public ApiReturns Post(ViewPersonInfo viewPerson) { var loginUser = LoginStatus.GetLoginUser(); // 权限验证,非超级管理员不允许添加超级管理员账户,不允许添加不属于其所属单位的人员信息 if (!LoginStatus.IsSuperAdminLogin() && (viewPerson.UserType == 0 || viewPerson.DepartmentId != loginUser.DepartmentId)) { return(ApiReturns.Forbidden()); } viewPerson.AddTime = DateTime.Now; var person = new PersonInfo { AddTime = DateTime.Now, Name = viewPerson.Name, DepartmentId = viewPerson.DepartmentId, Gender = viewPerson.Gender, HeadPortraitPath = viewPerson.HeadPortraitPath ?? string.Empty, WorkNo = viewPerson.WorkNo }; var user = new SystemUser { Username = viewPerson.Username, Password = EncryptHelper.EncryptPassword(viewPerson.Password), UserType = viewPerson.UserType ?? 0 }; var success = _personBll.AddPeronAndSystemUser(person, user); return(success ? ApiReturns.Created() : ApiReturns.BadRequest()); }
public ApiReturns Put(int id, string newName) { if (string.IsNullOrEmpty(newName)) { return(ApiReturns.BadRequest()); } var file = _departFilesBll.QuerySingle(id); if (file == null) { return(ApiReturns.BadRequest()); } if (file.IsCommon && !LoginStatus.IsSuperAdminLogin()) { return(ApiReturns.Forbidden()); } file.FileName = newName; var success = UpdateFile(file, Operation.Update); if (success) { return(ApiReturns.Created()); } return(ApiReturns.Failed()); }
public ApiReturns Put(int id, ViewPersonInfo viewPerson) { var loginUser = LoginStatus.GetLoginUser(); // 权限验证,非超级管理员不允许将账户修改为超级管理员账户,不允许添加不属于其所属单位的人员信息 if (!LoginStatus.IsSuperAdminLogin() && (viewPerson.UserType == 0 || viewPerson.DepartmentId != loginUser.DepartmentId)) { return(ApiReturns.Forbidden()); } var person = _personBll.QuerySingle(id); var user = _systemUserBll.QuerySingle(s => s.PersonInfoId == id); if (person == null || user == null) { return(ApiReturns.BadRequest()); } person.Name = viewPerson.Name; person.DepartmentId = viewPerson.DepartmentId; person.Gender = viewPerson.Gender; person.HeadPortraitPath = viewPerson.HeadPortraitPath; person.WorkNo = viewPerson.WorkNo; user.Username = viewPerson.Username; user.UserType = viewPerson.UserType.Value; var success = _personBll.ExecuteTranscation(() => _personBll.Update(person), () => _systemUserBll.Update(user)); return(success ? ApiReturns.Created() : ApiReturns.BadRequest()); }
public ApiReturns Delete(int id) { var person = _personBll.QuerySingle(id); var user = _systemUserBll.QuerySingle(s => s.PersonInfoId == id); var loginUser = LoginStatus.GetLoginUser(); // 权限验证,非超级管理员不允许删除非本单位的账户 if (!LoginStatus.IsSuperAdminLogin() && person.DepartmentId != loginUser.DepartmentId) { return(ApiReturns.Forbidden()); } person.IsDeleted = true; user.IsDeleted = true; var success = _personBll.ExecuteTranscation(() => _personBll.Update(person) && _systemUserBll.Update(user)); return(success ? ApiReturns.NoContent() : ApiReturns.BadRequest()); }
public ApiReturns Delete(int id) { var dir = _dirBll.QuerySingle(id); // 顶级目录删除权限控制 if (dir.ParentId == 0 && !LoginStatus.IsSuperAdminLogin()) { return(ApiReturns.Forbidden()); } dir.IsDeleted = true; var success = UpdateDir(dir, Operation.Delete); if (success) { return(ApiReturns.NoContent()); } return(ApiReturns.Failed()); }
public ApiReturns Post(FileDirectory model) { // 只有超级管理员才能添加顶级目录 if (model.ParentId == 0 && !LoginStatus.IsSuperAdminLogin()) { return(ApiReturns.Forbidden()); } if (DirNameExists(model)) { return(ApiReturns.Exists()); } model.CreateTime = DateTime.Now; model.LastModifyTime = DateTime.Now; model.CreatorId = LoginStatus.GetLoginUser().Id; // 插入数据库 var success = _dirBll.ExecuteTranscation(() => { var s = _dirBll.Add(model).Id > 0; if (s) { var d = new DbUpdateLog(nameof(FileDirectory), model.Id, (int)Operation.Insert); return(_logBll.Add(d).Id > 0); } return(false); }); if (success) { return(ApiReturns.Created(model)); } return(ApiReturns.BadRequest()); }
public ApiReturns Delete(int id) { var file = _departFilesBll.QuerySingle(id); if (file == null) { return(ApiReturns.NotFound()); } if (file.IsCommon && !LoginStatus.IsSuperAdminLogin()) { return(ApiReturns.Forbidden()); } file.IsDeleted = true; var success = UpdateFile(file, Operation.Delete); if (success) { return(ApiReturns.NoContent()); } return(ApiReturns.Failed()); }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); // 超级管理员权限控制 if (!LoginStatus.IsSuperAdminLogin()) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, ApiReturns.Forbidden()); } }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); //_logger.Info("executing LoginFilter"); // 对使用AllowAnonymous特性标记的Action不执行验证 if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any()) { return; } // 从url中获取app_token var token = string.Empty; var query = actionContext.Request.RequestUri.Query; if (!string.IsNullOrEmpty(query)) { var match = Regex.Match(query, $@"\?.*?{Literals.AppTokenName}=([^&]+)&*"); token = match.Groups[1].Value; } if (string.IsNullOrEmpty(token)) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ApiReturns.Forbidden()); } CallContext.SetData(Literals.AppTokenName, token); if (!LoginStatus.HasLogin(token)) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, ApiReturns.TokenExpired()); } }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any()) { return; } if (actionContext.Request.Method.Method.ToUpper() == "GET") { return; } // 从url中获取app_token var token = string.Empty; var query = actionContext.Request.RequestUri.Query; if (!string.IsNullOrEmpty(query)) { var match = Regex.Match(query, $@"\?.*?{Literals.AppTokenName}=([^&]+)&*"); token = match.Groups[1].Value; } if (string.IsNullOrEmpty(token)) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ApiReturns.Forbidden()); } var repos = new Repository <SystemUser>(); var leagal = LoginHelper.IsTokenLeagal(token, userId => repos.QuerySingle(u => u.Id == userId)?.Password); if (leagal) { CallContext.SetData(Literals.AppTokenName, token); return; } actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, ApiReturns.TokenExpired()); }