protected IList<int> getAuthedDeptIds(string controllerName,string idStr,out int empId)
 {
     IList<int> deptIdList = null;
     empId = 0;
     var d = new DeptController();
     if (idStr != null)
     {
         if (idStr.IndexOf("EmpId") >= 0)
         {
             empId = int.Parse(idStr.Replace("EmpId", ""));
         }
         else
         {
             deptIdList = d.GetChildDeptIdList(int.Parse(idStr));
         }
     }
     else
     {
         EmpBasicInfo ebi = Session["ebi"] as EmpBasicInfo;
         IList<EmpRole> empRole = ebi.EmpRoles;
         List<int> empRoleIds = new List<int>();
         foreach (EmpRole er in empRole)
         {
             empRoleIds.Add(er.RoleId);
         }
         List<int> sessionDeptIdList = Session["deptIdList"] as List<int>;
         deptIdList = d.GetDeptIdListByController(controllerName, empRoleIds, sessionDeptIdList);
         if (deptIdList.Count == 0)
         {
             empId = ebi.Id;
         }
     }
     return deptIdList;
 }
 //公共通讯薄
 public ActionResult GetContactInfo(int? deptId)
 {
     IQueryable<EmpProfileWithDep> list;
     if (deptId != null)
     {
         var d = new DeptController();
         IList<int> deptIdList = d.GetChildDeptIdList((int)deptId);
         list = from r in ctx.Employees where r.LeaveDate == null && Nullable.Equals(r.LeaveDate,null) && (from r1 in ctx.EmpDepPositions where deptIdList.ToArray().Contains(r1.DeptId) select r1.EmpId).Contains(r.Id) orderby r.Name select new EmpProfileWithDep { Id = r.Id, JobNo = r.JobNo, Name = r.Name,Dep = r.EmpDepPositions.FirstOrDefault().Depts.Text, TelExt = r.TelExt, Mobile = r.Mobile, ShortNo = r.ShortNo, IdAddress = r.IdAddress };
     }
     else
     {
         list = from r in ctx.Employees where r.LeaveDate == null && Nullable.Equals(r.LeaveDate, null) orderby r.Name select new EmpProfileWithDep { Id = r.Id, JobNo = r.JobNo, Name = r.Name,Dep = r.EmpDepPositions.FirstOrDefault().Depts.Text, TelExt = r.TelExt, Mobile = r.Mobile, ShortNo = r.ShortNo, IdAddress = r.IdAddress };
     }
     IList<EmpProfileWithDep> epd = list.ToList();
     EmpBasicInfo ebi = Session["ebi"] as EmpBasicInfo;
     if(ebi.EmpDepPos.Where(r=>r.PosId<=4).Count()==0)//不是总监(含)级别,则隐藏其他部门员工手机号
     {
         foreach (var v in epd)
         {
             if(ebi.EmpDepPos.Where(r=>r.DeptId==v.DeptId).Count()==0)
             {
                 v.Mobile = null;
             }
         }
     }
     CJson CJson = new CJson();
     string json = CJson.ToJsonString("totalCount:" + epd.Count() + ",data", epd);
     return Content(json);
 }
        //权限判断业务逻辑
        private bool authorizeCore(ActionExecutingContext filterContext)
        {
            bool bResult = true;
            EmpBasicInfo ebi;
            if (filterContext.HttpContext.Session["ebi"] == null)
            {
                string s = filterContext.HttpContext.Request.Cookies["empBasicInfo"].Value;//取用户基本信息
                s = CommonController.Decrypt(s, CommonController.myKey);//字符串解密
                JavaScriptSerializer jss = new JavaScriptSerializer();
                ebi = jss.Deserialize<EmpBasicInfo>(s);//对象反序列化
                filterContext.HttpContext.Session["ebi"] = ebi;

                List<int> deptTopIds=new List<int>();

                List<int> deptIdList=new List<int>();
                int empId = ebi.Id;
                int[] posArr = { 8, 9, 10, 11 };
                IQueryable<EmpDepPosition> listEDP = from r in ctx.EmpDepPositions where r.EmpId == empId && !posArr.Contains(r.PosId) orderby r.PosId select r;
                var d = new DeptController();
                foreach (var edp in listEDP)
                {
                    if (deptIdList.Contains(edp.DeptId))//此部门节点已被其他部门包含
                    {
                        continue;
                    }
                    deptTopIds.Add(edp.DeptId);

                    deptIdList=deptIdList.Concat(d.GetChildDeptIdList(edp.DeptId)).ToList();
                }
                filterContext.HttpContext.Session["deptTopIds"] = deptTopIds;//顶级部门Id
                filterContext.HttpContext.Session["deptIdList"] = deptIdList;//所有部门Id
            }
            if (filterContext.HttpContext.Request.Cookies["empBasicInfo"] == null)
            {
                ebi = filterContext.HttpContext.Session["ebi"] as EmpBasicInfo;
                //保存cookie
                HttpCookie cookieEmpId = new HttpCookie("empId", ebi.Id.ToString());
                filterContext.HttpContext.Response.Cookies.Add(cookieEmpId);
                HttpCookie cookieEmpName = new HttpCookie("empName", HttpUtility.UrlEncodeUnicode(ebi.Name));
                filterContext.HttpContext.Response.Cookies.Add(cookieEmpName);
                HttpCookie cookieJobNo = new HttpCookie("jobNo",ebi.JobNo);
                filterContext.HttpContext.Response.Cookies.Add(cookieJobNo);

                JavaScriptSerializer jss = new JavaScriptSerializer();
                string ebiStr = jss.Serialize(ebi);
                ebiStr = CommonController.Encrypt(ebiStr, CommonController.myKey);//加密的用户信息
                HttpCookie cookieEBI = new HttpCookie("empBasicInfo", ebiStr);
                filterContext.HttpContext.Response.Cookies.Add(cookieEBI);
            }
            #region //根据ebi判断controller+action的可执行权限
            //var user = new CurrentUser();//获取当前用户信息
            //var controllerName = filterContext.RouteData.Values["controller"].ToString();
            //var actionName = filterContext.RouteData.Values["action"].ToString();
            //if (isViewPage && controllerName.ToLower() != "main" && actionName.ToLower() != "masterpage")//如果当前Action请求为具体的功能页并且不是MasterPage页
            //{
            //    if (user.MenuPermission.Count(m => m.ControllerName == controllerName && m.ActionName == actionName) == 0)
            //        return false;
            //}
            //else
            //{
            //    var actions = ContainerFactory.GetContainer().Resolve<IAuthorityFacade>().GetAllActionPermission();//所有被维护的Action权限
            //    if (actions.Count(a => a.ControllerName == controllerName && a.ActionName == actionName) != 0)//如果当前Action属于被维护的Action权限
            //    {
            //        if (user.ActionPermission.Count(a => a.ControllerName == controllerName && a.ActionName == actionName) == 0)
            //            return false;
            //    }
            //}
            #endregion

            return bResult;
        }