protected override void OnAuthorization(AuthorizationContext filterContext)
{
//不能应用在子方法上
if (filterContext.IsChildAction)
{
return;
}
//当用户ip不在允许的后台访问ip列表时
if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AdminAllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AdminAllowAccessIP))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//当用户IP被禁止时
if (BannedIPs.CheckIP(WorkContext.IP))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//当用户等级是禁止访问等级时
if (WorkContext.UserRid == 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//如果当前用户没有登录
if (WorkContext.Uid < 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//如果当前用户不是管理员
if (WorkContext.AdminGid == 1)
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("404", "您访问的网址不存在");
}
else
{
filterContext.Result = new RedirectResult("/");
}
return;
}
//判断当前用户是否有访问当前页面的权限
if (WorkContext.Controller != "home" && !AdminGroups.CheckAuthority(WorkContext.AdminGid, WorkContext.Controller, WorkContext.PageKey))
{
if (WorkContext.IsHttpAjax)
{
filterContext.Result = AjaxResult("nopermit", "您没有当前操作的权限");
}
else
{
filterContext.Result = PromptView("您没有当前操作的权限!");
}
return;
}
}