public ActionResult EditSave(R_User_ActionInfo act)
{
if (R_User_ActionInfoService.Update(act))
{
R_User_ActionInfoService.SaveChanges();
return(Content("ok"));
}
return(Content("修改失败了!"));
}
public ActionResult Edit(string ids)
{
var id = int.Parse(ids);
R_User_ActionInfo act = R_User_ActionInfoService.LoadEntities(u => u.ID == id).FirstOrDefault();
var result = new { model = act };
JsonResult str = Json(result, JsonRequestBehavior.AllowGet);
return(Json(result, JsonRequestBehavior.AllowGet));
}
//去除特殊权限
public ActionResult RemoveUserAction(int UserInfoID, int ActionInfoID)
{
//R_User_ActionInfoService.Delete()
var item =
R_User_ActionInfoService.LoadEntities(r => r.UserInfoID == UserInfoID && r.ActionInfoID == ActionInfoID)
.FirstOrDefault();
if (item != null)
{
item.DelFlag = (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Deleted;
R_User_ActionInfoService.SaveChanges();
}
return(Content("ok"));
}
//#region 设置角色
//public ActionResult GetRoleInfo(Guid SUser)
//{
// var delNormal = (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Normal;
// UserInfo userInfo = UserInfoService.LoadEntities(u => u.ID == SUser && u.DelFlag == delNormal).FirstOrDefault();
// if (userInfo != null)
// {
// var allRoleInfo = RoleInfoService.LoadEntities(u => u.DelFlag == delNormal).ToList();
// var data = new
// {
// Rows = (from r in allRoleInfo
// select
// new { r.ID, r.Name, r.SubTime, r.SubBy, selected = userInfo.RoleInfo.Contains(r) }).ToList()
// };
// return Json(data, JsonRequestBehavior.AllowGet);
// }
// else
// {
// return Content("选择的用户不存在!");
// }
//}
//[HttpPost]
//public ActionResult SetUserRoleSave(string UserId, string RolesId)
//{
// short delNormal = (short)Model.Enum.DelFlagEnum.Normal;
// string[] idStrs = null;
// //用户选择的角色
// List<RoleInfo> userRoleSelList = new List<RoleInfo>();
// Guid idUser = Guid.Parse(UserId);
// if (RolesId != "")
// {
// idStrs = RolesId.Split(',');
// }
// UserInfo userInfo = UserInfoService.LoadEntities(u => u.ID == idUser && u.DelFlag == delNormal).FirstOrDefault();
// if (userInfo == null)
// {
// return Content("系统运行出错!");
// }
// /**************************************************************/
// userInfo.RoleInfo.Clear();
// if (idStrs != null)
// {
// foreach (var idStr in idStrs)
// {
// Guid roleId = Guid.Parse(idStr);
// RoleInfo roleInfo = RoleInfoService.LoadEntities(u => u.ID == roleId && u.DelFlag == delNormal).FirstOrDefault();
// userInfo.RoleInfo.Add(roleInfo);
// }
// }
// if (UserInfoService.Savechanges() > 0)
// {
// return Content("ok");
// }
// else
// {
// return Content("系统运行出错!");
// }
/**************************************************************/
//给用户添加用户选择的角色
//if (idStrs != null)
//{
// //添加已选
// foreach (var idStr in idStrs)
// {
// Guid roleId = Guid.Parse(idStr);
// RoleInfo roleInfo = RoleInfoService.LoadEntities(u => u.ID == roleId && u.DelFlag == delNormal).FirstOrDefault();
// userRoleSelList.Add(roleInfo);
// //只添加原来没有的角色
// if (!userInfo.RoleInfo.Contains(roleInfo))
// {
// userInfo.RoleInfo.Add(roleInfo);
// }
// }
// //已选权限
// var userRoleDelList = userInfo.RoleInfo.Except(userRoleSelList).ToList();
// foreach (var roleEx in userRoleDelList)
// {
// userInfo.RoleInfo.Remove(roleEx);
// }
//}
//else
//{
// userInfo.RoleInfo.Clear();
//}
//if (UserInfoService.Savechanges() > 0)
//{
// return Content("ok");
//}
//else
//{
// return Content("ok");
//}
//}
//#endregion
#region 设置用户的特殊权限
public ActionResult SetAction(int id)
{
short delNormal = (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Normal;
ViewData.Model = UserInfoService.LoadEntities(u => u.ID == id).FirstOrDefault();
ViewBag.ExistUserActions =
R_User_ActionInfoService.LoadEntities(r => r.DelFlag == delNormal && r.UserInfoID == id).ToList();
//后台往前天传递 所有的权限
ViewBag.AllActionInfos = ActionInfoService.LoadEntities(a => a.DelFlag == delNormal).ToList();
return(View());
}
public ActionResult GetUserAction(int SUser)
{
//拿到前台发送来的是当前页面和页的大小
short delNormal = (short)Model.Enum.DelFlagEnum.Normal;
var userActionList = R_User_ActionInfoService.LoadEntities(u => u.UserInfoID == SUser && u.DelFlag == delNormal).ToList();
var data = new
{
Rows = (from u in userActionList
select
new{ ID = u.ID, Action = u.ActionInfo.Name, u.IsPass }).ToList()
};
return(Json(data, JsonRequestBehavior.AllowGet));
}
public ActionResult Add(R_User_ActionInfo act)
{
if (act.UserInfoID == 0)
{
return(Content("请选择用户"));
}
if (act.ActionInfoID == 0)
{
return(Content("请选择权限"));
}
//查找已有权限
var userAction = R_User_ActionInfoService.LoadEntities(u => u.UserInfoID == act.UserInfoID && u.ActionInfoID == act.ActionInfoID).FirstOrDefault();
if (userAction != null)
{
if (userAction.DelFlag == (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Deleted)
{
userAction.DelFlag = (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Normal;
if (R_User_ActionInfoService.Update(userAction))
{
R_User_ActionInfoService.SaveChanges();
return(Content("ok"));
}
}
else
{
return(Content("该用户权限已经存在,不允许重复添加!"));
}
}
//查找用户编码
var user = UserInfoService.LoadEntities(u => u.ID == act.UserInfoID).FirstOrDefault();
//查找权限编码
var action = ActionInfoService.LoadEntities(u => u.ID == act.ActionInfoID).FirstOrDefault();
//#region 生成编码
act.Code = user.Code + "-" + action.Code;
act.Name = user.Name + "-" + action.Name;
act.DelFlag = (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Normal;
R_User_ActionInfoService.Add(act);
if (R_User_ActionInfoService.SaveChanges() > 0)
{
return(Content("ok"));
}
return(Content("添加失败了"));
}
//添加特殊权限
public ActionResult SetUserActionPasss(R_User_ActionInfo userAction)
{
var item =
R_User_ActionInfoService.LoadEntities(r => r.UserInfoID == userAction.UserInfoID && r.ActionInfoID == userAction.ActionInfoID)
.FirstOrDefault();
if (item == null)//如果没有那么直接添加
{
R_User_ActionInfoService.Add(userAction);
R_User_ActionInfoService.SaveChanges();
}
else//如果有那么直接修改
{
item.IsPass = userAction.IsPass;
item.DelFlag = (short)SS.Platform.OA.Model.Enum.DelFlagEnum.Normal;
R_User_ActionInfoService.SaveChanges();
}
return(Content("ok"));
}
public ActionResult DeleteIds(string ids)
{
if (string.IsNullOrEmpty(ids))
{
return(Content("系统运行出现错误!"));
}
//ids: 1,3,4
string[] idStrs = ids.Split(',');
List <int> idDelete = new List <int>();
foreach (var idStr in idStrs)
{
int deleteId = int.Parse(idStr);
idDelete.Add(deleteId);
}
if (R_User_ActionInfoService.DeleteIds(idDelete.ToArray()) > 0)
{
return(Content("ok"));
}
return(Content("系统运行出现错误!"));
}
//因为控制器本身也是一个ActionFilter,所以重写一下基类中的OnActionExcuting方法就可以实现,所有的Action执行前先校验用户是否登录了
// GET: Base
protected override void OnActionExecuted(ActionExecutedContext filterContext)
{
//test
return;
base.OnActionExecuted(filterContext);
#region 校验用户是否登录
LoginUserInfo = Session["LoginUser"] as Model.UserInfo;
if (LoginUserInfo == null)
{
//没有登录
//filterContext.HttpContext.Response.Redirect("/Error.html");
//this.Response.Clear();//这里是关键,清除在返回前已经设置好的标头信息,这样后面的跳转才不会报错
//this.Response.BufferOutput = true;//设置输出缓冲
//if (!this.Response.IsRequestBeingRedirected)//在跳转之前做判断,防止重复
// {
// this.Response.Redirect("/Login/CheckUser", true);
// }
//filterContext.HttpContext.Response.Redirect("/Login/CheckUser");
//filterContext.Result = new RedirectResult("/Login/CheckUser");
Response.Redirect("/Login/CheckUser");
return;
}
#endregion
//给自己留后门
if (LoginUserInfo != null)
{
if (LoginUserInfo.UserName == "abc")
{
return;
}
}
#region 过滤权限
//校验用户是否拥有访问此动作的权限
string str = filterContext.HttpContext.Request.RawUrl; //UserInfo/Index
string httpMethod = filterContext.HttpContext.Request.HttpMethod.ToLower();
//如果没有关联当前用户的话,那么直接跳转错页面
ActionInfoService actionInfoService = new ActionInfoService();
var currentUrlAction =//拿到当前请求地址和Method对应的权限
actionInfoService.LoadTs(a => a.Url == str && a.HttpMethod.ToLower() == httpMethod)
.FirstOrDefault();
//第一个:如果没有当前权限数据跟当前的url地址对应
if (currentUrlAction == null)
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
Response.Redirect("/Error.html");
//filterContext.HttpContext.Response.Redirect("/Error.html");
return;
}
//第二:看当前用户有没有和当前权限关联在一块
//1、校验用户特殊权限
short delNormal = (short)Model.Enum.DelFlagEnum.Normal;
R_User_ActionInfoService rUserActionInfoService = new R_User_ActionInfoService();
var tempUserAction = (from a in rUserActionInfoService.LoadTs(u => u.DelFlag == delNormal)
where (a.ActionInfoId == currentUrlAction.Id && a.UserInfoId == LoginUserInfo.Id)
select a).FirstOrDefault();
if (tempUserAction != null)
{
if (tempUserAction.IsPass)
{
return;//直接允许请求
}
else
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
Response.Redirect("/Error.html");
//filterContext.HttpContext.Response.Redirect("/Error.html");
return;
}
}
//2、首先拿到当前用户的所有角色
IBLL.IUserInfoService userInfoService = new UserInfoService();
var user = userInfoService.LoadTs(u => u.Id == LoginUserInfo.Id).FirstOrDefault();
var tempRoleActions = (from r in user.Role
from a in r.ActionInfo
where a.Id == currentUrlAction.Id
select a).Count();
if (tempRoleActions <= 0)
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
//filterContext.HttpContext.Response.Redirect("/Error.html");
Response.Redirect("/Error.html");
return;
}
else
{
return;
}
//3、拿到部门的所有角色
var tempDepRoleActions = (from d in user.Department
from r in d.Role
from a in r.ActionInfo
where a.Id == currentUrlAction.Id
select a).Count();
if (tempDepRoleActions <= 0)
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
filterContext.HttpContext.Response.Redirect("/Error.html");
return;
}
else
{
return;
}
#endregion
}
