/// <summary> /// Checks the permission. /// </summary> /// <returns>The permission.</returns> /// <param name="filterContext">Filter context.</param> /// <param name="message">Message.</param> protected virtual PermissionCheckResult CheckPermission(ActionExecutingContext filterContext, out string message) { var currentRequestController = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; var currentRequestAction = filterContext.ActionDescriptor.ActionName; var session = new SessionExt(filterContext.HttpContext); message = ""; //检查是否在排除列表 var ex = ExcludeUrlConfiguration.GetExcludeUrl( currentRequestController, currentRequestAction); if (ex != null) { return(PermissionCheckResult.Passed); } //检查Session if (!CheckSession(filterContext)) { message = LanguageResources.Common.NeedLogin; #if DEBUG LogHelper.WriteLog("跳登陆,原因:Session丢失\r\nSessionId" + new SessionExt(filterContext.HttpContext).SessionId); #endif return(PermissionCheckResult.NeedLogin); } //检查权限控制 var permissions = RetechWing.BusinessCache.SystemCache.Instance.Permissions; //找到请求对应的权限 var currentPermission = permissions.FirstOrDefault( p => p.Controller.Equals(currentRequestController, StringComparison.OrdinalIgnoreCase) && p.Action.Equals(currentRequestAction, StringComparison.OrdinalIgnoreCase) ); if (currentPermission == null) { //当前请求没有在权限列表中,暂定通过 return(PermissionCheckResult.Passed); } //属于用户的权限 var user = session["currentUser"] as SysUser; var userRights = RetechWing.BusinessCache.SystemCache.Instance.UserPermissions(user.UserId, new RoleManager().GetUserPermissionIds); if (userRights.Contains(currentPermission.PermissionId)) { //通过 return(PermissionCheckResult.Passed); } #if DEBUG LogHelper.WriteLog("跳登陆,原因:没有权限\r\nSessionId" + new SessionExt(filterContext.HttpContext).SessionId); #endif //以下是未通过的情况 message = LanguageResources.Common.NoRight; return(PermissionCheckResult.NoPermission); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { var session = new SessionExt(filterContext.HttpContext); //检查是否在排除列表 var currentRequestController = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; var currentRequestAction = filterContext.ActionDescriptor.ActionName; var ex = ExcludeUrlConfiguration.GetExcludeUrl(currentRequestController, currentRequestAction); if (ex == null) { if (session["currentUser"] == null) { //直接输入Url地址 string urlReferrer = ""; if (filterContext.HttpContext.Request.QueryString["keep"] == "1") { urlReferrer = filterContext.HttpContext.Request.Url.ToString(); } else { if (session["lastRequestUrl"] != null) { urlReferrer = session["lastRequestUrl"].ToString(); } else { urlReferrer = filterContext.HttpContext.Request.UrlReferrer == null ? "/" : filterContext.HttpContext.Request.UrlReferrer.ToString(); } } var controller = filterContext.Controller as System.Web.Mvc.Controller; if (string.IsNullOrWhiteSpace(filterContext.HttpContext.Request.Params["code"]) && string.IsNullOrWhiteSpace(filterContext.HttpContext.Request.Params["openID"])) { filterContext.Result = new RedirectResult(WeixinCommon.GetAuthorizeUserInfoUrl(controller.Url.RetechAction("VerifyUser", "WeiXin", new { area = "Mobile" }) + "?backUrl=" + controller.Url.Encode(urlReferrer), Senparc.Weixin.MP.AdvancedAPIs.OAuthScope.snsapi_userinfo)); return; } else { string openID = ""; if (string.IsNullOrWhiteSpace(filterContext.HttpContext.Request.Params["openID"])) { string code = filterContext.HttpContext.Request.Params["code"]; openID = WeixinCommon.GetOpenidByCode(code); } else { openID = filterContext.HttpContext.Request.Params["openID"]; } var user = new UserManager().GetUserByOpenID(openID); if (user == null) { filterContext.Result = new RedirectResult(controller.Url.RetechAction("BindingAccount", "WeiXin", new { area = "Mobile" }) + "?openID=" + openID + "&msg=您还未绑定用户信息!&backUrl=" + controller.Url.Encode(urlReferrer)); return; } else { user.OpenID = openID; session["currentUser"] = user; session["currentTenant"] = new TenantManager().GetTenantById(user.TenantId); } } } } base.OnActionExecuting(filterContext); }