
                    return;
                }
            }

            // 允许匿名访问时,直接跳过检查
            if (act.IsDefined(typeof(AllowAnonymousAttribute), true) || act.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                return;
            }

            var ctx = filterContext.HttpContext;
            // 判断当前登录用户
            var user = ManageProvider.User;

            if (user == null)
            {
                //HandleUnauthorizedRequest(filterContext);
                //var rurl = HttpRuntime.AppDomainAppVirtualPath.EnsureEnd("/");
                //rurl += "Admin/User/Login";

                var retUrl = ctx.Request.Url?.PathAndQuery;
                //if (!retUrl.IsNullOrEmpty() && retUrl != "/") rurl += "?returnUrl=" + retUrl;

                var rurl = "~/Admin/User/Login".AppendReturn(retUrl);
                ctx.Response.Redirect(rurl);
                return;
            }

            // 根据请求Url定位资源菜单
            var url  = ctx.Request.AppRelativeCurrentExecutionFilePath;
            var menu = ManageProvider.Menu?.Current;

            if (menu != null)
            {
                var role = user?.Role;
                if (role != null && role.Has(menu.ID, Permission))
                {
                    return;
                }
            }
            else
            {
                XTrace.WriteLine("设计错误!验证权限时无法找到[{0}]的菜单", url);
            }

            var res = "[{0}/{1}] {2}".F(act.ControllerDescriptor.ControllerName, act.ActionName, menu != null ? (menu + "") : url);
            var msg = "访问资源 {0} 需要 {1} 权限".F(res, Permission.GetDescription());

            LogProvider.Provider.WriteLog("访问", "拒绝", msg);

            var vr = new ViewResult()
            {
                ViewName = "NoPermission"
            };

            vr.ViewBag.Context    = filterContext;
            vr.ViewBag.Resource   = res;
            vr.ViewBag.Permission = Permission;

            filterContext.Result = vr;
        }
Ejemplo n.º 7
0
        /// <summary>拦截异常</summary>
        /// <param name="ctx"></param>
        public override void OnException(ExceptionContext ctx)
        {
            if (ctx.ExceptionHandled)
            {
                return;
            }

            //XTrace.WriteException(ctx.Exception);
            var ex = ctx.Exception?.GetTrue();

            if (ex != null)
            {
                // 避免反复出现缺少文件
                if (ex is HttpException hex && (UInt32)hex.ErrorCode == 0x80004005)
                {
                    var url = HttpContext.Current.Request.RawUrl + "";
                    if (!NotFoundFiles.Contains(url))
                    {
                        NotFoundFiles.Add(url);
                    }
                    else
                    {
                        ex = null;
                    }
                }

                // 拦截没有权限
                if (ex is NoPermissionException nex)
                {
                    ctx.Result           = ctx.Controller.NoPermission(nex);
                    ctx.ExceptionHandled = true;
                }

                if (ex != null)
                {
                    XTrace.WriteException(ex);
                }
            }
            if (ctx.ExceptionHandled)
            {
                return;
            }

            // 判断控制器是否在管辖范围之内,不拦截其它控制器的异常信息
            if (Setting.Current.CatchAllException || AreaRegistrationBase.Contains(ctx.Controller))
            {
                ctx.ExceptionHandled = true;

                var ctrl = "";
                var act  = "";
                if (ctx.RouteData.Values.ContainsKey("controller"))
                {
                    ctrl = ctx.RouteData.Values["controller"] + "";
                }
                if (ctx.RouteData.Values.ContainsKey("action"))
                {
                    act = ctx.RouteData.Values["action"] + "";
                }

                if (ctx.RequestContext.HttpContext.Request.IsAjaxRequest())
                {
                    if (act.IsNullOrEmpty())
                    {
                        act = "操作";
                    }
                    ctx.Result = ControllerHelper.JsonTips("[{0}]失败!{1}".F(act, ex.Message));
                }
                else
                {
                    var vr = new ViewResult
                    {
                        ViewName = "CubeError"
                    };
                    vr.ViewBag.Context = ctx;

                    var vd = vr.ViewData = ctx.Controller.ViewData;
                    vd.Model = new HandleErrorInfo(ex, ctrl, act);

                    ctx.Result = vr;
                }
            }

            base.OnException(ctx);
        }