/// <summary>
/// 权限验证
/// </summary>
/// <param name="action"></param>
private void Authorize(string action)
{
if (this.JsonProcessor.ContainsKey(action) ||
this.ImageProcessor.ContainsKey(action) ||
this.FileDownloadProcessor.ContainsKey(action)
)
{
System.Reflection.MethodInfo methodInfo = this.JsonProcessor.ContainsKey(action)
? this.JsonProcessor[action].Method
: this.ImageProcessor.ContainsKey(action)
? this.ImageProcessor[action].Method
: this.FileDownloadProcessor[action].Method;
var attr = methodInfo.GetCustomAttributes(false).OfType <AuthorizeAttribute>().FirstOrDefault();
if (attr != null)
{
if (SccService.Authorized() &&
SccService.IsInRole(attr.Role, this.FunctionCode))
{
//通过权限检查
}
else
{
this.ReturnJson(JsonConvert.SerializeObject(new AjaxResult
{
Message = Commons.Language.GetText("UnAuthorized",
"CN:你无权访问!~EN:UnAuthorized",
SccService.CurrentLanguageType),
IsSuccess = false
}));
}
}
}
}
/// <summary>
/// 验证Processor相应的Action的权限
/// </summary>
/// <param name="action"></param>
private void Authorize(string action)
{
var attr = this.Processor[action].Method
.GetCustomAttributes(false)
.OfType <AuthorizeAttribute>()
.FirstOrDefault();
if (attr != null)
{
if (!SccService.IsInRole(attr.Role, this.FunctionCode))
{
//没有通过权限检查则跳转
throw new System.Web.HttpException(403, "没有权限,访问禁止");
}
}
}
/// <summary>
/// 从配置文件中载入基本数据和初始化基本参数,并检验是否有权限访问
/// </summary>
/// <param name="functionID">web config 中功能Key</param>
/// <param name="pageID"></param>
/// <param name="functionName"></param>
private void LoadBaseData()
{
//当前系统中的识别号
this.SysID = ConfigurationManager.AppSettings["SysID"];
this.SysCode = ConfigurationManager.AppSettings["SysCode"];
if (String.IsNullOrEmpty(SysCode))
{
this.SysCode = SysID;
}
//菜单编号(在SBA数据库中生成的ID)
this.LoadFunctionId();
this.PageID = this.GetType().BaseType.Name;
this.Debug = Tools.DataTypeConvertHelper.ToBoolean(ConfigurationManager.AppSettings["Debug"]);
this.FunctionName = Commons.Language.GetText(this.FunctionID + ".Name", this.FunctionID);
this.LanguageSourceType = Tools.ConfigHelper.GetConfigString("LanguageSourceType").ToUpper();
//获取加密参数
this.EncryptionParas = new Dictionary <string, string>();
String paras = Tools.DataTypeConvertHelper.ToString(Request["paras"]);
if (!String.IsNullOrEmpty(paras))
{
paras = Tools.DESEncrypt.Decrypt(paras);
this.EncryptionParas = Tools.DataTypeConvertHelper.StringToDictionary(paras, '&', '=');
}
//验证是否有查看权限,查看为最基本权限
if (SccService.Authorized() &&
SccService.IsInRole(SccService.Roles.View, this.FunctionCode))
{
//通过权限检查
this.LangType = SccService.CurrentLanguageType;
this.LoginUserID = SccService.CurrentUserId;
}
else
{
// throw new System.Web.HttpException(403, "没有权限,访问禁止");
}
}
