示例#1
0
        /// <summary>
        /// 在调用操作方法前调用。
        /// </summary>
        /// <param name="filterContext">有关当前请求和操作的信息。</param>
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);
            WebController controller = filterContext.Controller as WebController;

            string tokenStr = WebHelper.GetStringParam("token");

            if (string.IsNullOrEmpty(tokenStr))
            {
                filterContext.Result = new ExtJsonResult()
                {
                    Data                = new { code = (int)SysEnum.参数错误, msg = "token不能为空,请重新登录" },
                    ContentEncoding     = controller.Request.ContentEncoding,
                    ContentType         = "application/json",
                    JSONPCallBack       = controller.CallBack,
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
                return;
            }
            int    userid;
            string userip;

            try
            {
                string[] arr = Common.EncryptHelper.Decrypt(tokenStr).Split('|');
                userid = int.Parse(arr[0]);
                userip = arr[1];
            }
            catch (Exception)
            {
                filterContext.Result = new ExtJsonResult()
                {
                    Data                = new { code = (int)SysEnum.参数错误, msg = "token错误,请重新登录" },
                    ContentEncoding     = controller.Request.ContentEncoding,
                    ContentType         = "application/json",
                    JSONPCallBack       = controller.CallBack,
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
                return;
            }
            if (!userip.Equals(filterContext.HttpContext.Request.UserHostAddress))
            {
                filterContext.Result = new ExtJsonResult()
                {
                    Data                = new { code = (int)SysEnum.IP不匹配, msg = "IP地址发生变化,请重新登录" },
                    ContentEncoding     = controller.Request.ContentEncoding,
                    ContentType         = "application/json",
                    JSONPCallBack       = controller.CallBack,
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
                return;
            }
            var strUser = CacheHelper.GetCache(userid.ToString()) as administrator;

            if (strUser == null)
            {
                filterContext.Result = new ExtJsonResult()
                {
                    Data                = new { code = (int)SysEnum.登录超时, msg = "登录超时,请重新登录 01" },
                    ContentEncoding     = controller.Request.ContentEncoding,
                    ContentType         = "application/json",
                    JSONPCallBack       = controller.CallBack,
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
                return;
            }

            administrator admin = strUser;

            if (admin == null)
            {
                filterContext.Result = new ExtJsonResult()
                {
                    Data                = new { code = (int)SysEnum.登录超时, msg = "登录超时,请重新登录 02" },
                    ContentEncoding     = controller.Request.ContentEncoding,
                    ContentType         = "application/json",
                    JSONPCallBack       = controller.CallBack,
                    JsonRequestBehavior = JsonRequestBehavior.AllowGet
                };
                return;
            }

            //滑动窗口机制
            CacheHelper.SetCache(userid.ToString(), admin, DateTime.Now.AddMinutes(20));

            //校验权限
            //把当前请求对应的权限拿到
            if (admin.login_account == "admin")
            {
                return;
            }
            //拿到当前的url和访问方式
            string url        = filterContext.HttpContext.Request.Url.AbsolutePath.ToLower();
            string httpMethod = filterContext.HttpContext.Request.HttpMethod.ToLower();

            ////通过Spring.Net容器创建对象
            IApplicationContext ctx = ContextRegistry.GetContext();

            IactionService actionService = ctx.GetObject("actionService") as IactionService;

            IadministratorService administratorService = ctx.GetObject("administratorService") as IadministratorService;

            if (!url.Contains("home"))
            {
                //拿到当前请求对应的权限数据
                var actionInfo = actionService.LoadEntities(a => a.url.ToLower() == url && httpMethod == a.http_method.ToLower()).FirstOrDefault();
                if (actionInfo == null)
                {
                    filterContext.Result = new ExtJsonResult()
                    {
                        Data                = new { code = (int)SysEnum.权限不足, msg = "权限不足" },
                        ContentEncoding     = controller.Request.ContentEncoding,
                        ContentType         = "application/json",
                        JSONPCallBack       = controller.CallBack,
                        JsonRequestBehavior = JsonRequestBehavior.AllowGet
                    };
                    return;
                }

                //拿到当前管理员的所有权限id
                //1,获取角色信息
                var roleList = admin.role.ToList();
                // 2.获取所有角色对应的权限信息
                var adminactionidList = CacheHelper.GetCache($"adminactionidList{admin.id}") as List <int>;
                //将管理员权限缓存起来,当修改权限的时候,记得更新
                if (adminactionidList == null || adminactionidList.Count == 0)
                {
                    var actionidList = new List <int>();
                    foreach (var item in roleList)
                    {
                        var acid = item.action.ToList().Select(n => n.id).ToList();
                        actionidList.AddRange(acid);
                    }
                    actionidList.Distinct();
                    if (actionidList.Count > 0)
                    {
                        CacheHelper.AddCache($"adminactionidList{admin.id}", actionidList, DateTime.Now.AddHours(2));
                    }
                }
                if (!adminactionidList.Contains(actionInfo.id))
                {
                    filterContext.Result = new ExtJsonResult()
                    {
                        Data                = new { code = (int)SysEnum.权限不足, msg = "权限不足" },
                        ContentEncoding     = controller.Request.ContentEncoding,
                        ContentType         = "application/json",
                        JSONPCallBack       = controller.CallBack,
                        JsonRequestBehavior = JsonRequestBehavior.AllowGet
                    };
                    return;
                }
            }
        }
示例#2
0
        /// <summary>
        /// 在调用操作方法前调用。
        /// </summary>
        /// <param name="filterContext">有关当前请求和操作的信息。</param>
        protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);

            string tokenStr = RequestParams["token"];

            if (string.IsNullOrEmpty(tokenStr))
            {
                filterContext.Result = Json(SysEnum.参数错误, "缺少token,请重新登录");
                return;
            }
            int    userid;
            string userip;

            try
            {
                string[] arr = Common.EncryptHelper.Decrypt(tokenStr).Split('|');
                userid = int.Parse(arr[0]);
                userip = arr[1];
            }
            catch (Exception)
            {
                filterContext.Result = Json(SysEnum.参数错误, "token错误,请重新登录");
                return;
            }
            if (!userip.Equals("::1") && !userip.Equals(Request.UserHostAddress))
            {
                filterContext.Result = Json(SysEnum.IP不匹配, "IP地址发生变化,请重新登录");
                return;
            }
            var strUser = CacheHelper.GetCache(userid.ToString()) as administrator;

            if (strUser == null)
            {
                filterContext.Result = Json(SysEnum.登录超时, "登录超时,请重新登录 01");
                return;
            }

            administrator admin = strUser;

            if (admin == null)
            {
                filterContext.Result = Json(SysEnum.登录超时, "登录超时,请重新登录 02");
                return;
            }
            nowManager = admin;


            //滑动窗口机制
            CacheHelper.SetCache(userid.ToString(), admin, DateTime.Now.AddMinutes(60));

            //校验权限
            //把当前请求对应的权限拿到
            //if (admin.login_account == "admin")
            //{
            //    return;
            //}
            //拿到当前的url和访问方式
            string url        = filterContext.HttpContext.Request.Url.AbsolutePath.ToLower();
            string httpMethod = filterContext.HttpContext.Request.HttpMethod.ToLower();

            ////通过Spring.Net容器创建对象
            IApplicationContext ctx = ContextRegistry.GetContext();

            IactionService actionService = ctx.GetObject("actionService") as IactionService;

            IadministratorService administratorService = ctx.GetObject("administratorService") as IadministratorService;

            if (!url.Contains("home"))
            {
                //拿到当前请求对应的权限数据
                var actionInfo = actionService.LoadEntities(a => a.url.ToLower() == url && httpMethod == a.http_method.ToLower()).FirstOrDefault();
                if (actionInfo == null)
                {
                    filterContext.Result = Json(SysEnum.权限不足);
                    return;
                }
                if (actionInfo.type == (int)ActionType.普通权限)
                {
                    return;
                }
                //拿到当前管理员的所有权限id
                //1,获取角色信息
                var roleList = admin.role.ToList();
                // 2.获取所有角色对应的权限信息
                var adminactionidList = CacheHelper.GetCache($"adminactionidList_{nowManager.id}") as List <int>;
                //将管理员权限缓存起来,当修改权限的时候,记得更新
                if (adminactionidList == null || adminactionidList.Count == 0)
                {
                    adminactionidList = new List <int>();
                    foreach (var item in roleList)
                    {
                        var acid = item.action.ToList().Select(n => n.id).ToList();
                        adminactionidList.AddRange(acid);
                    }
                    adminactionidList.Distinct();
                    if (adminactionidList.Count > 0)
                    {
                        CacheHelper.AddCache($"adminactionidList_{nowManager.id}", adminactionidList, DateTime.Now.AddHours(2));
                    }
                }
                if (!adminactionidList.Contains(actionInfo.id))
                {
                    filterContext.Result = Json(SysEnum.权限不足);
                    return;
                }
            }
        }