private void DoAuthorization(AuthorizationContext filterContext)
{
var httpContext = filterContext.HttpContext;
int targetId = int.Parse(httpContext.Request["id"]);
string action_filtered = "delete";
string errorUnAuthorizedDataAccess = "没有授权操作该门店和品牌!";
//authorize
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = filterContext.ActionDescriptor.ActionName;
UserController currentController = filterContext.Controller as UserController;
if (string.Compare(actionName, action_filtered, true) != 0)
{
return;
}
var currentUser = currentController.CurrentUser;
if (currentUser == null)
{
httpContext.Response.StatusCode = 401;
return;
}
IUserAuthRepository authRepo = ServiceLocator.Current.Resolve <IUserAuthRepository>();
if (currentUser.Role == UserRole.Admin)
{
return;
}
if (currentController is ProductController)
{
var entity = ServiceLocator.Current.Resolve <IProductRepository>().Find(targetId);
if (entity == null)
{
return;
}
if (!authRepo.Get(a => a.UserId == currentUser.CustomerId)
.Any(a => a.StoreId == entity.Store_Id &&
(a.BrandId == 0 || a.BrandId == entity.Brand_Id)))
{
httpContext.Response.StatusCode = 401;
httpContext.Response.StatusDescription = errorUnAuthorizedDataAccess;
return;
}
}
else if (currentController is PromotionController)
{
var entity = ServiceLocator.Current.Resolve <IPromotionRepository>().Find(targetId);
if (entity == null)
{
return;
}
if (!authRepo.Get(a => a.UserId == currentUser.CustomerId)
.Any(a => a.StoreId == entity.Store_Id))
{
httpContext.Response.StatusCode = 401;
httpContext.Response.StatusDescription = errorUnAuthorizedDataAccess;
return;
}
}
}
public ActionResult List(PagerRequest request, UserAuthSearchOption search)
{
int totalCount;
var data = _authRepo.Get(e => (!search.Type.HasValue || e.Type == search.Type.Value) &&
(!search.BrandId.HasValue || e.BrandId == search.BrandId.Value) &&
(!search.StoreId.HasValue || e.StoreId == search.StoreId.Value) &&
(!search.UserId.HasValue || e.UserId == search.UserId.Value) &&
e.Status != (int)DataStatus.Deleted
, out totalCount
, request.PageIndex
, request.PageSize
, e =>
{
if (!search.OrderBy.HasValue)
{
return(e.OrderByDescending(o => o.CreatedDate));
}
else
{
switch (search.OrderBy.Value)
{
case GenericOrder.OrderByCreateUser:
return(e.OrderByDescending(o => o.CreatedUser));
case GenericOrder.OrderByName:
case GenericOrder.OrderByCreateDate:
default:
return(e.OrderByDescending(o => o.CreatedDate));
}
}
});
var models = data.Join(_customerRepo.GetAll(), o => o.UserId, i => i.Id, (o, i) => new { UA = o, U = i })
.GroupJoin(_storeRepo.GetAll(), o => o.UA.StoreId, i => i.Id, (o, i) => new { UA = o.UA, U = o.U, S = i.FirstOrDefault() })
.GroupJoin(_brandRep.GetAll(), o => o.UA.BrandId, i => i.Id, (o, i) => new { UA = o.UA, U = o.U, S = o.S, B = i.FirstOrDefault() })
.ToList()
.Select(o => new UserAuthViewModel()
{
Id = o.UA.Id
, BrandId = o.UA.BrandId
, StoreId = o.UA.StoreId
, Type = o.UA.Type
, BrandName = o.B == null?"所有":o.B.Name
, UserId = o.UA.UserId
, UserNick = o.U.Nickname
, StoreName = o.S == null ? "所有" : o.S.Name
, Status = o.UA.Status.Value
});
return(View("List", new Pager <UserAuthViewModel>(request, totalCount)
{
Data = models.ToList()
}));
}
public IEnumerable <ValidationResult> Validate(ValidationContext validationContext)
{
string errorUnAuthorizedDataAccess = "没有授权操作该门店促销!";
var currentUser = ServiceLocator.Current.Resolve <IAuthenticationService>().CurrentUserFromHttpContext(HttpContext.Current);
if (currentUser == null)
{
yield return(new ValidationResult(errorUnAuthorizedDataAccess));
}
IUserAuthRepository authRepo = ServiceLocator.Current.Resolve <IUserAuthRepository>();
if (currentUser.Role == (int)UserRole.Admin)
{
yield break;
}
if (!authRepo.Get(a => a.UserId == currentUser.CustomerId)
.Any(a => a.StoreId == 0 || a.StoreId == this.Store_Id))
{
yield return(new ValidationResult(errorUnAuthorizedDataAccess));
}
}
public User GetUserById(int id)
{
return(userAuthRepository.Get(id));
}