public ActionResult BeforeLogin(string username, string password) { Material_Teacher teacher = _teacherBll.GetEntity(m => (m.Teacher_Id == username || m.Teacher_Name == username) && m.Del_Flag == false); if (teacher == null || teacher.Teacher_Password != password) { return(Content("用户名或密码错误,请核对")); } Material_Role_Teacher roleTeacher = _roleTeacherBll.GetEntity(m => m.Teacher_Id == teacher.Teacher_Id); if (roleTeacher != null) { int roleId = roleTeacher.Role_Id; bool delFlag = _roleBll.Find(roleId).Del_Flag; if (teacher == null || delFlag) { return(Content("该用户不存在或已被冻结,请先注册")); } } return(Content(teacher.Teacher_Password != password ? "密码错误,请核对密码" : "OK")); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { var managerInfo = filterContext.RequestContext.HttpContext.Request.Cookies["managerInfo"]?.Value; if (managerInfo == "null" || managerInfo == null) { return; } var controller = (filterContext.RouteData.Values["controller"] as string).FirstToUpper(); var action = (filterContext.RouteData.Values["action"] as string).FirstToUpper(); if (controller == "zero" || controller == "error" || controller == "login") { return; } var url = filterContext.HttpContext.Request.Url.ToString(); //..\Company\Index var actionUrl = string.Format("..\\{0}\\{1}", controller, action); var materialActions = _actionBll.GetEntities(m => m.Action_Url == actionUrl); if (materialActions == null || materialActions.Count == 0) { return; } var materialAction = _actionBll.GetEntity(m => m.Action_Url == actionUrl); if (materialAction == null) { return; } Material_Teacher materialTeacher = _teacherBll.GetEntity(m => m.Teacher_Name == managerInfo || m.Teacher_Id == managerInfo); var roleIds = _roleTeacherBll.GetEntities(m => m.Teacher_Id == materialTeacher.Teacher_Id).Select(m => m.Role_Id).ToList(); var actionIds = _roleActionBll.GetEntities(m => roleIds.Contains(m.Role_Id)).Select(m => m.Action_Id).ToList(); if (actionIds.Contains(materialAction.Id)) { return; } actionIds.AddRange(_teacherActionBll.GetEntities(m => m.Teacher_Id == materialTeacher.Teacher_Id && m.Has_Permission).Select(m => m.Action_Id).ToList()); if (!actionIds.Contains(materialAction.Id)) { filterContext.Result = new RedirectResult("..\\Error\\NoAuthority"); } }