public bool ValiddatePermission(AccountModel account, string controller, string action, string filePath)
{
bool bResult = false;
string actionName = string.IsNullOrEmpty(ActionName) ? action : ActionName;
if (account != null)
{
List <permModel> perm = null;
//测试当前controller是否已赋权限值,如果没有从
//如果存在区域,Seesion保存(区域+控制器)
if (!string.IsNullOrEmpty(Area))
{
controller = Area + "/" + controller;
}
perm = (List <permModel>)HttpContext.Current.Session[filePath];
if (perm == null)
{
SysUserBLL userBLL = new SysUserBLL()
{
m_Rep = new SysUserRepository(new DBContainer()),
sysRightRep = new SysRightRepository(new DBContainer())
};
{
perm = userBLL.GetPermission(account.Id, controller); //获取当前用户的权限列表
HttpContext.Current.Session[filePath] = perm; //获取的劝降放入会话由Controller调用
}
}
//当用户访问index时,只要权限>0就可以访问
if (actionName.ToLower() == "index")
{
if (perm.Count > 0)
{
return(true);
}
}
//查询当前Action 是否有操作权限,大于0表示有,否则没有
int count = perm.Where(a => a.KeyCode.ToLower() == actionName.ToLower()).Count();
if (count > 0)
{
bResult = true;
}
else
{
bResult = false;
LoginUserManage.RedirectUrl();
}
}
return(bResult);
}
/// <summary>
/// Action加上[SupportFilter]在执行action之前执行以下代码,通过[SupportFilter(ActionName="Index")]指定参数
/// </summary>
/// <param name="filterContext">页面传过来的上下文</param>
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//过滤危险字符,需要设置规则,暂时注掉,需要开启
//var actionParameters = filterContext.ActionDescriptor.GetParameters();
//foreach (var p in actionParameters)
//{
// if (p.ParameterType == typeof(string))
// {
// if (filterContext.ActionParameters[p.ParameterName] != null)
// {
// filterContext.ActionParameters[p.ParameterName] = ResultHelper.Formatstr(filterContext.ActionParameters[p.ParameterName].ToString());
// }
// }
//}
//读取请求上下文中的Controller,Action,Id
var routes = new RouteCollection();
RouteConfig.RegisterRoutes(routes);
RouteData routeData = routes.GetRouteData(filterContext.HttpContext);
//取出区域的控制器Action,id
string ctlName = filterContext.Controller.ToString();
string[] routeInfo = ctlName.Split('.');
string controller = null;
string action = null;
string id = null;
int iAreas = Array.IndexOf(routeInfo, "Areas");
if (iAreas > 0)
{
//取区域及控制器
Area = routeInfo[iAreas + 1];
}
int ctlIndex = Array.IndexOf(routeInfo, "Controllers");
ctlIndex++;
controller = routeInfo[ctlIndex].Replace("Controller", "").ToLower();
string url = HttpContext.Current.Request.Url.ToString().ToLower();
string[] urlArray = url.Split('/');
int urlCtlIndex = Array.IndexOf(urlArray, controller);
urlCtlIndex++;
if (urlArray.Count() > urlCtlIndex)
{
action = urlArray[urlCtlIndex];
}
urlCtlIndex++;
if (urlArray.Count() > urlCtlIndex)
{
id = urlArray[urlCtlIndex];
}
//url
action = string.IsNullOrEmpty(action) ? "Index" : action;
int actionIndex = action.IndexOf("?", 0);
if (actionIndex > 1)
{
action = action.Substring(0, actionIndex);
}
id = string.IsNullOrEmpty(id) ? "" : id;
//URL路径
string filePath = HttpContext.Current.Request.FilePath;
AccountModel account = filterContext.HttpContext.Session["Account"] as AccountModel;
if (LoginUserManage.ValidateIsLogined(account) && ValiddatePermission(account, controller, action, filePath) && !LoginUserManage.ValidateRelogin(account))
{
//已经登录,有权限,且没有单机登录限制
//
return;
}
else
{
filterContext.Result = new EmptyResult();
return;
}
}
