protected IList<int> getAuthedDeptIds(string controllerName,string idStr,out int empId)
{
IList<int> deptIdList = null;
empId = 0;
var d = new DeptController();
if (idStr != null)
{
if (idStr.IndexOf("EmpId") >= 0)
{
empId = int.Parse(idStr.Replace("EmpId", ""));
}
else
{
deptIdList = d.GetChildDeptIdList(int.Parse(idStr));
}
}
else
{
EmpBasicInfo ebi = Session["ebi"] as EmpBasicInfo;
IList<EmpRole> empRole = ebi.EmpRoles;
List<int> empRoleIds = new List<int>();
foreach (EmpRole er in empRole)
{
empRoleIds.Add(er.RoleId);
}
List<int> sessionDeptIdList = Session["deptIdList"] as List<int>;
deptIdList = d.GetDeptIdListByController(controllerName, empRoleIds, sessionDeptIdList);
if (deptIdList.Count == 0)
{
empId = ebi.Id;
}
}
return deptIdList;
}
//公共通讯薄
public ActionResult GetContactInfo(int? deptId)
{
IQueryable<EmpProfileWithDep> list;
if (deptId != null)
{
var d = new DeptController();
IList<int> deptIdList = d.GetChildDeptIdList((int)deptId);
list = from r in ctx.Employees where r.LeaveDate == null && Nullable.Equals(r.LeaveDate,null) && (from r1 in ctx.EmpDepPositions where deptIdList.ToArray().Contains(r1.DeptId) select r1.EmpId).Contains(r.Id) orderby r.Name select new EmpProfileWithDep { Id = r.Id, JobNo = r.JobNo, Name = r.Name,Dep = r.EmpDepPositions.FirstOrDefault().Depts.Text, TelExt = r.TelExt, Mobile = r.Mobile, ShortNo = r.ShortNo, IdAddress = r.IdAddress };
}
else
{
list = from r in ctx.Employees where r.LeaveDate == null && Nullable.Equals(r.LeaveDate, null) orderby r.Name select new EmpProfileWithDep { Id = r.Id, JobNo = r.JobNo, Name = r.Name,Dep = r.EmpDepPositions.FirstOrDefault().Depts.Text, TelExt = r.TelExt, Mobile = r.Mobile, ShortNo = r.ShortNo, IdAddress = r.IdAddress };
}
IList<EmpProfileWithDep> epd = list.ToList();
EmpBasicInfo ebi = Session["ebi"] as EmpBasicInfo;
if(ebi.EmpDepPos.Where(r=>r.PosId<=4).Count()==0)//不是总监(含)级别,则隐藏其他部门员工手机号
{
foreach (var v in epd)
{
if(ebi.EmpDepPos.Where(r=>r.DeptId==v.DeptId).Count()==0)
{
v.Mobile = null;
}
}
}
CJson CJson = new CJson();
string json = CJson.ToJsonString("totalCount:" + epd.Count() + ",data", epd);
return Content(json);
}
//权限判断业务逻辑
private bool authorizeCore(ActionExecutingContext filterContext)
{
bool bResult = true;
EmpBasicInfo ebi;
if (filterContext.HttpContext.Session["ebi"] == null)
{
string s = filterContext.HttpContext.Request.Cookies["empBasicInfo"].Value;//取用户基本信息
s = CommonController.Decrypt(s, CommonController.myKey);//字符串解密
JavaScriptSerializer jss = new JavaScriptSerializer();
ebi = jss.Deserialize<EmpBasicInfo>(s);//对象反序列化
filterContext.HttpContext.Session["ebi"] = ebi;
List<int> deptTopIds=new List<int>();
List<int> deptIdList=new List<int>();
int empId = ebi.Id;
int[] posArr = { 8, 9, 10, 11 };
IQueryable<EmpDepPosition> listEDP = from r in ctx.EmpDepPositions where r.EmpId == empId && !posArr.Contains(r.PosId) orderby r.PosId select r;
var d = new DeptController();
foreach (var edp in listEDP)
{
if (deptIdList.Contains(edp.DeptId))//此部门节点已被其他部门包含
{
continue;
}
deptTopIds.Add(edp.DeptId);
deptIdList=deptIdList.Concat(d.GetChildDeptIdList(edp.DeptId)).ToList();
}
filterContext.HttpContext.Session["deptTopIds"] = deptTopIds;//顶级部门Id
filterContext.HttpContext.Session["deptIdList"] = deptIdList;//所有部门Id
}
if (filterContext.HttpContext.Request.Cookies["empBasicInfo"] == null)
{
ebi = filterContext.HttpContext.Session["ebi"] as EmpBasicInfo;
//保存cookie
HttpCookie cookieEmpId = new HttpCookie("empId", ebi.Id.ToString());
filterContext.HttpContext.Response.Cookies.Add(cookieEmpId);
HttpCookie cookieEmpName = new HttpCookie("empName", HttpUtility.UrlEncodeUnicode(ebi.Name));
filterContext.HttpContext.Response.Cookies.Add(cookieEmpName);
HttpCookie cookieJobNo = new HttpCookie("jobNo",ebi.JobNo);
filterContext.HttpContext.Response.Cookies.Add(cookieJobNo);
JavaScriptSerializer jss = new JavaScriptSerializer();
string ebiStr = jss.Serialize(ebi);
ebiStr = CommonController.Encrypt(ebiStr, CommonController.myKey);//加密的用户信息
HttpCookie cookieEBI = new HttpCookie("empBasicInfo", ebiStr);
filterContext.HttpContext.Response.Cookies.Add(cookieEBI);
}
#region //根据ebi判断controller+action的可执行权限
//var user = new CurrentUser();//获取当前用户信息
//var controllerName = filterContext.RouteData.Values["controller"].ToString();
//var actionName = filterContext.RouteData.Values["action"].ToString();
//if (isViewPage && controllerName.ToLower() != "main" && actionName.ToLower() != "masterpage")//如果当前Action请求为具体的功能页并且不是MasterPage页
//{
// if (user.MenuPermission.Count(m => m.ControllerName == controllerName && m.ActionName == actionName) == 0)
// return false;
//}
//else
//{
// var actions = ContainerFactory.GetContainer().Resolve<IAuthorityFacade>().GetAllActionPermission();//所有被维护的Action权限
// if (actions.Count(a => a.ControllerName == controllerName && a.ActionName == actionName) != 0)//如果当前Action属于被维护的Action权限
// {
// if (user.ActionPermission.Count(a => a.ControllerName == controllerName && a.ActionName == actionName) == 0)
// return false;
// }
//}
#endregion
return bResult;
}