public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.Controller is ErrorController)
{
base.OnActionExecuting(filterContext);
return;
}
//排除登陆界面controller验证权限
if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower() == "logon")
{
return;
}
OCFUser user = (filterContext.Controller as BaseController).FFUser;
DataContext dc = new DataContext();
string url = "/" + filterContext.ActionDescriptor.ControllerDescriptor.ControllerName + "/" + filterContext.ActionDescriptor.ActionName;
if (dc.PageFunctions.Where(x => x.Url.ToLower() == url || (x.Url.ToLower().Contains(url.ToLower()) && x.Url.Contains("*"))).Count() > 0)
{
if (!user.OCFRoles.Contains("Administrator") && filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower() != "home")
{
var check = dc.PageFunctions.Where(x => x.Privileges.Any(y => user.OCFRoles.Contains(y.RoleName)) && ((x.Url.ToLower() == url.ToLower()) || (x.Url.ToLower().Contains(url.ToLower()) && x.Url.Contains("*")))).FirstOrDefault();
if (check == null)
{
//filterContext.HttpContext.Response.Clear();
//var routeData = new RouteData();
var exp = new ApplicationException("没有权限");
//routeData.Values["controller"] = "Error";
//routeData.Values["action"] = "General";
//routeData.Values["exception"] = exp;
//IController errorsController = new ErrorController();
//var rc = new RequestContext(filterContext.HttpContext, routeData);
//errorsController.Execute(rc);
throw exp;
}
}
}
base.OnActionExecuting(filterContext);
}
public void SetFFUser(OCFUser user)
{
_ffSession["FFUser"] = user;
}
