Пример #1
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var requestInfo = _userService.RequestInfo;

            if (!requestInfo.IsOperator || AttributeHelper.Has <IgnorePermissionAttribute>(filterContext))
            {
                base.OnActionExecuting(filterContext);
                return;
            }

            var baseUrl = filterContext.GetBaseUrl().Url.ToLower();

            var urlHelper = new UrlHelper(filterContext.RequestContext);

            //Get all url that limited as permission.
            var allMenus = OptPermission.LayoutMenu(urlHelper);

            //Detect if request url was limited by permission or not.
            var menu   = allMenus.FirstNested(x => x.HasUrl(baseUrl));
            var passed = true;

            if (menu != null)
            {
                //Get operator permission.
                var menuPermissions = GetOperatorPermission(requestInfo.UserId);

                //Find Menu with same key.
                var letMe = menuPermissions.FirstOrDefault(x => x.MenuId == menu.Key);

                if (letMe == null)
                {
                    passed = false;
                }
                else
                {
                    if (menu.EditUrl.Eq(baseUrl) && (menu.EditUrl.Eq(menu.AddUrl) || IsUpdate(filterContext)) && !letMe.Edit ||
                        menu.AddUrl.Eq(baseUrl) && !letMe.Add ||
                        menu.DeleteUrl.Eq(baseUrl) && !letMe.Delete)
                    {
                        passed = false;
                    }
                }
            }

            //Check operator has permission.
            if (passed)
            {
                base.OnActionExecuting(filterContext);
            }
            else
            {
                if (filterContext.HttpContext.Request.IsAjaxRequest())
                {
                    filterContext.Result = new JsonResult
                    {
                        Data = new AjaxResult("شما دسترسی لازم جهت انجام این عملیات را ندارید."),
                        JsonRequestBehavior = JsonRequestBehavior.AllowGet
                    }
                }
                ;
                else
                {
                    filterContext.RouteData.Values["controller"] = "Home";
                    filterContext.RouteData.Values["action"]     = "Index";
                    filterContext.Controller.TempData["Msg"]     = "شما دسترسی لازم جهت انجام این عملیات را ندارید";
                    filterContext.Controller.ViewData.Model      = new DashboardViewModel();
                }
            }
        }