public UserAccountTests()
{
adminBiz = new AdminBusiness(dbContext);
physBiz = new PhysicianBusiness(dbContext);
agentBiz = new AgentBusiness(dbContext);
vendorBiz = new VendorBusiness(dbContext);
patientBiz = new PatientBusiness(dbContext);
}
public BaseController() : base()
{
loginBusiness = new LoginBusiness(this.GetContext());
batchBusiness = new BatchBusiness(this.GetContext());
cardBusiness = new CardBusiness(this.GetContext());
requestBusiness = new RequestBusiness(this.GetContext());
newsBusiness = new NewsBusiness(this.GetContext());
cusBusiness = new CustomerBusiness(this.GetContext());
rankBusiness = new RankBusiness(this.GetContext());
configBusiness = new ConfigBusiness(this.GetContext());
pointBusiness = new PointBusiness(this.GetContext());
warrantyBusiness = new WarrantyBusiness(this.GetContext());
statisticBus = new StatisticBusiness(this.GetContext());
orderBus = new OrderBusiness(this.GetContext());
userBusiness = new UserBusiness(this.GetContext());
itemBusiness = new ItemBusiness(this.GetContext());
productsBusiness = new ItemBusiness(this.GetContext());
notifyBusiness = new NotifyBusiness(this.GetContext());
shopBusiness = new ShopBusiness(this.GetContext());
agentBusiness = new AgentBusiness(this.GetContext());
vnpay = new VNPay(this.GetContext());
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
//判断是否继承了特性AllowAnonymousAttribute,继承则不做权限校验
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return(await continuation());
}
if (actionContext.ActionDescriptor is ReflectedHttpActionDescriptor)
{
var methodInfo = ((ReflectedHttpActionDescriptor)actionContext.ActionDescriptor).MethodInfo;
if (methodInfo == null)
{
return(await continuation());
}
}
try
{
var Request = System.Web.HttpContext.Current.Request;
var appkey = Request.Headers["appKey"];
if (string.IsNullOrEmpty(appkey))
{
throw new AuthorizationException(401001, "缺少参数:appKey");
}
var token = Request.Headers["token"];
if (string.IsNullOrEmpty(token))
{
throw new AuthorizationException(401002, "缺少参数:token");
}
var collectionName = Request.Headers["collectionName"];
if (string.IsNullOrEmpty(collectionName))
{
throw new AuthorizationException(401003, "缺少参数:collectionName");
}
var requestTimeStr = Request.Headers["requestTime"];
if (string.IsNullOrEmpty(requestTimeStr))
{
throw new AuthorizationException(401008, "缺少参数:requestTime");
}
var agent = new AgentBusiness().GetByAppKey(appkey);
if (agent == null)
{
throw new AuthorizationException(401004, "不存在的代理信息");
}
var requestTime = requestTimeStr.ToDateTime();
if (requestTime == default(DateTime))
{
throw new AuthorizationException(401009, "无效的参数:requestTime");
}
string param_str = actionContext.Request.Content.ReadAsStringAsync().Result;
var str = string.Format("{0}{1}", param_str, agent.MasterSecret);
str = str.MD5();
if (str != token)
{
throw new AuthorizationException(401007, "无效的签名");
}
var collectionRights = new DataCollectionRightBusiness().GetListByAgentIdAndCollectionName(agent.Id.ToString(), collectionName);
if (!collectionRights.ExistsData())
{
throw new AuthorizationException(401005, "未分配任何权限");
}
var actionAuthTypeConfig = actionContext.ActionDescriptor.GetCustomAttributes <AuthTypeAttribute>().FirstOrDefault();
if (actionAuthTypeConfig == null)
{
throw new AuthorizationException(401006, $"{actionContext.ActionDescriptor.ActionName}缺少权限配置");
}
var authType = actionAuthTypeConfig.ActionAuthType;
if (collectionRights.Any(row => authType.HasFlag(row.Auth)))
{
return(await continuation());
}
else
{
throw new AuthorizationException(401, "无权访问");
}
}
catch (AuthorizationException ex)
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new ObjectContent <ActionResult>(new ActionResult()
{
Status = false,
Error = new ErrorInfo()
{
Message = ex.Message,
Code = ex.HResult,
},
}, GlobalConfiguration.Configuration.Formatters.JsonFormatter)
});
}
}
