public ActionResult SetUserAction(int uId) { UserInfo userInfo = UserInfoBll.GetById(uId); ViewBag.UserInfo = userInfo; ViewBag.UserActionInfo = userInfo.UserActionInfo.ToList(); ViewData.Model = ActionInfoBll.GetList(a => a.IsDeleted == 0, a => a.ActionTitle).ToList(); return(View()); }
public ActionResult CheckExist(string aName) { string result = "no"; var temp = ActionInfoBll.GetList <int>(a => (a.IsDeleted == 0) && (a.ActionTitle == aName)).FirstOrDefault(); if (temp == null) { result = "ok"; } return(Content(result)); }
public ActionResult SetRoleAction(int rId) { ViewBag.RoleInfo = RoleInfoBll.GetById(rId); ViewData.Model = ActionInfoBll.GetList(a => a.IsDeleted == 0, a => a.ActionTitle).ToList(); return(View()); }
//首页 public ActionResult Index() { #region 查找待办事项信息并放在ViewData中 List <QuickEntryViewModel> ltEntry = new List <QuickEntryViewModel>(); ViewBag.CurrentUser = UserLogin.UserName; var aSteps = WFStepBll.GetList(s => (s.NextId == UserLogin.UserId) && s.IsEnd == 0, s => s.StepId); var aInstances = from s in aSteps select s.WFInstance; AddEntryViewToList(ltEntry, aInstances); var rInstances = WFInstanceBll.GetList(i => (i.SubBy == UserLogin.UserId) && (i.InstanceState == 1), i => i.InstanceId); AddEntryViewToList(ltEntry, rInstances); ViewData["Entry"] = ltEntry; #endregion #region 主菜单过滤 //准备目标集合 List <MenuViewModel> listMenu = new List <MenuViewModel>(); //获取所有的桌面菜单 List <ActionInfo> aList = ActionInfoBll.GetList(a => a.IsDeleted == 0 && a.IsMenu == 1, a => a.ActionTitle).ToList(); //获取当前登录的用户的对象 UserInfo userInfo = UserInfoBll.GetById(UserLogin.UserId); //遍历所有桌面菜单,逐个判断是否有权限 foreach (var actionInfo in aList) { //根据当前数据,构造一个菜单对象 MenuViewModel menu = new MenuViewModel() { ActionTitle = actionInfo.ActionTitle, ControllerName = actionInfo.ControllerName, ActionName = actionInfo.ActionName, MenuIcon = actionInfo.MenuIcon }; //查找否决中是否允许,如果允许,直接加入目标集合 if (UserActionInfoBll.GetList <int>(ua => (ua.ActionId == actionInfo.ActionId) && (ua.UserId == UserLogin.UserId) && (ua.IsAllow == 1)).Count() > 0) { listMenu.Add(menu); continue; } //如果否决没有允许,则查找角色-权限过程 var raList = from r in userInfo.RoleInfo from a in r.ActionInfo where a.ActionId == actionInfo.ActionId select a; if (raList.Count() > 0) { listMenu.Add(menu); } //排除拒绝的特殊权限 var forbidList = from ua in userInfo.UserActionInfo where ua.ActionId == actionInfo.ActionId && ua.IsAllow == 0 select ua; if (forbidList.Count() > 0) { listMenu.Remove(menu); } } #endregion return(View(listMenu)); }
//行为前过滤 protected override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); #region 验证是否有访问权限 ////留个后门,给管理方便,发布时删除 //if (UserLogin.UserName.Equals("admin123")) //{ // return; //} //获取用户以及要访问的url UserInfo userInfo = UserInfoBll.GetById(UserLogin.UserId); string controllerName = RouteData.GetRequiredString("controller"); string actionName = RouteData.GetRequiredString("action"); if (actionName == "CheckExist" || actionName == "GetSelect" || actionName == "CheckPwdRight") { //默认所有人都有验证字段名是否存在、获取下拉列表数据和判断密码是否正确的权限 return; } ActionInfo actionInfo = ActionInfoBll.GetList <int>(a => (a.ControllerName.ToLower().Equals(controllerName.ToLower())) && (a.ActionName.ToLower().Equals(actionName.ToLower())) && a.IsDeleted == 0) .FirstOrDefault(); if (actionInfo == null) { //访问url有误 filterContext.Result = new RedirectResult("/Error.html"); return; } //查询否决,看有无数据 UserActionInfo userActionInfo = UserActionInfoBll.GetList <int>(ua => (ua.UserId == userInfo.UserId) && (ua.ActionId == actionInfo.ActionId)).FirstOrDefault(); if (userActionInfo != null) { //否决表中有数据 if (userActionInfo.IsAllow == 1) { //允许 return; } else { //拒绝,跳转到无权限页面 filterContext.Result = new RedirectResult("/NoAccess.html"); } } else { //否决表中无数据,则通过用户找角色,通过角色找权限 var result = from r in userInfo.RoleInfo from a in r.ActionInfo where a.ActionId == actionInfo.ActionId select a; if (result.Count() > 0) { //有权限 return; } else { //无权限,跳转到无权限页面 filterContext.Result = new RedirectResult("/NoAccess.html"); } } #endregion }