public ActionResult AddActionInfo(ActionInfo actionInfo)
{
if (!string.IsNullOrEmpty(actionInfo.ActionName) && !string.IsNullOrEmpty(actionInfo.Url) && !string.IsNullOrEmpty(Request["Sort"]))
{
int sort = 0;
int.TryParse(Request["Sort"], out sort);
short normal = (short)DelFlagEnum.Normal;
actionInfo.Url = Request["Url"].ToLower();
actionInfo.Sort = sort;
actionInfo.SubTime = DateTime.Now;
actionInfo.ModfiedOn = DateTime.Now;
actionInfo.DelFlag = normal;
actionInfo.IsMenu = Request["isOrNo"] == "true" ? true : false;
actionInfo.MenuIcon = Request["ImgSrc"];
ActionInfo action = ActionInfoService.Add(actionInfo);
if (action != null)
{
return(Content("ok"));
}
}
return(Content("no"));
}
public ActionResult GetActionInfo()
{
short isActive = (short)EnumIsActive.ActiveLogical;
int pageIndex = Request["page"] == null ? 1 : int.Parse(Request["page"]);
int pageSize = Request["rows"] == null ? 5 : int.Parse(Request["rows"]);
int total;
var entities = ActionInfoService.LoadEntitiesByPage <int>(pageIndex, pageSize, out total, u => u.DelFlag == isActive, u => u.ID, true);
var pageEntities = from u in entities
select new
{
ID = u.ID,
ActionInfoName = u.ActionInfoName,
Remark = u.Remark,
SubTime = u.SubTime,
Url = u.Url,
HttpMethod = u.HttpMethod,
ActionTypeEnum = u.ActionTypeEnum,
Sort = u.Sort
};
return(Json(new { rows = pageEntities, total = total }, JsonRequestBehavior.AllowGet));
}
public ActionResult Delete(string ids)
{
if (string.IsNullOrEmpty(ids))
{
return Content("异常的删除id提交");
}
string[] strIds = ids.Split(',');
List<int> idList = new List<int>();
foreach (var strId in strIds)
{
idList.Add(int.Parse(strId));
}
// UserInfoService.DeleteList(idList);
int res= ActionInfoService.DeleteList(idList);
if (res > 0)
{
return Content("ok");
}
else
{
return Content("");
}
}
public ActionResult SetActionRoleInfo()
{
int RoleinfoId = int.Parse(Request["actionId"]);
List <int> list = new List <int>();
string[] allkeys = Request.Form.AllKeys;//获取所有表单中Name属性的值
foreach (string key in allkeys)
{
if (key.StartsWith("cba_"))
{
string k = key.Replace("cba_", "");
list.Add(int.Parse(k));
}
}
if (ActionInfoService.SetActionRoleInfo(RoleinfoId, list))
{
return(Content("ok"));
}
else
{
return(Content("no"));
}
}
public ActionResult AddActionInfo()
{
ActionInfo action = new ActionInfo();
action.ActionInfoName = Request["ActionInfoName"];
action.ActionTypeEnum = short.Parse(Request["ActionTypeEnum"]);
action.Remark = Request["Remark"];
action.Sort = Request["Sort"];
action.MenuIcon = Request["MenuIcon"];
action.Url = Request["Url"];
action.HttpMethod = Request["HttpMethod"];
action.DelFlag = 0;
action.SubTime = DateTime.Now;
action.ModifiedOn = DateTime.Now.ToString();
if (ActionInfoService.AddEntity(action) != null)
{
return(Content("Y"));
}
else
{
return(Content("N"));
}
}
public ActionResult SetRole4Action()
{
int actionID = int.Parse(Request["ID"]);
string[] roleIDS = Request.Form.AllKeys;
List <int> roleIDList = new List <int>();
foreach (var item in roleIDS)
{
if (item.StartsWith("pe_"))
{
roleIDList.Add(int.Parse(item.Replace("pe_", "")));
}
}
if (ActionInfoService.SetRole4Action(actionID, roleIDList))
{
return(Content("Y"));
}
else
{
return(Content("N"));
}
}
public ActionResult ShowEditInfo()
{
int id = int.Parse(Request["id"]);
var roleInfo = ActionInfoService.LoadEntities(r => r.ID == id).FirstOrDefault();
Inventory_ActionInfo ai = new Inventory_ActionInfo();
ai.ActionInfoName = roleInfo.ActionInfoName;
ai.Url = roleInfo.Url;
ai.ID = roleInfo.ID;
ai.HttpMethod = roleInfo.HttpMethod;
ai.Sort = roleInfo.Sort;
if (ai != null)
{
return(Content(Common.SerializerHelper.SerializeToString(new { serverData = ai, msg = "ok" })));
}
else
{
return(Content(Common.SerializerHelper.SerializeToString(new { msg = "no" })));
}
}
//设置权限角色
public ActionResult SetActionRole()
{
int actionId = Request["actionInfoId"] == null?0:int.Parse(Request["actionInfoId"]);
string [] allKeys = Request.Form.AllKeys;
List <int> roleIdlist = new List <int>();
foreach (var Key in allKeys)
{
if (Key.StartsWith("CKB_"))
{
roleIdlist.Add(int.Parse(Request[Key]));
}
}
if (ActionInfoService.SetActionRoleInfo(actionId, roleIdlist))
{
return(Content("ok"));
}
else
{
return(Content("no"));
}
}
public ActionResult Edit(ActionInfo actionInfo)
{
string result = "no";
//完成初始值
actionInfo.IsDelete = false;
actionInfo.SubBy = 1;
actionInfo.SubTime = DateTime.Now;
if (actionInfo.Remark == null)
{
actionInfo.Remark = "";
}
if (!actionInfo.IsMenu)
{
actionInfo.MenuIcon = "";
}
if (ActionInfoService.Edit(actionInfo))
{
result = "ok";
}
return(Content(result));
}
public ActionResult GetActionInfo()
{
int pageIndex = Request["page"] != null?int.Parse(Request["page"]) : 1;
int pageSize = Request["rows"] != null?int.Parse(Request["rows"]) : 5;
int totalCount;
short delFlag = (short)DelFlagEnum.Normarl;
var actioninfolist = ActionInfoService.LoadPageEntities <string>(pageIndex, pageSize, out totalCount, a => a.DelFlag == delFlag, a => a.Url, true);
var temp = from a in actioninfolist
select new
{
ID = a.ID,
ActionInfoName = a.ActionInfoName,
Sort = a.Sort,
Remark = a.Remark,
Url = a.Url,
HttpMethod = a.HttpMethod,
ActionTypeEnum = a.ActionTypeEnum,
SubTime = a.SubTime
};
return(Json(new { rows = temp, total = totalCount }, JsonRequestBehavior.AllowGet));
}
public ActionResult SetAction(int id)
{
ViewBag.User = UserInfoService.GetEntities(u => u.Id == id).FirstOrDefault();
ViewData.Model = ActionInfoService.GetEntities(a => a.DelFlag == delflagNormal).ToList();
return(View());
}
public ActionResult Edit(int id1)
{
ViewData.Model = ActionInfoService.GetById(id1);
return(View());
}
public ActionResult Index()
{
//ViewData.Model = ActionInfoService
// .GetList(a => (a.IsDelete == false) && (a.IsMenu == true))
// .Select(a => new MenuViewModel()
// {
// ActionTitle = a.ActionTitle,
// ActionName = a.ActionName,
// ControllerName = a.ControllerName,
// MenuIcon = a.MenuIcon
// }).ToList();
#region 主菜单过滤
//1准备目标集合
List <MenuViewModel> listMenu = new List <MenuViewModel>();
//1.1获取所有的桌面菜单
List <ActionInfo> list = ActionInfoService.GetList(a => a.IsDelete == false && a.IsMenu == true).ToList();
//1.2获取当前登录的用户的对象
UserInfo userInfo = UserInfoService.GetById(UserLogin.UserId);
//1.3遍历所有桌面菜单,逐个判断是否有权限
foreach (var actionInfo in list)
{
//根据当前数据,构造一个菜单对象
MenuViewModel menu = new MenuViewModel()
{
ActionTitle = actionInfo.ActionTitle,
ControllerName = actionInfo.ControllerName,
ActionName = actionInfo.ActionName,
MenuIcon = actionInfo.MenuIcon
};
//如果当前用户是admin,则不需要判断直接进入
if (UserLogin.UserName.Equals("admin"))
{
listMenu.Add(menu);
continue;
}
//2、查找否决中是否允许,如果允许,直接加入目标集合
if (UserActionService.GetList(ua =>
(ua.ActionId == actionInfo.ActionId) &&
(ua.UserId == UserLogin.UserId) &&
(ua.IsAllow == true)).Count() > 0)
{
listMenu.Add(menu);
continue;
}
//3、如果特权没有允许,则查找角色-权限过程
var result1 = from r in userInfo.RoleInfo//from a in list<a>
from a in r.ActionInfo
where a.ActionId == actionInfo.ActionId
select a;
if (result1.Count() > 0)
{
listMenu.Add(menu);
}
//4、排除拒绝的特殊权限
var result2 = from ua in userInfo.UserAction
where ua.ActionId == actionInfo.ActionId
&&
ua.IsAllow == false
select ua;
if (result2.Count() > 0)
{
listMenu.Remove(menu);
}
}
#endregion
return(View(listMenu));
}
public ActionResult DistributeUserAction(int uid, int aid, bool ispass)
{
return(ActionInfoService.DistributeUserAction(uid, aid, ispass) ?Content("ok"):Content("no"));
}
//搜索框功能
public ActionResult Find()
{
int pageIndex = Request["page"] != null?int.Parse(Request["page"]) : 1;
int pageSize = Request["rows"] != null?int.Parse(Request["rows"]) : 20;
int totalCount;
var value = Request["value"];
var name = Request["name"];
var temp = ActionInfoService.LoadEntities(a => a.ID > 0).DefaultIfEmpty();
if (name == "RequestUrl")
{
List <ActionInfo> list = new List <ActionInfo>();
foreach (var a in temp)
{
if (a.Url.IndexOf(value) != -1)
{
list.Add(a);
}
else
{
continue;
}
}
var rtmp = from a in list
select new
{
ID = a.ID,
ActionInfoName = a.ActionInfoName,
Sort = a.Sort,
Remark = a.Remark,
Url = a.Url,
HttpMethod = a.HttpMethod,
ActionTypeEnum = a.ActionTypeEnum,
SubTime = a.SubTime
};
totalCount = rtmp.Count();
return(Json(new { total = totalCount, rows = rtmp }, JsonRequestBehavior.AllowGet));
}
else
{
List <ActionInfo> list = new List <ActionInfo>();
foreach (var a in temp)
{
if (a.ActionInfoName.IndexOf(value) != -1)
{
list.Add(a);
}
else
{
continue;
}
}
var rtmp = from a in list
select new
{
ID = a.ID,
ActionInfoName = a.ActionInfoName,
Sort = a.Sort,
Remark = a.Remark,
Url = a.Url,
HttpMethod = a.HttpMethod,
ActionTypeEnum = a.ActionTypeEnum,
SubTime = a.SubTime
};
totalCount = rtmp.Count();
return(Json(new { total = totalCount, rows = rtmp }, JsonRequestBehavior.AllowGet));
}
}
public ActionResult ShowActionInfo(int id)
{
ActionInfo actionInfo = ActionInfoService.LoadEntities(u => u.ID == id).FirstOrDefault();
return(Content(WebCommon.GetJson(actionInfo)));
}
public ActionResult CancelUserAction(int aid)
{
return(ActionInfoService.DistributeUserAction(aid) ? Content("ok") : Content("no"));
}
//因为控制器本身也是一个ActionFilter,所以重写一下基类中的OnActionExcuting方法就可以实现,所有的Action执行前先校验用户是否登录了
// GET: Base
protected override void OnActionExecuted(ActionExecutedContext filterContext)
{
//test
return;
base.OnActionExecuted(filterContext);
#region 校验用户是否登录
LoginUserInfo = Session["LoginUser"] as Model.UserInfo;
if (LoginUserInfo == null)
{
//没有登录
//filterContext.HttpContext.Response.Redirect("/Error.html");
//this.Response.Clear();//这里是关键,清除在返回前已经设置好的标头信息,这样后面的跳转才不会报错
//this.Response.BufferOutput = true;//设置输出缓冲
//if (!this.Response.IsRequestBeingRedirected)//在跳转之前做判断,防止重复
// {
// this.Response.Redirect("/Login/CheckUser", true);
// }
//filterContext.HttpContext.Response.Redirect("/Login/CheckUser");
//filterContext.Result = new RedirectResult("/Login/CheckUser");
Response.Redirect("/Login/CheckUser");
return;
}
#endregion
//给自己留后门
if (LoginUserInfo != null)
{
if (LoginUserInfo.UserName == "abc")
{
return;
}
}
#region 过滤权限
//校验用户是否拥有访问此动作的权限
string str = filterContext.HttpContext.Request.RawUrl; //UserInfo/Index
string httpMethod = filterContext.HttpContext.Request.HttpMethod.ToLower();
//如果没有关联当前用户的话,那么直接跳转错页面
ActionInfoService actionInfoService = new ActionInfoService();
var currentUrlAction =//拿到当前请求地址和Method对应的权限
actionInfoService.LoadTs(a => a.Url == str && a.HttpMethod.ToLower() == httpMethod)
.FirstOrDefault();
//第一个:如果没有当前权限数据跟当前的url地址对应
if (currentUrlAction == null)
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
Response.Redirect("/Error.html");
//filterContext.HttpContext.Response.Redirect("/Error.html");
return;
}
//第二:看当前用户有没有和当前权限关联在一块
//1、校验用户特殊权限
short delNormal = (short)Model.Enum.DelFlagEnum.Normal;
R_User_ActionInfoService rUserActionInfoService = new R_User_ActionInfoService();
var tempUserAction = (from a in rUserActionInfoService.LoadTs(u => u.DelFlag == delNormal)
where (a.ActionInfoId == currentUrlAction.Id && a.UserInfoId == LoginUserInfo.Id)
select a).FirstOrDefault();
if (tempUserAction != null)
{
if (tempUserAction.IsPass)
{
return;//直接允许请求
}
else
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
Response.Redirect("/Error.html");
//filterContext.HttpContext.Response.Redirect("/Error.html");
return;
}
}
//2、首先拿到当前用户的所有角色
IBLL.IUserInfoService userInfoService = new UserInfoService();
var user = userInfoService.LoadTs(u => u.Id == LoginUserInfo.Id).FirstOrDefault();
var tempRoleActions = (from r in user.Role
from a in r.ActionInfo
where a.Id == currentUrlAction.Id
select a).Count();
if (tempRoleActions <= 0)
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
//filterContext.HttpContext.Response.Redirect("/Error.html");
Response.Redirect("/Error.html");
return;
}
else
{
return;
}
//3、拿到部门的所有角色
var tempDepRoleActions = (from d in user.Department
from r in d.Role
from a in r.ActionInfo
where a.Id == currentUrlAction.Id
select a).Count();
if (tempDepRoleActions <= 0)
{
Common.LogHelper.WriteLog(string.Format("用户:{0}在时间:{1}请求{2}请求类型{3}出现了没有权限的问题,对方的IP地址是{4}", LoginUserInfo.Id, DateTime.Now, str, httpMethod, filterContext.HttpContext.Request.UserHostAddress));
//filterContext.Result = new RedirectResult("/Error.html");
filterContext.HttpContext.Response.Redirect("/Error.html");
return;
}
else
{
return;
}
#endregion
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
//var items = filterContext.RouteData.Values;
if (isCheckUserLogin)
{
#region 验证用户登录
if (Request.Cookies["userLoginId"] == null)
{
filterContext.HttpContext.Response.Redirect("/UserLogin/Index");
return;
}
else
{
string userGuid = Request.Cookies["userLoginId"].Value;
LoginUser = CacheHelper.GetCache(userGuid) as UserInfo;
if (LoginUser == null)
{
filterContext.HttpContext.Response.Redirect("/UserLogin/Index");
return;
}
CacheHelper.SetCache(userGuid, LoginUser, DateTime.Now.AddMinutes(20));
}
#endregion
if (LoginUser.UName == "admin")
{
return;
}
#region 校验权限
string url = Request.Url.AbsolutePath.ToLower();
string httpMethod = Request.HttpMethod.ToLower();
//通过容器创建一个对象;
IActionInfoService actionInfoService = new ActionInfoService();
IR_UserInfo_ActionInfoService rUseActionService = new R_UserInfo_ActionInfoService();
IUserInfoService userInfoService = new UserInfoService();
ActionInfo actionInfo =
actionInfoService.GetEntities(a => url.Contains(a.Url.ToLower()) && a.HttpMethd.ToLower() == httpMethod)
.FirstOrDefault();
if (actionInfo == null)
{
Response.Redirect("/Error.html");
return;
}
//一号线
IEnumerable <R_UserInfo_ActionInfo> rUserActions = rUseActionService.GetEntities(u => u.UserInfoID == LoginUser.ID);
var item = (from a in rUserActions
where a.ActionInfoID == actionInfo.ID
select a).FirstOrDefault();
if (item != null)
{
if (item.HasPermission)
{
return;
}
else
{
Response.Redirect("/Error.html");
return;
}
}
//2号线
var user = userInfoService.GetEntities(u => u.ID == LoginUser.ID).FirstOrDefault();
var allRoles = from r in user.RoleInfo
select r;
var actions = from r in allRoles
from a in r.ActionInfo
select a;
var temp = (from a in actions
where a.ID == actionInfo.ID
select a).Count();
if (temp <= 0)
{
Response.Redirect("/Error.html");
}
#endregion
}
}
public ActionResult Edit(ActionInfo userInfo)
{
ActionInfoService.Update(userInfo);
return(Content("ok"));
}
public ActionResult Edit(int id)
{
ViewData.Model = ActionInfoService.GetEntities(u => u.DelFlag == DeleteFlag.DelflagNormal && u.ID == id).FirstOrDefault();
return(View());
}
public ActionResult Edit(int id)
{
ViewData.Model = ActionInfoService.GetEntities(u => u.Id == id).FirstOrDefault();
return(View());
}
public ActionResult Index()
{
ViewData.Model = ActionInfoService.GetEntites(a => a.DelFlag == delflagNormal).ToList();
return View();
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
//return;
//base.OnAuthorization(filterContext);
//去session,使用分布式缓存完成登录
if (Session["UserLogin"] == null)
{
filterContext.Result = new RedirectResult(Url.Action("Index", "UserLogin"));
return;
}
UserLogin = Session["UserLogin"] as UserInfoViewModel;
// #region 登录验证
// //1、获取客户端标识
// if (Request.Cookies.Get("loginId") == null)
// {
// filterContext.Result = new RedirectResult(Url.Action("Index", "UserLogin"));
// return;
// }
// string key=Request.Cookies.Get("loginId").Value;
// //2、与分布式缓存进行通信,获取对象
// MmHelper helper=new MmHelper();
// UserLogin = helper.Get(key) as UserInfoViewModel;
// //3、判断是否登录
// if (UserLogin == null)
// {
// filterContext.Result = new RedirectResult(Url.Action("Index", "UserLogin"));
// return;
// }
// //4、设置超时滑动时间
// helper.Set(key, UserLogin, DateTime.Now.AddMinutes(20));
//#endregion
#region 验证是否有访问权限
//留个后门,给管理方便,生产环境下不存在这句代码
if (UserLogin.UserName.ToLower().Equals("admin"))
{
return;
}
//1、准备工作,拿到用户,拿到权限信息
UserInfo userInfo = UserInfoService.GetById(UserLogin.UserId);
string controllerName = RouteData.GetRequiredString("controller");
string actionName = RouteData.GetRequiredString("action");
ActionInfo actionInfo = ActionInfoService.GetList(a =>
(a.ControllerName.ToLower().Equals(controllerName.ToLower()))
&&
(a.ActionName.ToLower().Equals(actionName.ToLower()))
&&
a.IsDelete == false)
.FirstOrDefault();
if (actionInfo == null)
{
filterContext.Result = new RedirectResult("/Error.html");
}
//2、查询否决表,看有没有数据
UserAction userAction = UserActionService.GetList(ua =>
(ua.UserId == userInfo.UserId)
&&
(ua.ActionId == actionInfo.ActionId)).FirstOrDefault();
if (userAction != null)
{
//2.1否决表中有数据
if (userAction.IsAllow)
{
//2.1.1允许
}
else
{
//2.1.2拒绝
filterContext.Result = new RedirectResult("/NoAllow.html");
}
}
else
{
//2.2否决表中无数据,则通过用户找角色,通过角色找权限
var result = from r in userInfo.RoleInfo
from a in r.ActionInfo
where a.ActionId == actionInfo.ActionId
select a;
if (result.Count() > 0)
{
//2.2.1有权限
}
else
{
//2.2.2无权限
filterContext.Result = new RedirectResult("/NoAllow.html");
}
}
#endregion
}
public ActionResult GetCount()
{
int total=0;
List<ActionInfo> list = ActionInfoService.GetEntitesByPage(1, 10, out total, u => u.Id == u.Id, u => u.Id, true).ToList();
return Json(total,JsonRequestBehavior.AllowGet);
}
