/// <summary>
/// 在执行操作方法之前由 ASP.NET MVC 框架调用。
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
bool islogin = false;
#region 登录验证
UserInfo user = BaseHelper.getCookie();
if (user != null && user.userID.Trim() != "")
{
islogin = true;
}
if (!islogin)
{
filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" }));
return;
}
#endregion
fcinfo = new filterContextInfo(filterContext);
string[] actions = fcinfo.actionName.Split('_');
string controller = fcinfo.controllerName;
#region action或controller为空
if (fcinfo.actionName.Trim() == "" || controller.Trim() == "")
{
filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" }));
return;
}
#endregion
//取权限
string strSql = "select c.power "
+ "from UserInfo a, PowerGroup b, PowerGroupPower c, SystemModule d "
+ "where a.powergroupID=b.ID and b.ID=c.groupID and c.moduleID=d.ID and d.controller=@controller and d.action=@action and a.id=@id";
SqlParameter[] param = new SqlParameter[]
{
new SqlParameter("@controller", controller),
new SqlParameter("@action", actions[0]),
new SqlParameter("@id", user.id)
};
DataTable dt = SqlHelper.ExecuteDataset(BaseHelper.DBConnStr, CommandType.Text, strSql, param).Tables[0];
//没有设置权限或禁止
if (dt.Rows.Count == 0 || dt.Rows[0]["power"].ToString() == "0")
{
filterContext.Result = new ContentResult {
Content = @"抱歉,你不具有当前操作的权限!"
};
return;
}
//只读
int power = Convert.ToInt32(dt.Rows[0]["power"]);
if (actions.Length > 1 &&
(actions[1].IndexOf("add") != -1 || actions[1].IndexOf("edit") != -1 || actions[1].IndexOf("remove") != -1 || actions[1].IndexOf("output") != -1) &&
power < 2)
{
filterContext.Result = new ContentResult {
Content = @"抱歉,你不具有当前操作的权限!"
};
return;
}
}
/// <summary>
/// 在执行操作方法之前由 ASP.NET MVC 框架调用。
/// </summary>
/// <param name="filterContext"></param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
bool islogin = false;
#region 登录验证
UserInfo user = BaseHelper.getCookie();
if (user != null && user.userID.Trim() != "")
islogin = true;
if (!islogin)
{
filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" }));
return;
}
#endregion
fcinfo = new filterContextInfo(filterContext);
string[] actions = fcinfo.actionName.Split('_');
string controller = fcinfo.controllerName;
#region action或controller为空
if (fcinfo.actionName.Trim() == "" || controller.Trim() == "")
{
filterContext.Result = filterContext.Result = new RedirectToRouteResult(new System.Web.Routing.RouteValueDictionary(new { Controller = "Home", action = "Login" }));
return;
}
#endregion
//取权限
string strSql = "select c.power "
+ "from UserInfo a, PowerGroup b, PowerGroupPower c, SystemModule d "
+ "where a.powergroupID=b.ID and b.ID=c.groupID and c.moduleID=d.ID and d.controller=@controller and d.action=@action and a.id=@id";
SqlParameter[] param = new SqlParameter[]
{
new SqlParameter("@controller", controller),
new SqlParameter("@action", actions[0]),
new SqlParameter("@id", user.id)
};
DataTable dt = SqlHelper.ExecuteDataset(BaseHelper.DBConnStr, CommandType.Text, strSql, param).Tables[0];
//没有设置权限或禁止
if (dt.Rows.Count == 0 || dt.Rows[0]["power"].ToString() == "0")
{
filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" };
return;
}
//只读
int power = Convert.ToInt32(dt.Rows[0]["power"]);
if (actions.Length > 1 &&
(actions[1].IndexOf("add") != -1 || actions[1].IndexOf("edit") != -1 || actions[1].IndexOf("remove") != -1 || actions[1].IndexOf("output") != -1) &&
power < 2)
{
filterContext.Result = new ContentResult { Content = @"抱歉,你不具有当前操作的权限!" };
return;
}
}