public async Task <ActionResult> Search(string query, int page) { try { // If query is empty send empty response to the caller if (String.IsNullOrWhiteSpace(query)) { return(Ok(new MovieResponse { Page = 1, TotalPages = 0, TotalResults = 0, Results = new List <Result>() })); } var search = WebUtility.UrlEncode(query); _logger.LogDebug("Initiating MusicDB service call with search token {0} and page {1}", query, page); var moviesResponse = await this._movieDBClient .SearchMoviesAsync(search, page); // Step - 1 // Get the result list ordered alphabetically // There are some movies doesn't contain the title that matches search but // other attribites contains the search token. We need // remove those too while ordering the list. // Step - 2 // We need to create proper resouce path for the image // Result is something like /adw6Lq9FiC9zjYEpOqfq03ituwp.jpg // Actual resource path is https://image.tmdb.org/t/p/w185/adw6Lq9FiC9zjYEpOqfq03ituwp.jpg // results.SetAbsoluteFilmPosterUrlPath(this._config.MovieDBPosterUrlFormat); var sortedMovieResponse = new FluentDataHelper(moviesResponse) .SortAlphabetically(query) .SetUrlPath(this._config.MovieDBPosterUrlFormat) .Build(); return(Ok(sortedMovieResponse)); } catch (Exception ex) { _logger.LogError(ex, "Error retrieving Movies"); return(StatusCode(500, ex.Message)); } }
/// <summary> /// 根据用户Id构建Script /// </summary> /// <returns></returns> public string GetScript(long userId) { var sql = $@"SELECT MenuCode as MenuCode,AppCode as AppCode,OperationCode as OperationCode FROM MenuAppAuthorize A INNER JOIN RoleMenuAppAuthorize B ON A.Id = B.MenuAppAuthorizeId INNER JOIN UserRole C ON C.RoleId = B.RoleId WHERE C.UserId = {userId}"; using (var db = FluentDataHelper.CreateInstance()) { var list = db.Sql(sql) .QueryMany <AppMenuAuth>(); var sb = new StringBuilder(); sb.AppendLine("(function() {"); sb.AppendLine(" abp.appMenuAuth = {};"); sb.AppendLine(" abp.appMenuAuth.allAppMenuAuths = ["); foreach (var item in list) { sb.AppendLine(" {"); sb.AppendLine(" menuCode: '" + item.MenuCode + "',"); sb.AppendLine(" appCode: '" + item.AppCode + "',"); sb.AppendLine(" operationCode: '" + item.OperationCode + "',"); sb.AppendLine("},"); } sb.AppendLine(" ];"); sb.AppendLine("})();"); return(sb.ToString()); } }
/// <summary> /// 判定当前登陆账号的角色是否有该操作方法的授权 /// </summary> /// <param name="invocation"></param> public override void Authorize(IInvocation invocation) { var isAuthorized = HttpContext.Current.User.Identity.IsAuthenticated; if (!isAuthorized) { throw new UserFriendlyException("您未登陆,不能执行该操作"); } //如果是超级管理员则跳过不验证 var accountType = (AccountTypeEnum)Convert.ToInt32(ClaimTypeExtensions.GetClaimValue(ClaimTypeExtensions.AccountType)); if (accountType == AccountTypeEnum.超级管理员) { return; } //从请求头中获取当前菜单的menuCode var menuCode = HttpContext.Current.Request.Headers["menuCode"]; //如果为home则为工作台,只需登陆权限即可 if (menuCode == "home") { return; } //如果是其他的menuCode则判定当前用户的角色是否有该菜单下的调用操作方法的权限 //如果角色为空则直接不允许调用 var roles = ClaimTypeExtensions.GetClaimValue(ClaimTypes.Role);//登陆时构造好了 if (string.IsNullOrWhiteSpace(roles)) { throw new UserFriendlyException("当前用户未拥有任何角色"); } //如果service类上没打上AppAuthorizeAttribute特性则不验证直接退出 var appAuthorizeAttribute = invocation.TargetType.GetCustomAttribute (typeof(AppAuthorizeAttribute)) as AppAuthorizeAttribute; if (appAuthorizeAttribute == null) { return; } var sql = $@"select count(1) from MenuAppAuthorizeRoles where Role_Id in ({roles}) AND MenuAppAuthorize_Id in( select Id from MenuAppAuthorizes where MenuCode = '{menuCode}' and AppCode = '{appAuthorizeAttribute.Code}' and OperationCode = '{AppMethodAuthorizeAttribute.Action}')"; try { using (var db = FluentDataHelper.CreateInstance()) { var data = db.Sql(sql) .QuerySingle <int>(); if (data <= 0) { throw new UserFriendlyException ($"用户缺少{AppMethodAuthorizeAttribute.Description}权限!"); } } } catch (Exception e) { throw new UserFriendlyException (e.Message); } }