protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var area = (string)httpContext.Request.RequestContext.RouteData.DataTokens["area"];
//是否对该Area区域进行身份验证
if (Areas.Contains(area) == false)
return true;
//判断是否用户已登录
if (httpContext.User.Identity.IsAuthenticated == false)
return false;
//判断用户是否有该区域访问的权限
//如果权限中有该区域的任何一个操作既可以进行访问
var action = (string)httpContext.Request.RequestContext.RouteData.Values["action"];
var controller = (string)httpContext.Request.RequestContext.RouteData.Values["controller"];
var recordId = (string)httpContext.Request.RequestContext.RouteData.Values["id"];
var userrole = DependencyResolver.Current.GetService<IUserRole>();
var userInfo = DependencyResolver.Current.GetService<IUserInfo>();
if (!userrole.Check(area, action, controller))
{
throw new Exception("没有权限!请联系系统管理员进行权限分配!");
}
//记录用户访问记录
var sysControllerSysActionService = DependencyResolver.Current.GetService<ISysControllerSysActionService>();
var sysUserLogService = DependencyResolver.Current.GetService<ISysUserLogService>();
var sysControllerSysAction =
sysControllerSysActionService.GetAllEnt()
.Where(
a =>
a.SysController.ControllerName.Equals(controller) &&
a.SysController.SysArea.AreaName.Equals(area) && a.SysAction.ActionName.Equals(action))
.Cache()
.Select(a => a.Id)
.First();
var sysuserlog = new SysUserLog
{
Ip = httpContext.Request.ServerVariables["Remote_Addr"],
SysControllerSysActionId = sysControllerSysAction,
RecordId = recordId,
SysUserId = userInfo.UserId,
//EnterpriseId = userInfo.EnterpriseId
};
sysUserLogService.Save(null, sysuserlog);
sysUserLogService.Commit();
return true;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var area = (string)httpContext.Request.RequestContext.RouteData.DataTokens["area"];
var action = (string)httpContext.Request.RequestContext.RouteData.Values["action"];
var controller = (string)httpContext.Request.RequestContext.RouteData.Values["controller"];
//是否对该Area区域进行身份验证
if (Areas.Contains(area))
{
//判断是否用户已登录
if (httpContext.User.Identity.IsAuthenticated)
{
//判断用户是否有该区域访问的权限
//如果权限中有该区域的任何一个操作既可以进行访问
//默认Index控制下的全部内容仅验证是否登录
if (controller == "Elmah" || _sysRoleService.CheckSysUserSysRoleSysControllerSysActions(_userInfo.EnterpriseId, _userInfo.UserId, area, action, controller))
{
//同步记录用户访问记录
var recordId = (string)httpContext.Request.RequestContext.RouteData.Values["id"];
var sysControllerSysAction = _sysControllerSysActionService.GetAllEnt().OrderBy(a => a.SysController.SystemId).FirstOrDefault(a => a.SysController.ControllerName.Equals(controller) && a.SysController.SysArea.AreaName.Equals(area) && a.SysAction.ActionName.Equals(action));
if (sysControllerSysAction != null && httpContext.Request.Url != null)
{
var sysuserlog = new SysUserLog
{
Url = httpContext.Request.Url.AbsolutePath,
Ip = httpContext.Request.ServerVariables["Remote_Addr"],
SysControllerSysActionId = sysControllerSysAction.Id,
RecordId = recordId,
SysUserId = _userInfo.UserId,
EnterpriseId = _userInfo.EnterpriseId
};
_sysUserLogService.AddLogAutoSave(sysuserlog);
}
return true;
}
if (controller == "Index")
{
return false;
}
throw new Exception("没有权限!请联系系统管理员进行权限分配!");
}
return false;
}
return true;
}