public ActionResult AddNavigation() { string url = Request.Params["nav"]; string handleId = Request.Params["handleId"]; try { CurrentAccountId = UserActivity.UserNameIdMapHolder.GetId(CurrentAccountNo); } catch (Exception e) { Log.Error("系统获取用户ID失败,错误信息:{0}", e.Message); } using (var session = new SessionFactory().OpenSession()) { const string sql = "SELECT id FROM `navigations` WHERE `id` IN ( SELECT `navigation_id` FROM `navigation_priviledges` WHERE (`flag` = 1 AND `owner_id` IN (SELECT `role_id` FROM `account_role_refs` WHERE `account_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) OR (`flag` = 2 AND `owner_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) AND `url` = '{1}'"; var exceptId = session.ExecuteScalar<string>(string.Format(sql, CurrentAccountNo, url.Replace("'", "''"))).TryToLong(); if (!exceptId.HasValue) { return new JsonResult { Data = new { status = 100, message = "你未被授权,不能添加该项快捷操作!", handleId }, ContentEncoding = Encoding.UTF8 }; } var item = session.Load<AccountNavigationRef>( m => m.Type.Equals(2) && m.OwnerId.Equals(CurrentAccountId) && m.NavigationId.Equals(exceptId)); if (item != null) { return new JsonResult { Data = new { status = 100, message = "你已添加该项快捷操作!", handleId }, ContentEncoding = Encoding.UTF8 }; } item = new AccountNavigationRef { Type = 2, OwnerId = CurrentAccountId, NavigationId = exceptId.GetValueOrDefault(0), CreatedAt = DateTime.Now, CreatedBy = CurrentAccountNo }; if (session.Create(item)) { return new JsonResult { Data = new { status = 200, message = "增加成功!", handleId }, ContentEncoding = Encoding.UTF8 }; } return new JsonResult { Data = new { status = 100, message = "操作失败!", handleId }, ContentEncoding = Encoding.UTF8 }; } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { if (NotCheck) return; const string missing = "___"; var accountNo = HttpContext.Current.User.Identity.Name ?? missing; //if (accountNo.Equals("root", StringComparison.CurrentCultureIgnoreCase)) //{ // // 如果是系统管理员,验证通过 // if (IsAdminPass) return; // if (!filterContext.HttpContext.IsDebuggingEnabled) // { // filterContext.Result = new RedirectResult("~/Base/Session/Forbidden"); // return; // } //} const string sql = @"SELECT `name` FROM `navigations` WHERE `id` IN ( SELECT `navigation_id` FROM `navigation_priviledges` WHERE (`flag` = 1 AND `owner_id` IN (SELECT `role_id` FROM `account_role_refs` WHERE `account_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) OR (`flag` = 2 AND `owner_id` IN ( SELECT `id` FROM `accounts` WHERE `name` = '{0}'))) AND `name` = '{1}'"; using (var session = new SessionFactory().OpenSession()) { var priviledge = session.ExecuteScalar<string>(string.Format(sql, accountNo, Name ?? missing)); if (string.IsNullOrEmpty(priviledge)) { filterContext.Result = new RedirectResult("~/Base/Session/Forbidden"); } } //// session 变量取不到,验证失败 //var userPriviledgesObj = filterContext.HttpContext.Session[Const.AccountPriviledge]; //if (userPriviledgesObj == null) //{ // filterContext.Result = new RedirectResult("~/Base/Session/Login"); // return; //} //// session 变量无值,验证失败 //var userPriviledges = userPriviledgesObj as List<string>; //if (userPriviledges == null) //{ // filterContext.Result = new RedirectResult("~/Base/Session/Login"); // return; //} //// session不包含所授,验证失败 //if (!userPriviledges.Contains(Name)) //{ // filterContext.Result = new RedirectResult("~/Base/Session/Login"); //} }
public ActionResult RemoveNavigation() { string url = Request.Params["nav"]; string handleId = Request.Params["handleId"]; try { CurrentAccountId = UserActivity.UserNameIdMapHolder.GetId(CurrentAccountNo); } catch (Exception e) { Log.Error("系统获取用户ID失败,错误信息:{0}", e.Message); } using (var session = new SessionFactory().OpenSession()) { const string sql = "SELECT id FROM `navigations` WHERE `url` = '{0}'"; var exceptId = session.ExecuteScalar<string>(string.Format(sql, url.Replace("'", "''"))).TryToLong(); if ( session.Delete<AccountNavigationRef>( m => m.Type.Equals(2) && m.OwnerId.Equals(CurrentAccountId) && m.NavigationId.Equals(exceptId))) { return JsonDataResult(new { status = 200, message = "删除成功!", handleId }); } return JsonDataResult(new { status = 100, message = "操作失败!", handleId }); } }