public ActionResult AddNavigation()
{
string url = Request.Params["nav"];
string handleId = Request.Params["handleId"];
try
{
CurrentAccountId = UserActivity.UserNameIdMapHolder.GetId(CurrentAccountNo);
}
catch (Exception e)
{
Log.Error("系统获取用户ID失败,错误信息:{0}", e.Message);
}
using (var session = new SessionFactory().OpenSession())
{
const string sql =
"SELECT id FROM `navigations` WHERE `id` IN ( SELECT `navigation_id` FROM `navigation_priviledges` WHERE (`flag` = 1 AND `owner_id` IN (SELECT `role_id` FROM `account_role_refs` WHERE `account_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) OR (`flag` = 2 AND `owner_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) AND `url` = '{1}'";
var exceptId = session.ExecuteScalar<string>(string.Format(sql, CurrentAccountNo, url.Replace("'", "''"))).TryToLong();
if (!exceptId.HasValue)
{
return new JsonResult
{
Data = new { status = 100, message = "你未被授权,不能添加该项快捷操作!", handleId },
ContentEncoding = Encoding.UTF8
};
}
var item =
session.Load<AccountNavigationRef>(
m => m.Type.Equals(2) && m.OwnerId.Equals(CurrentAccountId) && m.NavigationId.Equals(exceptId));
if (item != null)
{
return new JsonResult
{
Data = new { status = 100, message = "你已添加该项快捷操作!", handleId },
ContentEncoding = Encoding.UTF8
};
}
item = new AccountNavigationRef
{
Type = 2,
OwnerId = CurrentAccountId,
NavigationId = exceptId.GetValueOrDefault(0),
CreatedAt = DateTime.Now,
CreatedBy = CurrentAccountNo
};
if (session.Create(item))
{
return new JsonResult
{
Data = new { status = 200, message = "增加成功!", handleId },
ContentEncoding = Encoding.UTF8
};
}
return new JsonResult
{
Data = new { status = 100, message = "操作失败!", handleId },
ContentEncoding = Encoding.UTF8
};
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (NotCheck) return;
const string missing = "___";
var accountNo = HttpContext.Current.User.Identity.Name ?? missing;
//if (accountNo.Equals("root", StringComparison.CurrentCultureIgnoreCase))
//{
// // 如果是系统管理员,验证通过
// if (IsAdminPass) return;
// if (!filterContext.HttpContext.IsDebuggingEnabled)
// {
// filterContext.Result = new RedirectResult("~/Base/Session/Forbidden");
// return;
// }
//}
const string sql = @"SELECT `name` FROM `navigations` WHERE `id` IN ( SELECT `navigation_id` FROM `navigation_priviledges` WHERE (`flag` = 1 AND `owner_id` IN (SELECT `role_id` FROM `account_role_refs` WHERE `account_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) OR (`flag` = 2 AND `owner_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) AND `name` = '{1}'";
using (var session = new SessionFactory().OpenSession())
{
var priviledge = session.ExecuteScalar<string>(string.Format(sql, accountNo, Name ?? missing));
if (string.IsNullOrEmpty(priviledge))
{
filterContext.Result = new RedirectResult("~/Base/Session/Forbidden");
}
}
//// session 变量取不到,验证失败
//var userPriviledgesObj = filterContext.HttpContext.Session[Const.AccountPriviledge];
//if (userPriviledgesObj == null)
//{
// filterContext.Result = new RedirectResult("~/Base/Session/Login");
// return;
//}
//// session 变量无值,验证失败
//var userPriviledges = userPriviledgesObj as List<string>;
//if (userPriviledges == null)
//{
// filterContext.Result = new RedirectResult("~/Base/Session/Login");
// return;
//}
//// session不包含所授,验证失败
//if (!userPriviledges.Contains(Name))
//{
// filterContext.Result = new RedirectResult("~/Base/Session/Login");
//}
}
public ActionResult RemoveNavigation()
{
string url = Request.Params["nav"];
string handleId = Request.Params["handleId"];
try
{
CurrentAccountId = UserActivity.UserNameIdMapHolder.GetId(CurrentAccountNo);
}
catch (Exception e)
{
Log.Error("系统获取用户ID失败,错误信息:{0}", e.Message);
}
using (var session = new SessionFactory().OpenSession())
{
const string sql = "SELECT id FROM `navigations` WHERE `url` = '{0}'";
var exceptId = session.ExecuteScalar<string>(string.Format(sql, url.Replace("'", "''"))).TryToLong();
if (
session.Delete<AccountNavigationRef>(
m => m.Type.Equals(2) && m.OwnerId.Equals(CurrentAccountId) && m.NavigationId.Equals(exceptId)))
{
return JsonDataResult(new { status = 200, message = "删除成功!", handleId });
}
return JsonDataResult(new { status = 100, message = "操作失败!", handleId });
}
}