Exemplo n.º 1
0
        public ActionResult LoginAction(string username, string password, string returnUrl)
        {
            if (string.IsNullOrWhiteSpace(username) && string.IsNullOrWhiteSpace(password))
            {
                return(RedirectToAction("Login", "Account", new { returnUrl = returnUrl, errorMsg = "用户名、密码不能为空!" }));
            }

            returnUrl = string.IsNullOrWhiteSpace(returnUrl) ? System.Web.Security.FormsAuthentication.DefaultUrl : returnUrl;


            string msg = string.Empty;

            PetaPoco.Database       db  = new PetaPoco.Database("DatabaseConn");
            ApplicationRightService ars = new ApplicationRightService(db);

            if (ars.Login(username, password))
            {
                var user = ars.GetUserByBadge(username);

                System.Web.Security.FormsAuthentication.SetAuthCookie(user.Badge + ":" + user.UserName, true);
                return(RedirectToAction("Index", "Home"));
            }
            else
            {
                return(RedirectToAction("Login", "Account", new { returnUrl = returnUrl, errorMsg = msg, username = username }));
            }
        }
Exemplo n.º 2
0
        IMethodReturn IInterceptionBehavior.Invoke(IMethodInvocation input, GetNextInterceptionBehaviorDelegate getNext)
        {
            var mb = input.MethodBase;

            object[] attrObj = mb.GetCustomAttributes(typeof(RightAttribute), false);
            if (attrObj.Count() > 0)
            {
                string badge = "";
                for (int i = 0; i < input.Arguments.Count; i++)
                {
                    if (input.Arguments[i] != null)
                    {
                        string x = input.Arguments[i].GetType().ToString();
                        if (x == "SchoolCheckIn.CheckIn.Model.Employee")
                        {
                            var tmpEmployee = (SchoolCheckIn.CheckIn.Model.Employee)input.Arguments[i];
                            badge = tmpEmployee.Badge;

                            break;
                        }
                    }
                }

                var rightInfo = (RightAttribute)attrObj[0];

                User u = rightService.GetUserByBadge(badge);
                if (u == null)
                {
                    throw new Exception("未对登录用户分配权限用户!");
                }
                List <Role> userRole = rightService.GetRoleByUser(u);
                if (userRole == null)
                {
                    throw new Exception("未对用户分配角色权限!");
                }

                //查找当前用户的角色,判断权限
                bool havePermission = rightService.HaveRight(badge, rightInfo.ResourceName, rightInfo.OperationCode);


                if (havePermission)
                {
                    var methodReturn = getNext().Invoke(input, getNext); //可调用执行方法
                    return(methodReturn);
                }
                else
                {
                    throw new Exception("没有权限!");
                }
            }
            else
            {
                var methodReturn = getNext().Invoke(input, getNext); //调用执行方法
                return(methodReturn);
            }
        }
Exemplo n.º 3
0
        public JsonResult AddUserInRole(int roleId, string badge, string name, string department)
        {
            string msg   = string.Empty;
            bool   state = true;

            try
            {
                Right.Entity.Role r = ars.GetRole(roleId);
                Right.Entity.User u = ars.GetUserByBadge(badge);

                if (u == null)
                {
                    u            = new Right.Entity.User();
                    u.Badge      = badge;
                    u.UserName   = name;
                    u.Department = department;
                    ars.SaveUser(u);

                    ars.AddRoleToUser(r, u);
                }
                else
                {
                    var roles = ars.GetRoleByUser(u);
                    if (roles.Where(a => a.RoleId == r.RoleId).Count() > 0)
                    {
                        throw new Exception("本角色已包含用户" + u.UserName + "!");
                    }

                    ars.AddRoleToUser(r, u);
                }
            }

            catch (Exception e)
            {
                state = false;
                msg   = e.Message;
            }
            return(new JsonResult {
                Data = new { State = state, Msg = msg }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
            });
        }