private static void ErrorRediect(SystemAuthorizeErrorRedirect errorRediect, Action <string> RedirectUrl, Func <SystemAuthorizeErrorRedirectItemList, bool> actionExpression, Func <SystemAuthorizeErrorRedirectItemList, bool> controllerExpression, Func <SystemAuthorizeErrorRedirectItemList, bool> areaExpression)
{
if (errorRediect.ItemList == null)
{//返回默认错误地址
RedirectUrl(errorRediect.DefaultUrl);
}
else if (errorRediect.ItemList.Any(actionExpression))
{
var red = errorRediect.ItemList.Single(actionExpression);
RedirectUrl(red.ErrorUrl);
}
else if (errorRediect.ItemList.Any(controllerExpression))
{
var red = errorRediect.ItemList.Single(controllerExpression);
RedirectUrl(red.ErrorUrl);
}
else if (errorRediect.ItemList.Any(areaExpression))
{
var red = errorRediect.ItemList.Single(areaExpression);
RedirectUrl(red.ErrorUrl);
}
else if (errorRediect.ItemList.Any(it => it.SystemAuthorizeType == SystemAuthorizeType.All))
{
var red = errorRediect.ItemList.Single(it => it.SystemAuthorizeType == SystemAuthorizeType.All);
RedirectUrl(red.ErrorUrl);
}
else
{
RedirectUrl(errorRediect.DefaultUrl);
}
}
/// <summary>
/// 后台管理员验证
/// </summary>
/// <param name="filterContext"></param>
private static void CheckAdmin(AuthorizationContext filterContext)
{
List <SystemAuthorizeModel> smList = new List <SystemAuthorizeModel>()
{
new SystemAuthorizeModel()
{
SystemAuthorizeType = SystemAuthorizeType.Area, AreaName = "AdminSite", UserKeyArray = new dynamic[] { true }
}
};
AuthorizeService.PubControllerNames = new List <string>()
{
"Login"
}; //无需验证的控制器
SystemAuthorizeErrorRedirect sr = new SystemAuthorizeErrorRedirect();
sr.DefaultUrl = "/AdminSite/Login/Index";//没有权限都跳转到DefaultUrl
AuthorizeService.Start(filterContext, smList, sr, () =>
{
var cm = CacheManager <UserInfo> .GetInstance();
string uniqueKey = PubGet.GetUserKey;
var isLogin = cm.ContainsKey(uniqueKey);
return(isLogin);
});
}
/// <summary>
/// 启动系统授权
/// </summary>
/// <param name="filterContext"></param>
/// <param name="SystemAuthorizeList">所有验证项</param>
/// <param name="errorRediect">没有权限跳转地址</param>
/// <param name="GetCurrentUserId">获取当前用户ID</param>
public static void Start(AuthorizationContext filterContext, List <SystemAuthorizeModel> systemAuthorizeList, SystemAuthorizeErrorRedirect errorRediect, Func <object> GetCurrentUserKey)
{
if (errorRediect == null)
{
throw new ArgumentNullException("SystemAuthorizeService.Start.errorRediect");
}
if (systemAuthorizeList == null)
{
throw new ArgumentNullException("SystemAuthorizeService.Start.systemAuthorizeList");
}
//全部小写
foreach (var it in systemAuthorizeList)
{
if (it.ControllerName != null)
{
it.ControllerName = it.ControllerName.ToLower();
}
if (it.ActionName != null)
{
it.ActionName = it.ActionName.ToLower();
}
if (it.AreaName != null)
{
it.AreaName = it.AreaName.ToLower();
}
}
//声名变量
var context = filterContext.HttpContext;
var request = context.Request;
var response = context.Response;
string actionName = filterContext.ActionDescriptor.ActionName.ToLower();
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower();
string areaName = null;
bool isArea = filterContext.RouteData.DataTokens["area"] != null;
//是否有无需验证的控制器
if (PubControllerNames != null && PubControllerNames.Count > 0)
{
//无需验证跳过
if (PubControllerNames.Any(it => it.Equals(controllerName, StringComparison.CurrentCultureIgnoreCase)))
{
return;
}
}
//变量赋值
if (isArea)
{
areaName = filterContext.RouteData.DataTokens["area"].ToString().ToLower();
}
//函数方法
#region 函数方法
Action <string, string, string> Redirect = (action, controller, area) =>
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = controller, action = action, area = area }));
};
Action <string> RedirectUrl = url =>
{
filterContext.Result = new RedirectResult(url);
};
#endregion
Func <SystemAuthorizeErrorRedirectItemList, bool> redirectActionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName && it.Action == actionName;
Func <SystemAuthorizeErrorRedirectItemList, bool> redirectControllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName && it.Controller == controllerName;
Func <SystemAuthorizeErrorRedirectItemList, bool> redirectAreaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.Area == areaName;
Func <SystemAuthorizeModel, bool> actionExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Action && it.AreaName == areaName && it.ControllerName == controllerName && it.ActionName == actionName;
Func <SystemAuthorizeModel, bool> controllerExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Controller && it.AreaName == areaName && it.ControllerName == controllerName;
Func <SystemAuthorizeModel, bool> areaExpression = it => it.SystemAuthorizeType == SystemAuthorizeType.Area && it.AreaName == areaName;
dynamic userId = GetCurrentUserKey();
//所有权限
bool isAllByUserKey = IsAllByUserKey(systemAuthorizeList, userId);
bool isAreaByUserKey = IsAreaByUserKey(systemAuthorizeList, areaName, userId);
bool isControllerByUserKey = IsControllerByUserKey(systemAuthorizeList, areaName, controllerName, userId);
bool isActionByUserKey = IsActionByUserKey(systemAuthorizeList, areaName, controllerName, actionName, userId);
//有权限
var hasPower = (isAllByUserKey || isActionByUserKey || isControllerByUserKey || isAreaByUserKey);
//需要验证
var mustValidate = systemAuthorizeList.Any(actionExpression) || systemAuthorizeList.Any(controllerExpression) || systemAuthorizeList.Any(areaExpression);
if (!hasPower && mustValidate)
{
ErrorRediect(errorRediect, RedirectUrl, redirectActionExpression, redirectControllerExpression, redirectAreaExpression);
}
}
