public override void OnActionExecuting(ActionExecutingContext filterContext) { //获取当前的Action string currentAction = filterContext.RouteData.Values["action"].ToString(); string currentController = filterContext.RouteData.Values["controller"].ToString(); //当前action不是 logon 则判断session session为空 跳转到登录页 if (SessionUtil.GetStaffSession() == null) { string requestWith = filterContext.HttpContext.Request.Headers["X-Requested-With"]; //如果为 ajax 请求 if (!string.IsNullOrEmpty(requestWith) && requestWith.ToLower() == "xmlhttprequest") { var contentResult = new ContentResult(); contentResult.Content = "登录超时,请刷新页面"; filterContext.Result = contentResult; } else { if (currentController.ToLower() == "admin") { filterContext.Result = new RedirectResult("/"); } else { var contentResult = new ContentResult(); contentResult.Content = "<script type='text/javascript'>parent.location.href='/Logon/Login';</script>"; filterContext.Result = contentResult; } } } base.OnActionExecuting(filterContext); }
/// <summary> /// 获取左侧 Menu 列表 /// </summary> /// <param name="webtagId"> /// /// </param> /// <returns></returns> public ActionResult MenuInfo(string Id) { //获取当前用户 Staff staff = Gecko.Security.NHHelper.Db.Session.Load(typeof(Staff), SessionUtil.GetStaffSession().LoginId) as Staff; List <ModuleType> moduleList = null; //适用于两个平台的分类 或者 单独模块的加载 //在 home index 页面增加 跳转链接 if (Request.QueryString["moduletype"] == null) { moduleList = Gecko.Security.Service.ModuleTypeSrv.GetAllTopModuleType().Cast <ModuleType>().ToList(); } else if (Request.QueryString["moduletype"] != null) { var moduleType = Request.QueryString["moduletype"].ToString(); var moduleTopType = Gecko.Security.Service.ModuleTypeSrv.GetTopModuleType(moduleType)[0]; moduleList = ((ModuleType)moduleTopType).SubModuleTypes.Cast <ModuleType>().ToList(); } //获取模块分类 var nodeTypeList = GetModuleTypeList(moduleList, staff); return(new ContentResult { ContentType = "application/json", Content = JsonConvert.SerializeObject(nodeTypeList, new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver() }), ContentEncoding = Encoding.UTF8 }); }
protected void Page_Load(object sender, EventArgs e) { try { SessionUtil.SavaModuleTag("ChangeMyPwd"); if (SessionUtil.GetStaffSession().IsInnerUser == 0) { PermissionUtil.SaveGrantPermissionsToSession(); if (!PermissionUtil.HasGrantPermission("rights_browse")) { throw new ModuleSecurityException("无权限访问此模块。"); } } } catch (MissSessionException) { ClientScript.RegisterClientScriptBlock(this.GetType(), "reload", "<script type=\"text/javascript\">parent.location='../../Default.aspx';</script>"); } catch (ModuleSecurityException) { Response.Redirect("../../Frameset/Welcome.aspx"); } catch (Exception ex) { log.Error(null, ex); throw; } }
protected void Page_Load(object sender, EventArgs e) { Response.Cache.SetCacheability(HttpCacheability.NoCache); try { SessionUtil.SavaModuleTag("StaffMgr"); if (SessionUtil.GetStaffSession().IsInnerUser == 0) { PermissionUtil.SaveGrantPermissionsToSession(); if (!PermissionUtil.HasGrantPermission("rights_browse")) { throw new ModuleSecurityException("无权限访问此模块。"); } if (!PermissionUtil.HasGrantPermission("rights_add")) { btnNew.Style.Add("display", "none"); } if (!PermissionUtil.HasGrantPermission("rights_edit")) { btnEdit.Style.Add("display", "none"); btnEditPassword.Style.Add("display", "none"); } if (!PermissionUtil.HasGrantPermission("rights_move")) { btnMove.Style.Add("display", "none"); } if (!PermissionUtil.HasGrantPermission("rights_accredit")) { btnRole.Style.Add("display", "none"); btnPermission.Style.Add("display", "none"); } if (!PermissionUtil.HasGrantPermission("rights_delete")) { btnDelete.Style.Add("display", "none"); } } LoadDepartmentTree(tvDepartments.Nodes[0], null); } catch (MissSessionException) { ClientScript.RegisterClientScriptBlock(this.GetType(), "reload", "<script type=\"text/javascript\">parent.location='../../Default.aspx';</script>"); } catch (ModuleSecurityException) { Response.Redirect("../../Frameset/Welcome.aspx"); } catch (Exception ex) { log.Error(null, ex); throw; } }
/// <summary> /// 在Session中保存当前登录职员对于当前模块拥有的所有肯定授权标示。 /// <remarks> /// 在每一个模块的主界面初始化时被调用,用于在Session中保存当前登录职员对于当前模块拥有的所有肯定授权标示。 /// 以后模块在每次需要做授权判断时只需依据Session中保存的授权标示判断即可,不用再次读数据库。 /// 注意:如果是内置职员登录系统,则此函数将不会被调用,同时在以后的任何操作时也不会调用HasGrantPermission函数来做授权判断。 /// </remarks> /// </summary> public static void SaveGrantPermissionsToSession() { StaffSession ss = SessionUtil.GetStaffSession(); string moduleTag = SessionUtil.GetModuleTag(); Staff staff = CommonSrv.LoadObjectById(typeof(Staff), ss.LoginId) as Staff; Module module = ModuleSrv.GetModuleByTag(moduleTag); ArrayList alGrantPermissions = staff.GetGrantPermissions(module); SessionUtil.SavaGrantPermissions(alGrantPermissions); }
/// <summary> /// 判断当前已登录职员是否对当前模块的某项权限有肯定的授权。 /// </summary> /// <remarks> /// 在每一个模块的主界面加载时被调用,用于确认职员的授权,进而判断哪些操作按钮需要被隐藏。 /// 在模块的每一项操作(ashx)被执行前再次被调用,用于再次确认职员的授权,防止用户对ashx的恶意调用。 /// 注意:如果是内置职员登录系统,则不使用Session中保存的授权标示信息做授权判断,而是直接返回true。 /// </remarks> /// <param name="rightTag">权限标示。</param> /// <returns>是否有肯定的授权。</returns> public static bool HasGrantPermission(string rightTag) { StaffSession ss = SessionUtil.GetStaffSession(); if (ss.IsInnerUser == 0) { ArrayList al = SessionUtil.GetGrantPermissions(); return(al.Contains(rightTag)); } else { return(true); } }
/// <summary> /// 获取左侧 Menu 列表 /// </summary> /// <param name="webtagId"> /// /// </param> /// <returns></returns> public JsonResult MenuInfo(string Id) { //获取当前用户 Staff staff = Gecko.Security.NHHelper.Db.Session.Load(typeof(Staff), SessionUtil.GetStaffSession().LoginId) as Staff; //Staff staff = Anole.Security.NHHelper.Db.Session.Load(typeof(Staff),"admin") as Staff; IList moduleList = null; //if (staff.IsInnerUser == 1)//如果是内置用户 //平台如果集成单点登录 则获取当前的平台Id 加载对应的module列表 //else //moduleList = Anole.Security.Service.ModuleTypeSrv.GetTopModuleType("0000000023"); moduleList = Gecko.Security.Service.ModuleTypeSrv.GetAllTopModuleType(); var nodeTypeList = GetModuleTypeList(moduleList, staff); return(Json(nodeTypeList, JsonRequestBehavior.AllowGet)); }
private void LoadModuleTree() { //获取当前登录的职员信息。 StaffSession ss = SessionUtil.GetStaffSession(); Staff s = CommonSrv.LoadObjectById(typeof(Staff), ss.LoginId) as Staff; //获取所有顶层模块。 IList ilModuleType = ModuleTypeSrv.GetAllTopModuleType(); //增加模块分类和模块。 foreach (ModuleType mt in ilModuleType) { Microsoft.Web.UI.WebControls.TreeNode node = new Microsoft.Web.UI.WebControls.TreeNode(); tvModules.Nodes.Add(node); node.Type = "moduletype"; node.Text = mt.Name; AddSubNodes(node, mt, s); node.Expanded = true; } //删除不必要的模块分类节点。 RemoveNeedlessModuleType(null); }
//修改密码 public ActionResult ChangePassword() { ViewBag.loginId = SessionUtil.GetStaffSession().LoginId; return(View()); }