private void WidgetController_BeforeActionExecute(object sender, BeforeActionExecuteEventArgs e)
{
JContext jc = e.JContext;
if (jc == null)
{
//服务器错误
ResponseUtil.OutputJson(httpContext.Response, new { code = 500, msg = "不合法请求" });
e.PreventDefault = true;
return;
}
if (!jc.IsAuth)
{
//权限验证失败
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
#region 校验站点信息
if (string.IsNullOrEmpty(jc.Params["siteId"]))
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "参数列表不正确,缺少SiteId参数" });
e.PreventDefault = true;
return;
}
var site = Site.Get(jc.Params["siteId"]);
if (site == null)
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "指定的站点不存在" });
e.PreventDefault = true;
return;
}
#endregion
#region 校验用户对站点的权限
var relation = (from q in SiteUsers.CreateContext()
where q.UserId == jc.UserName && q.SiteId == site.Id
select q).FirstOrDefault();
//只有管理人员才可以对站点的挂件进行编辑
if (relation == null || relation.PermissionLevel != PermissionLevel.ADMIN)
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
#endregion
jc["site"] = site;
}
protected virtual void Invoke(object sender, EventArgs e)
{
if (EventBroker.IsStaticResource((sender as HttpApplication).Request))
{
return;
}
JContext jc = JContext.Current;
try
{
jc.Controller = ControllerResolver.Instance.CreateController(jc.Navigation.Id);
if (jc.Controller == null)
{
if (jc.IsEmbed)
{
jc.RenderContent = false;
ResponseUtil.OutputJson(jc.Context.Response,
new TemplatedControl()
{
UsedInMvc = jc.Context.Request.Headers["usedinmvc"].ToBoolean(true), OverrideSkinName = true, Templated = true
}.Execute());
}
return;
}
object[] attrs = jc.Controller.GetType().GetCustomAttributes(typeof(CheckLicenceAttribute), true);
if (attrs.Length == 1)
{
ILicenceProvider lp = ServiceLocator.Instance.SafeResolve <ILicenceProvider>();
if (lp != null && !lp.Check())
{
if (!lp.OnLicenceInvalid())
{
return;
}
}
}
jc.Controller.jc = jc;
jc.ViewData["this"] = jc.Controller;
invoker.InvokeAction(jc);
}
catch (ThreadAbortException) { }// ignore this exception
}
private void CategoryController_BeforeActionExecute(object sender, BeforeActionExecuteEventArgs e)
{
JContext jc = e.JContext;
if (jc == null)
{
//服务器错误
ResponseUtil.OutputJson(httpContext.Response, new { code = 500, msg = "不合法请求" });
e.PreventDefault = true;
return;
}
if (!jc.IsAuth)
{
//权限验证失败
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
#region 校验站点信息
if (string.IsNullOrEmpty(jc.Params["siteId"]))
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "参数列表不正确,缺少SiteId参数" });
e.PreventDefault = true;
return;
}
var site = Site.Get(jc.Params["siteId"]);
if (site == null)
{
ResponseUtil.OutputJson(httpContext.Response, new { code = 200, msg = "指定的站点不存在" });
e.PreventDefault = true;
return;
}
#endregion
jc["site"] = site;
}
private void SiteController_BeforeActionExecute(object sender, BeforeActionExecuteEventArgs e)
{
JContext jc = e.JContext;
if (jc == null)
{
//服务器错误
ResponseUtil.OutputJson(httpContext.Response, new { code = 500, msg = "不合法请求" });
e.PreventDefault = true;
return;
}
//只有管理员角色才能访问该控制器下的接口
if (!jc.IsAuth || !jc.User.IsInRole("admin"))
{
//权限验证失败
ResponseUtil.OutputJson(httpContext.Response, new { code = 403, msg = "没有权限访问" });
e.PreventDefault = true;
return;
}
}
void proc()
{
JContext jc = JContext.Current;
HttpContext context = jc.Context;
// set a ajax request token
jc.IsAjaxRequest = true;
// get querystring
string qs = context.Request.Params["querystring"];
if (StringUtil.HasText(qs))
{
qs = qs.TrimStart('?');
jc.QueryString.Add(StringUtil.DelimitedEquation2NVCollection("&", qs));
}
if (context.Request.UrlReferrer != null)
{
UrlMappingModule module = UrlMappingModule.Instance;
if (module != null)
{
UrlMappingItem mapping = null;
jc.QueryString.Add(module.GetMappedQueryString(context.Request.UrlReferrer.AbsolutePath, out mapping));
if (mapping != null)
{
NavigationInfo navi = new NavigationInfo();
navi.Set(mapping, UrlMappingModule.GetUrlRequested(context.Request.UrlReferrer.AbsolutePath));
jc.Navigation = navi;
// fire url matched event
module.OnUrlMatched();
}
}
}
// set view data
UrlMappingModule.SetViewData();
string classId = context.Request.Params[CLASS_ID_PARAM];
string methodName = context.Request.Params[METHOD_NAME_PARAM];
string methodJsonArgs = context.Request.Params[METHOD_ARGS_PARAM];
string jsonp = context.Request.Params[JSONP];
object result;
int cacheMinutes = -1;
if (string.IsNullOrEmpty(classId) || string.IsNullOrEmpty(methodName))
{
result = "null";
}
else
{
AjaxConfiguration config = AjaxConfiguration.GetConfig();
AjaxMethod m = null;
try
{
string id = jc.Navigation.Id;
if (id.Contains(":"))
{
id = id.Substring(id.IndexOf(":") + 1);
}
AjaxClass c = config.FindClass(classId, id);
m = config.FindMethod(c, methodName);
if (string.Equals("Post", m.AjaxType, StringComparison.InvariantCultureIgnoreCase))
{
cacheMinutes = -1;
}
else if (StringUtil.HasText(m.CacheTest))
{
cacheMinutes = methodJsonArgs.Equals(m.CacheTest) ? cacheMinutes : -1;
}
// before execute
BeforeExecuteEventArgs e = new BeforeExecuteEventArgs()
{
JContext = jc, TypeName = c.Key, MethodName = m.MethodName
};
OnBeforeExecute(e);
if (e.PreventDefault)
{
result = e.ReturnValue;
goto response;
}
if (c.Type != null)
{
result = m.Invoke(c.Type, methodJsonArgs);
}
else
{
result = m.Invoke(c.TypeString, methodJsonArgs);
}
}
catch (Exception ex)
{
LogManager.GetLogger <AjaxController>().Error("ajax handler error." + ExceptionUtil.WriteException(ex));
AjaxServerException ajaxEx = null;
if (m != null)
{
ajaxEx = m.Exception;
}
if (ajaxEx != null)
{
result = ajaxEx.ToJson();
}
else
{
result = null;
}
}
}
goto response;
response:
OnAfterExecute(result);
ResponseUtil.OutputJson(context.Response, result, cacheMinutes, jsonp);
ContentType = context.Response.ContentType;
}
public bool InvokeAction(JContext jc)
{
MethodInfo mi = getActionMethod(jc);
if (mi == null)
{
return(false);
}
object ret = null;
try
{
if (jc.User != null)
{
object[] attrs = mi.GetCustomAttributes(typeof(PermissionAttribute), true);
if (attrs.Length > 0)
{
PermissionAttribute attr = attrs[0] as PermissionAttribute;
if (!string.IsNullOrEmpty(attr.Permission))
{
if (jc.User.HasPermission(attr.Permission))
{
goto execute;
}
else
{
jc.User.OnPermissionDenied(new PermissionDeniedEventArgs(attr.Permission));
}
}
}
}
else
{
goto execute;
}
execute:
// before execute action
Controller.BeforeActionExecuteEventArgs e = new Controller.BeforeActionExecuteEventArgs()
{
JContext = jc
};
jc.Controller.OnBeforeActionExecute(e);
Controller.AfterActionExecuteEventArgs e2 = new Controller.AfterActionExecuteEventArgs()
{
JContext = jc
};
if (e.PreventDefault)
{
ret = e.ReturnValue;
}
bool support_embed = false;
if (jc.IsPost)
{
jc.RenderContent = false;
if (!e.PreventDefault)
{
NameValueCollection form = jc.Form;
// 在post表单中加入key不存在的querystring值
foreach (string key in jc.QueryString.Keys)
{
if (form[key] == null)
{
form[key] = jc.QueryString[key];
}
}
ret = execute(jc.Controller, mi, form);
}
e2.Result = ret;
jc.Controller.OnAfterActionExecute(e2);
ret = e2.Result;
if (ret != null)
{
if (ret is ActionResult)
{
ActionResult actionResult = ret as ActionResult;
actionResult.ExecuteResult(jc);
}
else if (!jc.RenderContent)
{
ResponseUtil.OutputJson(jc.Context.Response, ret);
}
}
}
else
{
if (!e.PreventDefault)
{
ret = execute(jc.Controller, mi, jc.QueryString);
}
e2.Result = ret;
jc.Controller.OnAfterActionExecute(e2);
ret = e2.Result;
if (ret != null)
{
if (ret is ActionResult)
{
ActionResult actionResult = ret as ActionResult;
actionResult.ExecuteResult(jc);
support_embed = ret is ViewResult;
}
else
{
jc.RenderContent = false;
int cacheMinutes = 0;
object[] attrs = mi.GetCustomAttributes(typeof(HttpGetAttribute), false);
if (attrs.Length == 1)
{
cacheMinutes = (attrs[0] as HttpGetAttribute).CacheMinutes;
}
ResponseUtil.OutputJson(jc.Context.Response, ret, cacheMinutes);
}
}
else
{
support_embed = true;
}
}
if (support_embed && jc.IsEmbed)
{
jc.RenderContent = false;
ResponseUtil.OutputJson(jc.Context.Response,
new TemplatedControl()
{
UsedInMvc = jc.Context.Request.Headers["usedinmvc"].ToBoolean(true), OverrideSkinName = true, Templated = true
}.Execute());
}
// 发送控制器执行时间的消息
send_action_execute_msg(jc);
}
catch (ThreadAbortException) { }// ignore this exception
catch (Exception ex)
{
jc.Controller.OnException(ex);
}
return(true);
}