public ApiReturns Post(ViewPersonInfo viewPerson)
{
var loginUser = LoginStatus.GetLoginUser();
// 权限验证,非超级管理员不允许添加超级管理员账户,不允许添加不属于其所属单位的人员信息
if (!LoginStatus.IsSuperAdminLogin() && (viewPerson.UserType == 0 || viewPerson.DepartmentId != loginUser.DepartmentId))
{
return(ApiReturns.Forbidden());
}
viewPerson.AddTime = DateTime.Now;
var person = new PersonInfo
{
AddTime = DateTime.Now,
Name = viewPerson.Name,
DepartmentId = viewPerson.DepartmentId,
Gender = viewPerson.Gender,
HeadPortraitPath = viewPerson.HeadPortraitPath ?? string.Empty,
WorkNo = viewPerson.WorkNo
};
var user = new SystemUser
{
Username = viewPerson.Username,
Password = EncryptHelper.EncryptPassword(viewPerson.Password),
UserType = viewPerson.UserType ?? 0
};
var success = _personBll.AddPeronAndSystemUser(person, user);
return(success ? ApiReturns.Created() : ApiReturns.BadRequest());
}
public ApiReturns Put(int id, string newName)
{
if (string.IsNullOrEmpty(newName))
{
return(ApiReturns.BadRequest());
}
var file = _departFilesBll.QuerySingle(id);
if (file == null)
{
return(ApiReturns.BadRequest());
}
if (file.IsCommon && !LoginStatus.IsSuperAdminLogin())
{
return(ApiReturns.Forbidden());
}
file.FileName = newName;
var success = UpdateFile(file, Operation.Update);
if (success)
{
return(ApiReturns.Created());
}
return(ApiReturns.Failed());
}
public ApiReturns Put(int id, ViewPersonInfo viewPerson)
{
var loginUser = LoginStatus.GetLoginUser();
// 权限验证,非超级管理员不允许将账户修改为超级管理员账户,不允许添加不属于其所属单位的人员信息
if (!LoginStatus.IsSuperAdminLogin() && (viewPerson.UserType == 0 || viewPerson.DepartmentId != loginUser.DepartmentId))
{
return(ApiReturns.Forbidden());
}
var person = _personBll.QuerySingle(id);
var user = _systemUserBll.QuerySingle(s => s.PersonInfoId == id);
if (person == null || user == null)
{
return(ApiReturns.BadRequest());
}
person.Name = viewPerson.Name;
person.DepartmentId = viewPerson.DepartmentId;
person.Gender = viewPerson.Gender;
person.HeadPortraitPath = viewPerson.HeadPortraitPath;
person.WorkNo = viewPerson.WorkNo;
user.Username = viewPerson.Username;
user.UserType = viewPerson.UserType.Value;
var success = _personBll.ExecuteTranscation(() => _personBll.Update(person), () => _systemUserBll.Update(user));
return(success ? ApiReturns.Created() : ApiReturns.BadRequest());
}
public ApiReturns Delete(int id)
{
var person = _personBll.QuerySingle(id);
var user = _systemUserBll.QuerySingle(s => s.PersonInfoId == id);
var loginUser = LoginStatus.GetLoginUser();
// 权限验证,非超级管理员不允许删除非本单位的账户
if (!LoginStatus.IsSuperAdminLogin() && person.DepartmentId != loginUser.DepartmentId)
{
return(ApiReturns.Forbidden());
}
person.IsDeleted = true;
user.IsDeleted = true;
var success = _personBll.ExecuteTranscation(() => _personBll.Update(person) && _systemUserBll.Update(user));
return(success ? ApiReturns.NoContent() : ApiReturns.BadRequest());
}
public ApiReturns Delete(int id)
{
var dir = _dirBll.QuerySingle(id);
// 顶级目录删除权限控制
if (dir.ParentId == 0 && !LoginStatus.IsSuperAdminLogin())
{
return(ApiReturns.Forbidden());
}
dir.IsDeleted = true;
var success = UpdateDir(dir, Operation.Delete);
if (success)
{
return(ApiReturns.NoContent());
}
return(ApiReturns.Failed());
}
public ApiReturns Post(FileDirectory model)
{
// 只有超级管理员才能添加顶级目录
if (model.ParentId == 0 && !LoginStatus.IsSuperAdminLogin())
{
return(ApiReturns.Forbidden());
}
if (DirNameExists(model))
{
return(ApiReturns.Exists());
}
model.CreateTime = DateTime.Now;
model.LastModifyTime = DateTime.Now;
model.CreatorId = LoginStatus.GetLoginUser().Id;
// 插入数据库
var success = _dirBll.ExecuteTranscation(() =>
{
var s = _dirBll.Add(model).Id > 0;
if (s)
{
var d = new DbUpdateLog(nameof(FileDirectory), model.Id, (int)Operation.Insert);
return(_logBll.Add(d).Id > 0);
}
return(false);
});
if (success)
{
return(ApiReturns.Created(model));
}
return(ApiReturns.BadRequest());
}
public ApiReturns Delete(int id)
{
var file = _departFilesBll.QuerySingle(id);
if (file == null)
{
return(ApiReturns.NotFound());
}
if (file.IsCommon && !LoginStatus.IsSuperAdminLogin())
{
return(ApiReturns.Forbidden());
}
file.IsDeleted = true;
var success = UpdateFile(file, Operation.Delete);
if (success)
{
return(ApiReturns.NoContent());
}
return(ApiReturns.Failed());
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
// 超级管理员权限控制
if (!LoginStatus.IsSuperAdminLogin())
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, ApiReturns.Forbidden());
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
//_logger.Info("executing LoginFilter");
// 对使用AllowAnonymous特性标记的Action不执行验证
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
// 从url中获取app_token
var token = string.Empty;
var query = actionContext.Request.RequestUri.Query;
if (!string.IsNullOrEmpty(query))
{
var match = Regex.Match(query, $@"\?.*?{Literals.AppTokenName}=([^&]+)&*");
token = match.Groups[1].Value;
}
if (string.IsNullOrEmpty(token))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ApiReturns.Forbidden());
}
CallContext.SetData(Literals.AppTokenName, token);
if (!LoginStatus.HasLogin(token))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
ApiReturns.TokenExpired());
}
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Any())
{
return;
}
if (actionContext.Request.Method.Method.ToUpper() == "GET")
{
return;
}
// 从url中获取app_token
var token = string.Empty;
var query = actionContext.Request.RequestUri.Query;
if (!string.IsNullOrEmpty(query))
{
var match = Regex.Match(query, $@"\?.*?{Literals.AppTokenName}=([^&]+)&*");
token = match.Groups[1].Value;
}
if (string.IsNullOrEmpty(token))
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, ApiReturns.Forbidden());
}
var repos = new Repository <SystemUser>();
var leagal = LoginHelper.IsTokenLeagal(token, userId => repos.QuerySingle(u => u.Id == userId)?.Password);
if (leagal)
{
CallContext.SetData(Literals.AppTokenName, token);
return;
}
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,
ApiReturns.TokenExpired());
}
