Пример #1
0
        void context_AcquireRequestState(object sender, EventArgs e)
        {
            // 获取应用程序
            HttpApplication application = (HttpApplication)sender;

            CurrentPath = application.Request.FilePath == null ? "" : application.Request.FilePath.ToLower();

            #region 判断文件是否检查
            string        pageExtraName           = System.IO.Path.GetExtension(CurrentPath);
            List <string> pageExtraNameFilterList = new List <string>()
            {
                ".aspx",
                ".ashx",
                ".cn",
                ".com",
                ".net"
            };


            //只处理aspx、ashx页面
            if (!pageExtraNameFilterList.Contains(pageExtraName))
            {
                ToLog("后缀不检查:" + CurrentPath);
                return;
            }

            //前端页面排除掉
            if (CurrentPath.IndexOf("/wap/") > -1 || CurrentPath.IndexOf("/m/") > -1 || CurrentPath.IndexOf("/customize/") > -1 ||
                CurrentPath.IndexOf("/wxcallback.aspx") > -1 || CurrentPath.IndexOf("/ueditorcontroller.ashx") > -1)
            {
                ToLog("前端页面排除掉:" + CurrentPath);
                return;
            }

            #endregion

            #region 过滤页排除

            //不过滤列表
            List <string> noFilterList = new List <string>()
            {
                //"/serv/api/admin/"
            };
            //不过滤列表中特殊的链接
            List <string> filterList = new List <string>()
            {
                //"/serv/api/admin/user/islogin.ashx",
                //"/serv/api/admin/mall/statistics/chart.ashx",
                //"/serv/api/admin/mall/statistics/list.ashx",
                //"/serv/api/admin/dashboard/get.ashx",
                //"/serv/api/admin/log/selectactionlist.ashx",
                //"/serv/api/admin/log/list.ashx",
                //"/serv/api/admin/account/selectlist.ashx"
            };

            //获取过滤页面表数据
            if (!noFilterList.Exists(p => CurrentPath.StartsWith(p)) || filterList.Exists(p => CurrentPath.StartsWith(p)))
            {
                //List<BLLPermission.Model.ModuleFilterInfo> pathList = bllPer.GetList<BLLPermission.Model.ModuleFilterInfo>(string.Format("FilterType !='WXOAuth'"));
                List <BLLPermission.Model.ModuleFilterInfo> pathList = bllRedis.GetModuleFilterInfoList().Where(p => p.FilterType != "WXOAuth").ToList();
                if (pathList.Where(p =>
                                   (CurrentPath.Equals(p.PagePath, StringComparison.OrdinalIgnoreCase) && p.MatchType.Equals("all")) ||
                                   (CurrentPath.StartsWith(p.PagePath, StringComparison.OrdinalIgnoreCase) && p.MatchType.Equals("start")) ||
                                   (CurrentPath.EndsWith(p.PagePath, StringComparison.OrdinalIgnoreCase) && p.MatchType.Equals("end")) ||
                                   (CurrentPath.ToLower().Contains(p.PagePath.ToLower()) && p.MatchType.Equals("contains"))
                                   ).Count() > 0)
                {
                    ToLog("过滤页面:" + CurrentPath);
                    return;//匹配
                }
            }
            #endregion

            #region 检查是否登录
            //检查是否登录
            if (application.Session == null || application.Session[Common.SessionKey.LoginStatu] == null || application.Session[Common.SessionKey.UserID] == null)
            {
                this.GotoLoginPage(application, pageExtraName);
                return;
            }
            if (!application.Session[Common.SessionKey.LoginStatu].ToString().Equals("1"))
            {
                //未登录
                this.GotoLoginPage(application, pageExtraName);
                return;
            }
            userID          = application.Session[Common.SessionKey.UserID].ToString();//获取登录ID
            CurrentUserInfo = bllUser.GetUserInfo(userID, bllUser.WebsiteOwner);
            //判断用户是否已被禁用
            if (CurrentUserInfo.IsDisable == 1)
            {
                GotoIsDisable(application, pageExtraName);
                return;
            }
            if (CurrentUserInfo.UserType == 1)
            {
                ToLog("超级管理员排除:" + CurrentPath);
                return;
            }
            #endregion

            #region 站点验证,判断用户是否属于当前站点,系统超级管理员除外
            if (HttpContext.Current.Session["WebsiteInfoModel"] != null && this.CurrentUserInfo.UserType != 1)
            {
                BLLJIMP.Model.WebsiteInfo webSiteModel = (BLLJIMP.Model.WebsiteInfo)HttpContext.Current.Session["WebsiteInfoModel"];

                if (webSiteModel.WebsiteExpirationDate.HasValue && webSiteModel.WebsiteExpirationDate.Value.AddDays(1).AddSeconds(-1) < DateTime.Now)
                {
                    this.GotoIsExpirePage(application, pageExtraName);
                    return;
                }

                if (this.CurrentUserInfo.WebsiteOwner == null)
                {
                    this.CurrentUserInfo.WebsiteOwner = "";
                }

                if (!webSiteModel.WebsiteOwner.Equals(this.CurrentUserInfo.WebsiteOwner, StringComparison.OrdinalIgnoreCase))
                {
                    //ToLog(string.Format("不属于当前用户,网站所有者{0}当前用户{1}路径:{2}", webSiteModel.WebsiteOwner,userModel.WebsiteOwner,currAbsolutePath));
                    this.GotoNoPmsPage(application, pageExtraName);
                    return;
                }
            }
            #endregion

            #region 页面权限验证

            if (string.IsNullOrWhiteSpace(userID))
            {
                this.GotoNoPmsPage(application, pageExtraName);
                return;
            }
            BLLPermission.BLLMenuPermission bllMenuPer = new BLLPermission.BLLMenuPermission(userID);
            //if (bllPms.IsActionPermissionV2(bllMenuPer.WebsiteOwner))
            //{
            string nAction = GetAction(application);    //参数名不分大小写
            //检查用户是否有该页面权限V2
            if (CurrentUserInfo.PermissionGroupID.HasValue)
            {
                ZentCloud.BLLPermission.Model.PermissionGroupInfo perGroupInfo = bllPms.Get <ZentCloud.BLLPermission.Model.PermissionGroupInfo>(string.Format(" GroupID={0}", CurrentUserInfo.PermissionGroupID));
                if (perGroupInfo != null && perGroupInfo.GroupType == 3)   //管理员权限跟站点所有者一致
                {
                    userID = bllMenuPer.WebsiteOwner;
                }
            }
            if (!bllMenuPer.NewCheckUserAndPath(userID, bllMenuPer.WebsiteOwner, CurrentPath, nAction))
            {
                this.GotoNoPmsPage(application, pageExtraName);
                return;
            }
            ToLog("权限检查通过: userID:" + userID + ",WebsiteOwner:" + bllMenuPer.WebsiteOwner + "," + CurrentPath);
            //}
            //else
            //{
            //    //检查用户是否有该页面权限
            //    if (!bllMenuPer.CheckUserAndPath(userID, CurrentPath))
            //    {
            //        this.GotoNoPmsPage(application, pageExtraName);
            //        return;
            //    }
            //}
            #endregion
        }
Пример #2
0
        protected void Page_Load(object sender, EventArgs e)
        {
            /// <summary>
            /// 菜单BLL
            /// </summary>
            BLLMenuPermission bllMenu = new BLLMenuPermission("");

            /// <summary>
            /// 权限BLL
            /// </summary>
            BLLPermission.BLLPermission bllPms = new BLLPermission.BLLPermission();
            /// <summary>
            /// 站点BLL
            /// </summary>
            BLLWebSite bllWebSite = new BLLWebSite();

            UserInfo currUser = DataLoadTool.GetCurrUserModel();

            if (currUser == null)
            {
                this.Response.Redirect(ConfigHelper.GetConfigString("logoutUrl"));
                return;
            }

            websiteInfo = bllWebSite.GetWebsiteInfoModelFromDataBase();

            curUserID    = currUser.UserID;
            websiteOwner = bllWebSite.WebsiteOwner;
            if (bllPms.IsActionPermissionV2(websiteOwner))
            {
                if (currUser.PermissionGroupID.HasValue)
                {
                    ZentCloud.BLLPermission.Model.PermissionGroupInfo perGroupInfo = bllPms.Get <ZentCloud.BLLPermission.Model.PermissionGroupInfo>(string.Format(" GroupID={0}", currUser.PermissionGroupID));
                    if (perGroupInfo != null && perGroupInfo.GroupType == 3)//管理员权限跟站点所有者一致
                    {
                        menuString = bllMenu.GetNewUserMenuTreeHtmlV2(websiteOwner, websiteOwner);
                    }
                    else
                    {
                        menuString = bllMenu.GetNewUserMenuTreeHtmlV2(curUserID, websiteOwner);
                    }
                }
                else
                {
                    menuString = bllMenu.GetNewUserMenuTreeHtmlV2(curUserID, websiteOwner);
                }
            }
            else
            {
                menuString = bllMenu.GetNewUserMenuTreeHtml(curUserID, websiteOwner);
            }
            WebsiteVersion = bllWebSite.GetWebsiteVersion(websiteOwner);

            WebsiteLogo = websiteInfo != null ? websiteInfo.WebsiteLogo : "";
            if (string.IsNullOrEmpty(websiteInfo.WebsiteLogo))
            {
                WebsiteLogo = ConfigHelper.GetConfigString("WebsiteLogo");
            }
            ExpirationDate = websiteInfo.WebsiteExpirationDate.HasValue ? websiteInfo.WebsiteExpirationDate.Value.ToString("yyyy-MM-dd") : "";
            //IsValid = websiteInfo.WebsiteExpirationDate.HasValue && websiteInfo.WebsiteExpirationDate.Value.AddDays(1) < DateTime.Now ? false : true;
            WebsiteName = websiteInfo.WebsiteName;
            LogoutHref  = ConfigHelper.GetConfigString("logoutUrl") + "?op=logout";
        }