public ActionResult Personal([Bind(Exclude = "RealName, StuNumber, Identification")] AcntWithoutPsw userAcnt)
{
var result = new QsResult {
Success = false
};
if (ModelState.IsValid)
{
var userInCookie = CustomAuthorizeAttribute.GetUser();
if (userAcnt.UserId != userInCookie.UserId)
{
result.Message = @"请不要尝试修改您不允许改动的内容";
return(Json(result));
}
var original = _userService.GetUserById(userInCookie.UserId);
if (TryUpdateModel(original, null, null, new [] { "RealName", "StuNumber", "Identification", "Roles" }))
{
_userService.UpdateUserInformation(original);
SafeOutAuthCookie();
SetAuthCookie(QsMapper.CreateMap <UserDto, UserSafetyModel>(original));
result.Success = true;
return(Json(result));
}
}
return(Json(result));
}
public static async Task Authorize(HttpContext httpContext, Func next)
{
var endpointMetaData = httpContext.GetEndpoint().Metadata;
bool hasCustomAuthorizeAttribute = endpointMetaData.Any(x => x is CustomAuthorizeAttribute);
if (!hasCustomAuthorizeAttribute)
{
await next.Invoke();
return;
}
CustomAuthorizeAttribute customAuthorizeAttribute = endpointMetaData
.FirstOrDefault(x => x is CustomAuthorizeAttribute) as CustomAuthorizeAttribute;
// Check if user has allowed role or super administrator role
bool isAuthorized = customAuthorizeAttribute.AllowedUserRoles
.Any(allowedRole => httpContext.User.IsInRole(allowedRole) || httpContext.User.IsInRole("SuperAdministrator"));
if (isAuthorized)
{
await next.Invoke();
return;
}
httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await httpContext.Response.WriteAsync("unauthorized");
}
public ActionResult Confirmation(AccountModel model)
{
var userDto = CustomAuthorizeAttribute.GetUser();
if (ModelState.IsValid)
{
var initUser = _userService.GetUserById(userDto.UserId);
if (TryUpdateModel(initUser, null, null, new[] { "UserId", "RealName", "StuNumber", "Identification", "State", "PhotoUrl", "Roles" }))
{
if (initUser.State == UserState.Activated || initUser.State == UserState.Retire)
{
ModelState.AddModelError("duplicate", @"用户的状态出现错误:" + initUser.State);
}
else
{
//将用户状态设为激活状态,此种情况下才能执行查看其他页面
initUser.State = UserState.Activated;
if (!String.IsNullOrEmpty(model.Password))
{
initUser.Password = Utilities.MD5(model.Password);
}
_userService.UpdateUserInformation(initUser);
SafeOutAuthCookie();
SetAuthCookie(QsMapper.CreateMap <UserDto, UserSafetyModel>(initUser));
return(Content("<script>alert('填写成功!');window.location='/Account/ProfileDetail'</script>"));
}
}
}
BindSelectListDataSource((int)userDto.Gender);
return(View(model));
}
public ActionResult _NewMessageNum()
{
var user = CustomAuthorizeAttribute.GetUser();
var newNum = _myMessageService.GetUnreadMessage(user.UserId);
return(Json(new { num = newNum }));
}
public JsonResult IsUserNameAvailable(string userName)
{
var user = CustomAuthorizeAttribute.GetUser();
var message = _userService.ExistsUserNickName(userName, user.UserId);
return(!message.Status ? Json(true, JsonRequestBehavior.AllowGet) : Json("该用户名已存在", JsonRequestBehavior.AllowGet));
}
public ActionResult ProfileDetail()
{
var user = CustomAuthorizeAttribute.GetUser();
ViewBag.Photo = user.PhotoUrl;
return(View());
}
static void Main(string[] args)
{
Test test = new Test();
CustomAuthorizeAttribute customAuthorizeAttribute = (CustomAuthorizeAttribute)Attribute.GetCustomAttribute(typeof(Test), typeof(CustomAuthorizeAttribute));
customAuthorizeAttribute.Test();
Console.ReadKey();
}
public ActionResult _Personal()
{
var user = CustomAuthorizeAttribute.GetUser();
BindSelectListDataSource((int)user.Gender);
var result = _userService.GetUserById(user.UserId);
return(PartialView(QsMapper.CreateMap <UserDto, AcntWithoutPsw>(result)));
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
RouteConfig.RegisterRoutes(RouteTable.Routes);
CustomAuthorizeAttribute customAuthorizeAttribute = new CustomAuthorizeAttribute();
GlobalFilters.Filters.Add(customAuthorizeAttribute);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
bool isAuthorized;
if (!(filterContext.HttpContext.User is IUserPrincipal user))
{
isAuthorized = new CustomAuthorizeAttribute(Right).HasRightsToAction(filterContext.ActionDescriptor);
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
RouteConfig.RegisterRoutes(RouteTable.Routes);
CustomAuthorizeAttribute authorizeAttribute = new CustomAuthorizeAttribute();
authorizeAttribute.AllowAccessToUser = true;
GlobalFilters.Filters.Add(authorizeAttribute);
GlobalFilters.Filters.Add(new CustomErrorHandlerAttribute());
}
public ActionResult Delete(Int64 id, bool type = true)
{
var user = CustomAuthorizeAttribute.GetUser();
var model = _myMessageService.GetMyMessageById(id);
if (type)
{
_myMessageService.DeleteMyMessage(id);
return(Content("true"));
}
model.Status = true;
var temp = _myMessageService.ChangeMyMessageDescription(id, model);
return(Content(temp ? "true" : "false"));
}
public ActionResult NewsFormPartial(NewsCommentDto model)
{
var result = new QsResult();
if (!Request.IsAjaxRequest())
{
return(new EmptyResult());
}
model.CreateTime = DateTime.Now;
model.UniqueKey = Utilities.GetRamCodeOnDate();
if (System.Web.HttpContext.Current.Request.IsAuthenticated)
{
var curUser = CustomAuthorizeAttribute.GetUser();
if (curUser.UserId == model.IsMember)
{
if (ModelState.IsValid)
{
//result.Success = true;
//result.Message = @"用户登陆状态下验证成功";
_commentService.AddNewsComment(model);
var newModel = _commentService.GetNewestCommentInNewsWithFilter(model.UniqueKey);
return(PartialView("_SegmentPartial", newModel));
}
result.Success = false;
result.Message = @"用户登陆状态下验证失败~~";
return(Json(result));
}
result.Success = false;
result.Message = @"用户的编号在客户端被修改,导致内容不一致";
return(Json(result));
}
if (ModelState.IsValid)
{
//result.Success = true;
//result.Message = @"游客状态下验证成功";
//return Json(result);
if (String.IsNullOrEmpty(model.NickName))
{
model.NickName = @"[匿名用户]";
}
_commentService.AddNewsComment(model);
var newModel = _commentService.GetNewestCommentInNewsWithFilter(model.UniqueKey);
return(PartialView("_SegmentPartial", newModel));
}
result.Success = false;
result.Message = @"游客状态下验证失败";
return(Json(result));
}
public ActionResult ProfileDetail()
{
var user = CustomAuthorizeAttribute.GetUser();
if (user == null)
{
return(RedirectToAction("Login", "Home"));
}
if (user.PhotoUrl == null)
{
user.PhotoUrl = "default.jpg";
}
ViewBag.Photo = user.PhotoUrl;
return(View());
}
public ActionResult _NewsFormPartial(Int64 id)
{
var model = new NewsCommentDto {
NewsId = id
};
if (!System.Web.HttpContext.Current.Request.IsAuthenticated)
{
return(PartialView(model));
}
var curUser = CustomAuthorizeAttribute.GetUser();
model.IsMember = curUser.UserId;
model.NickName = curUser.UserName;
model.Email = curUser.Email;
return(PartialView(model));
}
private CustomAuthorizeAttribute GetAuthorizeAttribute(HttpActionDescriptor actionDescriptor)
{
// Check action level
CustomAuthorizeAttribute result = actionDescriptor
.GetCustomAttributes <CustomAuthorizeAttribute>()
.FirstOrDefault();
if (result != null)
{
return(result);
}
// Check class level
result = actionDescriptor
.ControllerDescriptor
.GetCustomAttributes <CustomAuthorizeAttribute>()
.FirstOrDefault();
return(result);
}
public ActionResult Register(AccountModel model)
{
var userDto = CustomAuthorizeAttribute.GetUser();
if (ModelState.IsValid)
{
{
model.StuNumber = DateTime.Now.ToShortTimeString();
if (!String.IsNullOrEmpty(model.Password))
{
model.Password = Utilities.MD5(model.Password);
}
model.State = UserState.Activated;
var _userDto = QsMapper.CreateMap <AccountModel, UserDto>(model);
_userService.AddUser(_userDto);
return(Content("<script>alert('填写成功!');window.location='/Account/ProfileDetail'</script>"));
}
}
BindSelectListDataSource((int)userDto.Gender);
return(View(model));
}
public ActionResult Message(string type = "unread", int pageIndex = 1)
{
var user = CustomAuthorizeAttribute.GetUser();
IEnumerable <MyMessageDto> result;
var temp = (List <MessageDto>)_messageService.GetAllMessages();
IList <MessageDto> models = new List <MessageDto>();
if (type.Equals("unread") || !type.Equals("read"))
{
result = _myMessageService.GetMyMessagesWithStatus(user.UserId, false);
ViewBag.Type = "unread";
if (result == null)
{
return(View((new List <MessageDto>()).ToPagedList(pageIndex, 5)));
}
foreach (var item in result)
{
var model = temp.Find(it => it.MId == item.MId);
model.Appendix = item.MyId.ToString(CultureInfo.InvariantCulture);
models.Add(model);
}
}
else
{
result = _myMessageService.GetMyMessagesWithStatus(user.UserId, true);
ViewBag.Type = "read";
if (result == null)
{
return(View((new List <MessageDto>()).ToPagedList(pageIndex, 5)));
}
foreach (var item in result)
{
var model = temp.Find(it => it.MId == item.MId);
model.Appendix = item.MyId.ToString(CultureInfo.InvariantCulture);
models.Add(model);
}
}
return(View(models.ToPagedList(pageIndex, 5)));
}
public IHttpActionResult LogIn(UserInfo user)
{
UserInfo u;
HttpCookie cookie;
var curContext = HttpContext.Current;
using (var userStore = new UserStore())
{
if ((cookie = HttpContext.Current.Request.Cookies.Get(CustomAuthorizeAttribute.authUserCookie)) != null)
{
return(Ok <UserInfo>(userStore.GetCurrentUserInfo()));
}
u = userStore.FindByNameAsync(user.name).Result;
}
if (u != null)
{
if (u.status == Model.USER_STATUS.BANNED)
{
return(BadRequest("Your account was banned"));
}
var pHasher = new PasswordHasher();
if (pHasher.VerifyHashedPassword(u.GetHash(), user.password) == PasswordVerificationResult.Success)
{
cookie = new HttpCookie(CustomAuthorizeAttribute.authUserCookie, CustomAuthorizeAttribute.EncryptId(u.id));
curContext.Response.Cookies.Set(cookie);
return(Ok <UserInfo>(u));
}
}
return(Unauthorized());
}
