/// <summary>
/// 校验权限
/// </summary>
private BaseResult CheckPurview(ActionExecutingContext filterContext)
{
BaseResult br = new BaseResult();
//TODO:YZQ 屏蔽校验权限
//获取请求的controller和action
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
string actionName = filterContext.ActionDescriptor.ActionName;
//获取Action的ActionPurviewAttribute
ActionPurviewAttribute apAttr = GetActionPurviewAttr(filterContext.ActionDescriptor, actionName);
if (!apAttr.Check)
{
br.Success = true;
return(br);
}
Hashtable userinfo = (Hashtable)filterContext.HttpContext.Session["LoginInfo"];
var attrs = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ActionAliasAttribute), false);
ActionAliasAttribute actionAliasAttribute = null;
List <ActionAliasAttribute> actionAliasAttributes = new List <ActionAliasAttribute>();
if (attrs != null && attrs.Length > 0)
{
var objs = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ActionAliasAttribute), false);
foreach (var obj in objs)
{
actionAliasAttributes.Add(obj as ActionAliasAttribute);
}
actionAliasAttribute = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ActionAliasAttribute), false)[0] as ActionAliasAttribute;
}
Hashtable param = new Hashtable();
if (actionAliasAttributes.Any())
{
var strController = string.Join(",", from a in actionAliasAttributes select a.Controller);
var strAction = string.Join(",", from a in actionAliasAttributes select a.Action);
param.Add("id_user", userinfo["id_user"]);
param.Add("controllerName", strController);
param.Add("actionName", strAction);
br = BusinessFactory.AccountFunction.Check(param);
}
else if (actionAliasAttribute != null &&
!string.IsNullOrEmpty(actionAliasAttribute.Controller) &&
!string.IsNullOrEmpty(actionAliasAttribute.Action))
{
param.Add("id_user", userinfo["id_user"]);
param.Add("controllerName", actionAliasAttribute.Controller);
param.Add("actionName", actionAliasAttribute.Action);
br = BusinessFactory.AccountFunction.Check(param);
}
else
{
param.Add("id_user", userinfo["id_user"]);
param.Add("controllerName", controllerName);
param.Add("actionName", apAttr.ActionName);
br = BusinessFactory.AccountFunction.Check(param);
}
return(br);
}
/// <summary>
/// 获取校验设置
/// </summary>
private ActionPurviewAttribute GetActionPurviewAttr(Type controllerType, string actionName)
{
string key = controllerType.FullName + "." + actionName.ToLower();
if (attrList.ContainsKey(key))
{
return(attrList[key]);
}
//处理请求的Action名大小写问题
MethodInfo[] methodinfos = controllerType.GetMethods();
foreach (MethodInfo methodinfo in methodinfos)
{
if (methodinfo.Name.ToUpper() == actionName.ToUpper())
{
actionName = methodinfo.Name;
break;
}
}
//获取Action的ActionPurviewAttribute
ActionPurviewAttribute apaAttr = null;
object[] attrs = controllerType.GetMethod(actionName).GetCustomAttributes(true);
foreach (object attr in attrs)
{
if (attr is ActionPurviewAttribute)
{
apaAttr = (ActionPurviewAttribute)attr;
break;
}
}
if (apaAttr == null)
{
apaAttr = new ActionPurviewAttribute(actionName);
}
if (String.IsNullOrEmpty(apaAttr.ActionName))
{
apaAttr.ActionName = actionName;
}
attrList[key] = apaAttr;
return(apaAttr);
}
/// <summary>
/// 校验权限
/// </summary>
private BaseResult CheckPurview(ActionExecutingContext filterContext)
{
BaseResult br = new BaseResult();
//获取请求的controller和action
Type controllerType = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType;
string actionName = filterContext.ActionDescriptor.ActionName.Trim();
//获取Action的ActionPurviewAttribute
ActionPurviewAttribute apAttr = GetActionPurviewAttr(controllerType, actionName);
if (!apAttr.Check)
{
br.Success = true;
return(br);
}
Hashtable userinfo = (Hashtable)filterContext.HttpContext.Session["LoginInfo"];
long id_user = Convert.ToInt64(userinfo["id_user"]);
br.Message.Add("您无权操作此功能,请联系管理员!");
br.Level = ErrorLevel.Error;
br.Success = false;
return(br);
}
/// <summary>
/// 获取校验设置
/// </summary>
private ActionPurviewAttribute GetActionPurviewAttr(ActionDescriptor actionDescriptor, string actionName)
{
if (attrList.ContainsKey(actionDescriptor.UniqueId))
{
return(attrList[actionDescriptor.UniqueId]);
}
ActionPurviewAttribute apaAttr = null;
object[] attrs = actionDescriptor.GetCustomAttributes(actionPurviewAttributeType, true);
if (attrs.Length > 0)
{
apaAttr = (ActionPurviewAttribute)attrs[0];
}
if (apaAttr == null)
{
apaAttr = new ActionPurviewAttribute(actionName);
}
if (String.IsNullOrEmpty(apaAttr.ActionName))
{
apaAttr.ActionName = actionName;
}
attrList[actionDescriptor.UniqueId] = apaAttr;
return(apaAttr);
}