public IActionResult Login()
{
// 已登录时跳转到后台首页
var sessionManager = Application.Ioc.Resolve <SessionManager>();
var user = sessionManager.GetSession().GetUser();
if (user != null && user.GetUserType() is ICanUseAdminPanel)
{
return(new RedirectResult(BaseFilters.Url("/admin")));
}
// 否则显示登陆表单
var form = new AdminLoginForm();
if (Request.Method == HttpMethods.POST)
{
return(new JsonResult(form.Submit()));
}
else
{
form.Bind();
var adminManager = Application.Ioc.Resolve <AdminManager>();
var warning = adminManager.GetLoginWarning();
return(new TemplateResult("common.admin/admin_login.html", new { form, warning }));
}
}
public IActionResult Logout()
{
var userManager = Application.Ioc.Resolve <UserManager>();
userManager.Logout();
return(new RedirectResult(BaseFilters.Url("/admin/login")));
}
/// <summary>
/// 获取登录后应该跳转到的url
/// </summary>
/// <returns></returns>
public virtual string GetUrlRedirectAfterLogin()
{
var request = HttpManager.CurrentContext.Request;
var referer = request.GetReferer();
// 来源于同一站点时,跳转到来源页面
if (referer != null && referer.Authority == request.Host &&
!referer.AbsolutePath.Contains("/logout") &&
!referer.AbsolutePath.Contains("/login"))
{
return(referer.PathAndQuery);
}
// 默认跳转到首页
return(BaseFilters.Url("/"));
}
/// <summary>
/// 检查当前的用户类型是否继承了指定的类型,且是否拥有指定的权限
/// 如果用户类型不匹配且当前请求是get则跳转到登陆页面,否则抛出403错误
/// </summary>
/// <param name="userType">用户类型,例如typeof(IAmAdmin)</param>
/// <param name="privileges">要求的权限列表</param>
public virtual void Check(Type userType, params string[] privileges)
{
var sessionManager = Application.Ioc.Resolve <SessionManager>();
var user = sessionManager.GetSession().GetUser();
var userTypeMatched = HasUserType(user, userType);
var context = HttpManager.CurrentContext;
if (context.Request.Method == HttpMethods.GET && (user == null || !userTypeMatched))
{
// 要求管理员时跳转到后台登陆页面,否则跳转到前台登陆页面
if (typeof(ICanUseAdminPanel).GetTypeInfo().IsAssignableFrom(userType))
{
context.Response.RedirectByScript(BaseFilters.Url("/admin/login"));
}
else
{
context.Response.RedirectByScript(BaseFilters.Url("/user/login"));
}
}
else if (userTypeMatched && HasPrivileges(user, privileges))
{
// 检查通过
}
else if (privileges != null && privileges.Length > 0)
{
// 无权限403
var translator = Application.Ioc.Resolve <IPrivilegeTranslator>();
throw new ForbiddenException(
new T("Action require {0}, and {1} privileges",
new T(userType.Name),
string.Join(",", privileges.Select(p => translator.Translate(p)))));
}
else
{
// 用户类型不符合,或未登录
throw new ForbiddenException(
new T("Action require {0}", new T(userType.Name)));
}
}
public IActionResult Login()
{
// 已登录时跳转到用户中心
var sessionManager = Application.Ioc.Resolve <SessionManager>();
var user = sessionManager.GetSession().GetUser();
if (user != null)
{
return(new RedirectResult(BaseFilters.Url("/home")));
}
// 否则显示登陆表单
var form = new UserLoginForm();
if (HttpManager.CurrentContext.Request.Method == HttpMethods.POST)
{
return(new JsonResult(form.Submit()));
}
else
{
form.Bind();
return(new TemplateResult("common.admin/user_login.html", new { form }));
}
}
public IActionResult Reg()
{
// 已登录时跳转到用户中心,除非正在编辑页面
var sessionManager = Application.Ioc.Resolve <SessionManager>();
var user = sessionManager.GetSession().GetUser();
if (user != null && !Context.GetIsEditingPage())
{
return(new RedirectResult(BaseFilters.Url("/home")));
}
// 否则显示注册表单
var form = new UserRegForm();
if (Request.Method == HttpMethods.POST)
{
return(new JsonResult(form.Submit()));
}
else
{
form.Bind();
return(new TemplateResult("common.admin/user_reg.html", new { form }));
}
}
/// <summary>
/// 检查当前登录用户是否指定的用户类型,且是否拥有指定的权限
/// 如果用户类型不匹配且当前请求是get则跳转到登陆页面,否则抛出403错误
/// </summary>
/// <param name="types">指定的用户类型列表</param>
/// <param name="privileges">要求的权限列表</param>
public virtual void Check(UserTypes[] types, params string[] privileges)
{
var sessionManager = Application.Ioc.Resolve <SessionManager>();
var user = sessionManager.GetSession().GetUser();
var context = HttpManager.CurrentContext;
if (context != null && context.Request.Method == HttpMethods.GET &&
(user == null || !types.Contains(user.Type)))
{
// 包含普通用户时跳转到前台登陆页面,否则跳转到后台登陆页面
context.Response.RedirectByScript(BaseFilters.Url(
types.Contains(UserTypes.User) ? "/user/login" : "/admin/login"));
return;
}
else if (types.Contains(user.Type) && HasPrivileges(user, privileges))
{
// 检查通过
return;
}
else if (privileges != null && privileges.Length > 0)
{
// 无权限403
var translator = Application.Ioc.Resolve <PrivilegesTranslator>();
throw new ForbiddenException(string.Format(
new T("Action require {0}, and {1} privileges"),
string.Join(",", types.Select(t => new T(t.GetDescription()))),
string.Join(",", privileges.Select(p => translator.Translate(p)))));
}
else
{
// 用户类型不符合,或未登录403
throw new ForbiddenException(string.Format(
new T("Action require {0}"),
string.Join(",", types.Select(t => new T(t.GetDescription())))));
}
}