public async Task <ActionResult> dmls(List <DmlIndex> dmls, SqlKeySetting sqlsetting, string memo)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
object msg;
bool failed = false;
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == sqlsetting.SQLKEY && s.STS == "A")).FirstOrDefault();
if (!string.IsNullOrWhiteSpace(sqlsetting.DML_WHERE_COLS))
{
setting.DML_WHERE_COLS = sqlsetting.DML_WHERE_COLS;//主键列,前端重算:根据后端配置+视图列 综合决定
}
if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
return(Json("你没有权限修改执行!"));
}
var checklist = setting.ALLOWED_DML.Split(',');
var headcheck = new List <string>();
foreach (var ck in checklist)
{
switch (ck.ToUpper())
{
case "U":
headcheck.Add("UPDATE " + setting.DML_ENTITY.ToUpper().Trim());
break;
case "I":
headcheck.Add("INSERT INTO " + setting.DML_ENTITY.ToUpper().Trim());
break;
case "D":
headcheck.Add("DELETE " + setting.DML_ENTITY.ToUpper().Trim());
break;
default:
break;
}
}
//行号,DML摘要,DML语句
Dictionary <int, string[]> befores = new Dictionary <int, string[]>();
//行号,执行结果:insert回填主键,update,和Delete则填结果数据即可
Dictionary <string, string> outs = new Dictionary <string, string>();
Hashtable safeSaveContext = new Hashtable();
safeSaveContext.Add("setting", sqlsetting);
safeSaveContext.Add("befores", befores);
safeSaveContext.Add("outs", outs);
//if(dmls.Any(s=> headcheck.Any(h=>s.IndexOf(h)>=0)))
foreach (var dml in dmls)
{
//如果在限定的头校验中都不匹配
if (headcheck.All(s => dml.sql.IndexOf(s) == -1))
{
throw new ApplicationException(dml.sql + ",不被允许!服务端校验未通过!");
}
befores.Add(dml.index, new string[] { dml.sql[0].ToString().ToUpper(), dml.sql });
}
try
{
DMLHelper.safeRun(safeSaveContext);
msg = outs;
}
catch (Exception e)
{
msg = (e.Message);
failed = true;
}
//var logservice = new OrmService<AP_ACTION_LOG_DBA>(db);
//var seqservice = new OrmService<CustomSequence>(db);
var type = msg.GetType();
var msgmean = "";
if (type == typeof(string))
{
msgmean = (string)msg;
}
else
{
msgmean = Newtonsoft.Json.JsonConvert.SerializeObject(msg);
}
var risk = String.Format("执行DML,sql-key={0},语句列表={1},数据列表={2}",
setting.SQLKEY, msgmean, memo);
risk = risk.Substring(0, Math.Min(3900, risk.Length));
var log = new AP_ACTION_LOG_DBA
{
LOG_ID = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
ACTION_BRIEF = setting.DML_ENTITY,
ACTION_IP = GetUserIp,
ACTION_PAGE = this.Request.RawUrl,
ACTION_PARAM = risk,
ACTION_RESULT = msgmean,
ACTION_TIME = DateTime.Now,
USER_ID = this.User.Identity.Name
};
await svc.CreateAsync <AP_ACTION_LOG_DBA>(log);
var r = new { msg = msg, hasError = failed };
return(Json(r));
}
}
//[Authorize]
private Task <RenderContext> _ExecuteHandler(decimal id, RenderContext context)
{
bool EvolvesSafe = true;//Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["EvolvesSafe"]);//是否全盘接受客户端参数
bool isGetPagedDataing = null != context.ExecutionIO && context.ExecutionIO.HasTable;
var valuecontext = context.paramsScaledValues;
if (EvolvesSafe)//安全方式,从服务端加载参数.
{
var mainid = id;
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
//List<String> cols = new List<string>();
//List<Object[]> data = new List<object[]>();
ExecutionIO outputMsg = context.ExecutionIO;
var handler = svc.GetByIdAsync <EasyHandler>(id).Result;
bool isSelect = "SELECT".Equals(handler.SQL_CMD_TYPE);
context.handler = handler;//防止被黑
//var logservice = new OrmService<AP_ACTION_LOG_DBA>(svc);
//var seqservice = new OrmService<CustomSequence>(svc);
var log = new SqlFace.Models.AP_ACTION_LOG_DBA
{
LOG_ID = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
ACTION_BRIEF = null,
ACTION_IP = base.GetIp(),
ACTION_PAGE = this.Request.RequestUri.AbsolutePath,
ACTION_PARAM = String.Format("执行通用处理器{0}-{1},参数={2}", handler.HANDLER_ID, handler.HANDLER_NAME, Newtonsoft.Json.JsonConvert.SerializeObject(context.paramsScaledValues)),
ACTION_RESULT = string.Format("开始执行@{0}...", DateTime.Now.ToString()),
ACTION_TIME = DateTime.Now,
USER_ID = this.User.Identity.Name
};
var calcMain = new CalcMain(context, new Dictionary <string, string> {
{ "username", this.User.Identity.Name }, { "ip", base.GetIp() }
});
try
{
if (!isSelect && !isGetPagedDataing)
{ //非查询
var returnstr = calcMain.ExeSqlBlock();
if (string.IsNullOrWhiteSpace(returnstr))
{
// 正常输出
outputMsg.msg = "无错误无输出";
log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString());
}
else if (Regex.IsMatch(returnstr, "^ORA-[0-9]{4,5}\\b"))
{
string innerErr = string.Format(",执行中断@{1},发生数据库内部错误={0}", returnstr, DateTime.Now.ToString());
throw new ApplicationException(innerErr);
}
else
{ // 正常输出
outputMsg.msg = returnstr;
log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString());
}
if (!string.IsNullOrWhiteSpace(handler.PREPARING_BLOCK))
{
//额外数据表输出
string extramsg = calcMain.GetQuery();
//outputMsg.msg = extramsg;
log.ACTION_RESULT += string.Format("匿名块执行成功,执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg);
}
}
else //查询
{
string extramsg = calcMain.GetQuery();
outputMsg.msg = extramsg;
log.ACTION_RESULT += string.Format(",执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg);
}
}
catch (Exception ex)
{
//捕获异常,for查询类或者非查询类
outputMsg.hasError = true;
outputMsg.msg = "执行失败!" + ex.Message + "\n" + outputMsg;
if (isGetPagedDataing)
{
log.ACTION_RESULT += "--分页--";
}
log.ACTION_RESULT += string.Format("执行失败@{0},错误信息={1}", DateTime.Now.ToString(), ex.Message);
}
finally
{
if (!isGetPagedDataing)
{
svc.CreateAsync(log);
}
}
return(Task.FromResult(context));
}
}
else
{
throw new ApplicationException("不安全的执行");
}
}