public PtcIdentity( IIdentity identity, UserBase currentUser, string GroupName, MenuNodeAttribute actionAuthDefine) { //原始ID _orgIdentity = identity; //目前使用者 _currentUser = currentUser; //action沒設定,表示全部有效 if (actionAuthDefine == null) { _groupActionOperation = AuthNodeType.All; return; } //取得使用者的定義 if (_currentUser.UserPageAuth.ContainsKey(GroupName)) { _currentUserGroupAction = _currentUser.UserPageAuth[GroupName]; _groupActionOperation = _currentUserGroupAction.AuthType; //使用者沒有設定操作操限 if (_currentUserGroupAction.AuthType == null) { throw new Exception("沒設定功能的操作權限(CRUD)"); } //操作權限不符合 if (_currentUserGroupAction.AuthType.Value.HasFlag(actionAuthDefine.AuthType) == false) { throw new Exception("功能的操作權限不符合(CRUD)"); } } else { //找出使用者權限設定項目 throw new Exception("沒該功能權限"); } }
public void OnAuthentication(AuthenticationContext filterContext) { //未登入 if (filterContext.Principal == null || !filterContext.Principal.Identity.IsAuthenticated) { //filterContext.Controller.TempData["UnauthorizedMessage"] = "尚未登入"; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } var currentUser = new UserBase(); #region 取得用户信息 try { currentUser = _userService.Integration(filterContext.Principal.Identity.Name); currentUser.CompCd = "711"; //目前網頁只for超商,部份廠商服務多個Bu(帳號主檔無公司別) if (currentUser == null) { filterContext.Controller.TempData["UnauthorizedMessage"] = "找不到用户信息"; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } currentUser.CalcAuth(); } catch (Exception ex) { filterContext.Controller.TempData["UnauthorizedMessage"] = ex.Message; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } #endregion #region 检查controller action上的meta Data //取得Menu上的權限定義 MenuNodeAttribute actionAuthDefine = null; foreach (object item in filterContext.ActionDescriptor.GetCustomAttributes(false)) { actionAuthDefine = item as MenuNodeAttribute; if (actionAuthDefine != null) { break; } } #endregion #region 取得controller加action的組合名稱groupName string groupName = "bypass"; if (actionAuthDefine != null) { //組合GroupName string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; if (string.IsNullOrEmpty(actionAuthDefine.GroupName)) { groupName = controllerName; } else { groupName = controllerName + "_" + actionAuthDefine.GroupName; } } #endregion PtcIdentity id = null; try { //没有设定meta Data if (groupName == "bypass") { id = new PtcIdentity( filterContext.Principal.Identity, currentUser, "No GroupName", null); } else { id = new PtcIdentity( filterContext.Principal.Identity, currentUser, groupName, actionAuthDefine); } //产生身份信息 filterContext.Principal = new GenericPrincipal(id, null); } catch (Exception ex) { filterContext.Controller.TempData["UnauthorizedMessage"] = ex.Message; filterContext.Result = new System.Web.Mvc.HttpUnauthorizedResult(); return; } }