示例#1
0
        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            //不能应用在子方法上
            if (filterContext.IsChildAction)
            {
                return;
            }

            //当用户ip不在允许的后台访问ip列表时
            if (!string.IsNullOrEmpty(WorkContext.ShopConfig.AdminAllowAccessIP) && !ValidateHelper.InIPList(WorkContext.IP, WorkContext.ShopConfig.AdminAllowAccessIP))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //当用户IP被禁止时
            if (BannedIPs.CheckIP(WorkContext.IP))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //当用户等级是禁止访问等级时
            if (WorkContext.UserRid == 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //如果当前用户没有登录
            if (WorkContext.Uid < 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //如果当前用户不是管理员
            if (WorkContext.AdminGid == 1)
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("404", "您访问的网址不存在");
                }
                else
                {
                    filterContext.Result = new RedirectResult("/");
                }
                return;
            }

            //判断当前用户是否有访问当前页面的权限
            if (WorkContext.Controller != "home" && !AdminGroups.CheckAuthority(WorkContext.AdminGid, WorkContext.Controller, WorkContext.PageKey))
            {
                if (WorkContext.IsHttpAjax)
                {
                    filterContext.Result = AjaxResult("nopermit", "您没有当前操作的权限");
                }
                else
                {
                    filterContext.Result = PromptView("您没有当前操作的权限!");
                }
                return;
            }
        }