private void WidgetController_BeforeActionExecute(object sender, BeforeActionExecuteEventArgs e)
{
JContext jc = e.JContext;
if (jc == null)
{
//服务器错误
ResponseUtil.OutputJson(httpContext.Response, new { code = 500, msg = "不合法请求" });
e.PreventDefault = true;
return;
}
if (!jc.IsAuth)
{
//权限验证失败
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
#region 校验站点信息
if (string.IsNullOrEmpty(jc.Params["siteId"]))
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "参数列表不正确,缺少SiteId参数" });
e.PreventDefault = true;
return;
}
var site = Site.Get(jc.Params["siteId"]);
if (site == null)
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "指定的站点不存在" });
e.PreventDefault = true;
return;
}
#endregion
#region 校验用户对站点的权限
var relation = (from q in SiteUsers.CreateContext()
where q.UserId == jc.UserName && q.SiteId == site.Id
select q).FirstOrDefault();
//只有管理人员才可以对站点的挂件进行编辑
if (relation == null || relation.PermissionLevel != PermissionLevel.ADMIN)
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
#endregion
jc["site"] = site;
}
public virtual void OnBeforeActionExecute(BeforeActionExecuteEventArgs e)
{
EventHandler <BeforeActionExecuteEventArgs> handler = BeforeActionExecute;
if (handler != null)
{
handler(this, e);
}
}
private void CategoryController_BeforeActionExecute(object sender, BeforeActionExecuteEventArgs e)
{
JContext jc = e.JContext;
if (jc == null)
{
//服务器错误
ResponseUtil.OutputJson(httpContext.Response, new { code = 500, msg = "不合法请求" });
e.PreventDefault = true;
return;
}
if (!jc.IsAuth)
{
//权限验证失败
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
#region 校验站点信息
if (string.IsNullOrEmpty(jc.Params["siteId"]))
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "参数列表不正确,缺少SiteId参数" });
e.PreventDefault = true;
return;
}
var site = Site.Get(jc.Params["siteId"]);
if (site == null)
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "指定的站点不存在" });
e.PreventDefault = true;
return;
}
#endregion
jc["site"] = site;
}
private void SiteController_BeforeActionExecute(object sender, BeforeActionExecuteEventArgs e)
{
JContext jc = e.JContext;
if (jc == null)
{
//服务器错误
ResponseUtil.OutputJson(httpContext.Response, new { code = 500, msg = "不合法请求" });
e.PreventDefault = true;
return;
}
//只有管理员角色才能访问该控制器下的接口
if (!jc.IsAuth || !jc.User.IsInRole("admin"))
{
//权限验证失败
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
}
