//执行存储 public async Task <JsonResult> dojob(string tsqlkey, string param) { try { using (var svc = new OrmService(AppConfigs.sqlfaceconn)) { var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == tsqlkey && s.STS == "A")).FirstOrDefault(); if (setting != null && setting.CLASS == "proc") { if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this))) { return(Json("你没有权限执行!", JsonRequestBehavior.AllowGet)); } var sqlresult = CalcMain.ExternalExecutor(setting.SQL, param, System.Configuration.ConfigurationManager.AppSettings[setting.DBCONN]); return(Json(sqlresult, JsonRequestBehavior.AllowGet)); } throw new ApplicationException("没有配置执行语句[" + tsqlkey + "]!"); } } catch (Exception e) { return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet)); } }
//[Authorize] private Task <RenderContext> _ExecuteHandler(decimal id, RenderContext context) { bool EvolvesSafe = true;//Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["EvolvesSafe"]);//是否全盘接受客户端参数 bool isGetPagedDataing = null != context.ExecutionIO && context.ExecutionIO.HasTable; var valuecontext = context.paramsScaledValues; if (EvolvesSafe)//安全方式,从服务端加载参数. { var mainid = id; using (var svc = new OrmService(AppConfigs.sqlfaceconn)) { //List<String> cols = new List<string>(); //List<Object[]> data = new List<object[]>(); ExecutionIO outputMsg = context.ExecutionIO; var handler = svc.GetByIdAsync <EasyHandler>(id).Result; bool isSelect = "SELECT".Equals(handler.SQL_CMD_TYPE); context.handler = handler;//防止被黑 //var logservice = new OrmService<AP_ACTION_LOG_DBA>(svc); //var seqservice = new OrmService<CustomSequence>(svc); var log = new SqlFace.Models.AP_ACTION_LOG_DBA { LOG_ID = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc), ACTION_BRIEF = null, ACTION_IP = base.GetIp(), ACTION_PAGE = this.Request.RequestUri.AbsolutePath, ACTION_PARAM = String.Format("执行通用处理器{0}-{1},参数={2}", handler.HANDLER_ID, handler.HANDLER_NAME, Newtonsoft.Json.JsonConvert.SerializeObject(context.paramsScaledValues)), ACTION_RESULT = string.Format("开始执行@{0}...", DateTime.Now.ToString()), ACTION_TIME = DateTime.Now, USER_ID = this.User.Identity.Name }; var calcMain = new CalcMain(context, new Dictionary <string, string> { { "username", this.User.Identity.Name }, { "ip", base.GetIp() } }); try { if (!isSelect && !isGetPagedDataing) { //非查询 var returnstr = calcMain.ExeSqlBlock(); if (string.IsNullOrWhiteSpace(returnstr)) { // 正常输出 outputMsg.msg = "无错误无输出"; log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString()); } else if (Regex.IsMatch(returnstr, "^ORA-[0-9]{4,5}\\b")) { string innerErr = string.Format(",执行中断@{1},发生数据库内部错误={0}", returnstr, DateTime.Now.ToString()); throw new ApplicationException(innerErr); } else { // 正常输出 outputMsg.msg = returnstr; log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString()); } if (!string.IsNullOrWhiteSpace(handler.PREPARING_BLOCK)) { //额外数据表输出 string extramsg = calcMain.GetQuery(); //outputMsg.msg = extramsg; log.ACTION_RESULT += string.Format("匿名块执行成功,执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg); } } else //查询 { string extramsg = calcMain.GetQuery(); outputMsg.msg = extramsg; log.ACTION_RESULT += string.Format(",执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg); } } catch (Exception ex) { //捕获异常,for查询类或者非查询类 outputMsg.hasError = true; outputMsg.msg = "执行失败!" + ex.Message + "\n" + outputMsg; if (isGetPagedDataing) { log.ACTION_RESULT += "--分页--"; } log.ACTION_RESULT += string.Format("执行失败@{0},错误信息={1}", DateTime.Now.ToString(), ex.Message); } finally { if (!isGetPagedDataing) { svc.CreateAsync(log); } } return(Task.FromResult(context)); } } else { throw new ApplicationException("不安全的执行"); } }