private void DoAuthorization(AuthorizationContext filterContext) { var httpContext = filterContext.HttpContext; int targetId = int.Parse(httpContext.Request["id"]); string action_filtered = "delete"; string errorUnAuthorizedDataAccess = "没有授权操作该门店和品牌!"; //authorize string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string actionName = filterContext.ActionDescriptor.ActionName; UserController currentController = filterContext.Controller as UserController; if (string.Compare(actionName, action_filtered, true) != 0) { return; } var currentUser = currentController.CurrentUser; if (currentUser == null) { httpContext.Response.StatusCode = 401; return; } IUserAuthRepository authRepo = ServiceLocator.Current.Resolve <IUserAuthRepository>(); if (currentUser.Role == UserRole.Admin) { return; } if (currentController is ProductController) { var entity = ServiceLocator.Current.Resolve <IProductRepository>().Find(targetId); if (entity == null) { return; } if (!authRepo.Get(a => a.UserId == currentUser.CustomerId) .Any(a => a.StoreId == entity.Store_Id && (a.BrandId == 0 || a.BrandId == entity.Brand_Id))) { httpContext.Response.StatusCode = 401; httpContext.Response.StatusDescription = errorUnAuthorizedDataAccess; return; } } else if (currentController is PromotionController) { var entity = ServiceLocator.Current.Resolve <IPromotionRepository>().Find(targetId); if (entity == null) { return; } if (!authRepo.Get(a => a.UserId == currentUser.CustomerId) .Any(a => a.StoreId == entity.Store_Id)) { httpContext.Response.StatusCode = 401; httpContext.Response.StatusDescription = errorUnAuthorizedDataAccess; return; } } }
public ActionResult List(PagerRequest request, UserAuthSearchOption search) { int totalCount; var data = _authRepo.Get(e => (!search.Type.HasValue || e.Type == search.Type.Value) && (!search.BrandId.HasValue || e.BrandId == search.BrandId.Value) && (!search.StoreId.HasValue || e.StoreId == search.StoreId.Value) && (!search.UserId.HasValue || e.UserId == search.UserId.Value) && e.Status != (int)DataStatus.Deleted , out totalCount , request.PageIndex , request.PageSize , e => { if (!search.OrderBy.HasValue) { return(e.OrderByDescending(o => o.CreatedDate)); } else { switch (search.OrderBy.Value) { case GenericOrder.OrderByCreateUser: return(e.OrderByDescending(o => o.CreatedUser)); case GenericOrder.OrderByName: case GenericOrder.OrderByCreateDate: default: return(e.OrderByDescending(o => o.CreatedDate)); } } }); var models = data.Join(_customerRepo.GetAll(), o => o.UserId, i => i.Id, (o, i) => new { UA = o, U = i }) .GroupJoin(_storeRepo.GetAll(), o => o.UA.StoreId, i => i.Id, (o, i) => new { UA = o.UA, U = o.U, S = i.FirstOrDefault() }) .GroupJoin(_brandRep.GetAll(), o => o.UA.BrandId, i => i.Id, (o, i) => new { UA = o.UA, U = o.U, S = o.S, B = i.FirstOrDefault() }) .ToList() .Select(o => new UserAuthViewModel() { Id = o.UA.Id , BrandId = o.UA.BrandId , StoreId = o.UA.StoreId , Type = o.UA.Type , BrandName = o.B == null?"所有":o.B.Name , UserId = o.UA.UserId , UserNick = o.U.Nickname , StoreName = o.S == null ? "所有" : o.S.Name , Status = o.UA.Status.Value }); return(View("List", new Pager <UserAuthViewModel>(request, totalCount) { Data = models.ToList() })); }
public IEnumerable <ValidationResult> Validate(ValidationContext validationContext) { string errorUnAuthorizedDataAccess = "没有授权操作该门店促销!"; var currentUser = ServiceLocator.Current.Resolve <IAuthenticationService>().CurrentUserFromHttpContext(HttpContext.Current); if (currentUser == null) { yield return(new ValidationResult(errorUnAuthorizedDataAccess)); } IUserAuthRepository authRepo = ServiceLocator.Current.Resolve <IUserAuthRepository>(); if (currentUser.Role == (int)UserRole.Admin) { yield break; } if (!authRepo.Get(a => a.UserId == currentUser.CustomerId) .Any(a => a.StoreId == 0 || a.StoreId == this.Store_Id)) { yield return(new ValidationResult(errorUnAuthorizedDataAccess)); } }
public User GetUserById(int id) { return(userAuthRepository.Get(id)); }