/// <summary> /// 权限验证 /// </summary> /// <param name="action"></param> private void Authorize(string action) { if (this.JsonProcessor.ContainsKey(action) || this.ImageProcessor.ContainsKey(action) || this.FileDownloadProcessor.ContainsKey(action) ) { System.Reflection.MethodInfo methodInfo = this.JsonProcessor.ContainsKey(action) ? this.JsonProcessor[action].Method : this.ImageProcessor.ContainsKey(action) ? this.ImageProcessor[action].Method : this.FileDownloadProcessor[action].Method; var attr = methodInfo.GetCustomAttributes(false).OfType <AuthorizeAttribute>().FirstOrDefault(); if (attr != null) { if (SccService.Authorized() && SccService.IsInRole(attr.Role, this.FunctionCode)) { //通过权限检查 } else { this.ReturnJson(JsonConvert.SerializeObject(new AjaxResult { Message = Commons.Language.GetText("UnAuthorized", "CN:你无权访问!~EN:UnAuthorized", SccService.CurrentLanguageType), IsSuccess = false })); } } } }
/// <summary> /// 验证Processor相应的Action的权限 /// </summary> /// <param name="action"></param> private void Authorize(string action) { var attr = this.Processor[action].Method .GetCustomAttributes(false) .OfType <AuthorizeAttribute>() .FirstOrDefault(); if (attr != null) { if (!SccService.IsInRole(attr.Role, this.FunctionCode)) { //没有通过权限检查则跳转 throw new System.Web.HttpException(403, "没有权限,访问禁止"); } } }
/// <summary> /// 从配置文件中载入基本数据和初始化基本参数,并检验是否有权限访问 /// </summary> /// <param name="functionID">web config 中功能Key</param> /// <param name="pageID"></param> /// <param name="functionName"></param> private void LoadBaseData() { //当前系统中的识别号 this.SysID = ConfigurationManager.AppSettings["SysID"]; this.SysCode = ConfigurationManager.AppSettings["SysCode"]; if (String.IsNullOrEmpty(SysCode)) { this.SysCode = SysID; } //菜单编号(在SBA数据库中生成的ID) this.LoadFunctionId(); this.PageID = this.GetType().BaseType.Name; this.Debug = Tools.DataTypeConvertHelper.ToBoolean(ConfigurationManager.AppSettings["Debug"]); this.FunctionName = Commons.Language.GetText(this.FunctionID + ".Name", this.FunctionID); this.LanguageSourceType = Tools.ConfigHelper.GetConfigString("LanguageSourceType").ToUpper(); //获取加密参数 this.EncryptionParas = new Dictionary <string, string>(); String paras = Tools.DataTypeConvertHelper.ToString(Request["paras"]); if (!String.IsNullOrEmpty(paras)) { paras = Tools.DESEncrypt.Decrypt(paras); this.EncryptionParas = Tools.DataTypeConvertHelper.StringToDictionary(paras, '&', '='); } //验证是否有查看权限,查看为最基本权限 if (SccService.Authorized() && SccService.IsInRole(SccService.Roles.View, this.FunctionCode)) { //通过权限检查 this.LangType = SccService.CurrentLanguageType; this.LoginUserID = SccService.CurrentUserId; } else { // throw new System.Web.HttpException(403, "没有权限,访问禁止"); } }