Exemplo n.º 1
0
        public IActionResult Login()
        {
            // 已登录时跳转到后台首页
            var sessionManager = Application.Ioc.Resolve <SessionManager>();
            var user           = sessionManager.GetSession().GetUser();

            if (user != null && user.GetUserType() is ICanUseAdminPanel)
            {
                return(new RedirectResult(BaseFilters.Url("/admin")));
            }
            // 否则显示登陆表单
            var form = new AdminLoginForm();

            if (Request.Method == HttpMethods.POST)
            {
                return(new JsonResult(form.Submit()));
            }
            else
            {
                form.Bind();
                var adminManager = Application.Ioc.Resolve <AdminManager>();
                var warning      = adminManager.GetLoginWarning();
                return(new TemplateResult("common.admin/admin_login.html", new { form, warning }));
            }
        }
Exemplo n.º 2
0
        public IActionResult Logout()
        {
            var userManager = Application.Ioc.Resolve <UserManager>();

            userManager.Logout();
            return(new RedirectResult(BaseFilters.Url("/admin/login")));
        }
Exemplo n.º 3
0
        /// <summary>
        /// 获取登录后应该跳转到的url
        /// </summary>
        /// <returns></returns>
        public virtual string GetUrlRedirectAfterLogin()
        {
            var request = HttpManager.CurrentContext.Request;
            var referer = request.GetReferer();

            // 来源于同一站点时,跳转到来源页面
            if (referer != null && referer.Authority == request.Host &&
                !referer.AbsolutePath.Contains("/logout") &&
                !referer.AbsolutePath.Contains("/login"))
            {
                return(referer.PathAndQuery);
            }
            // 默认跳转到首页
            return(BaseFilters.Url("/"));
        }
Exemplo n.º 4
0
        /// <summary>
        /// 检查当前的用户类型是否继承了指定的类型,且是否拥有指定的权限
        /// 如果用户类型不匹配且当前请求是get则跳转到登陆页面,否则抛出403错误
        /// </summary>
        /// <param name="userType">用户类型,例如typeof(IAmAdmin)</param>
        /// <param name="privileges">要求的权限列表</param>
        public virtual void Check(Type userType, params string[] privileges)
        {
            var sessionManager  = Application.Ioc.Resolve <SessionManager>();
            var user            = sessionManager.GetSession().GetUser();
            var userTypeMatched = HasUserType(user, userType);
            var context         = HttpManager.CurrentContext;

            if (context.Request.Method == HttpMethods.GET && (user == null || !userTypeMatched))
            {
                // 要求管理员时跳转到后台登陆页面,否则跳转到前台登陆页面
                if (typeof(ICanUseAdminPanel).GetTypeInfo().IsAssignableFrom(userType))
                {
                    context.Response.RedirectByScript(BaseFilters.Url("/admin/login"));
                }
                else
                {
                    context.Response.RedirectByScript(BaseFilters.Url("/user/login"));
                }
            }
            else if (userTypeMatched && HasPrivileges(user, privileges))
            {
                // 检查通过
            }
            else if (privileges != null && privileges.Length > 0)
            {
                // 无权限403
                var translator = Application.Ioc.Resolve <IPrivilegeTranslator>();
                throw new ForbiddenException(
                          new T("Action require {0}, and {1} privileges",
                                new T(userType.Name),
                                string.Join(",", privileges.Select(p => translator.Translate(p)))));
            }
            else
            {
                // 用户类型不符合,或未登录
                throw new ForbiddenException(
                          new T("Action require {0}", new T(userType.Name)));
            }
        }
Exemplo n.º 5
0
        public IActionResult Login()
        {
            // 已登录时跳转到用户中心
            var sessionManager = Application.Ioc.Resolve <SessionManager>();
            var user           = sessionManager.GetSession().GetUser();

            if (user != null)
            {
                return(new RedirectResult(BaseFilters.Url("/home")));
            }
            // 否则显示登陆表单
            var form = new UserLoginForm();

            if (HttpManager.CurrentContext.Request.Method == HttpMethods.POST)
            {
                return(new JsonResult(form.Submit()));
            }
            else
            {
                form.Bind();
                return(new TemplateResult("common.admin/user_login.html", new { form }));
            }
        }
Exemplo n.º 6
0
        public IActionResult Reg()
        {
            // 已登录时跳转到用户中心,除非正在编辑页面
            var sessionManager = Application.Ioc.Resolve <SessionManager>();
            var user           = sessionManager.GetSession().GetUser();

            if (user != null && !Context.GetIsEditingPage())
            {
                return(new RedirectResult(BaseFilters.Url("/home")));
            }
            // 否则显示注册表单
            var form = new UserRegForm();

            if (Request.Method == HttpMethods.POST)
            {
                return(new JsonResult(form.Submit()));
            }
            else
            {
                form.Bind();
                return(new TemplateResult("common.admin/user_reg.html", new { form }));
            }
        }
Exemplo n.º 7
0
        /// <summary>
        /// 检查当前登录用户是否指定的用户类型,且是否拥有指定的权限
        /// 如果用户类型不匹配且当前请求是get则跳转到登陆页面,否则抛出403错误
        /// </summary>
        /// <param name="types">指定的用户类型列表</param>
        /// <param name="privileges">要求的权限列表</param>
        public virtual void Check(UserTypes[] types, params string[] privileges)
        {
            var sessionManager = Application.Ioc.Resolve <SessionManager>();
            var user           = sessionManager.GetSession().GetUser();
            var context        = HttpManager.CurrentContext;

            if (context != null && context.Request.Method == HttpMethods.GET &&
                (user == null || !types.Contains(user.Type)))
            {
                // 包含普通用户时跳转到前台登陆页面,否则跳转到后台登陆页面
                context.Response.RedirectByScript(BaseFilters.Url(
                                                      types.Contains(UserTypes.User) ? "/user/login" : "/admin/login"));
                return;
            }
            else if (types.Contains(user.Type) && HasPrivileges(user, privileges))
            {
                // 检查通过
                return;
            }
            else if (privileges != null && privileges.Length > 0)
            {
                // 无权限403
                var translator = Application.Ioc.Resolve <PrivilegesTranslator>();
                throw new ForbiddenException(string.Format(
                                                 new T("Action require {0}, and {1} privileges"),
                                                 string.Join(",", types.Select(t => new T(t.GetDescription()))),
                                                 string.Join(",", privileges.Select(p => translator.Translate(p)))));
            }
            else
            {
                // 用户类型不符合,或未登录403
                throw new ForbiddenException(string.Format(
                                                 new T("Action require {0}"),
                                                 string.Join(",", types.Select(t => new T(t.GetDescription())))));
            }
        }