示例#1
0
        /// <summary>
        /// 权限验证,无需权限请在action或controller标记AllowAnonymousAttribute
        /// </summary>
        /// <param name="filterContext"></param>
        protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            #region 站点配置
            ViewBag.SiteSetting = SiteSetting;
            #endregion

            #region 获取用户信息
            var UserCK = Request.Cookies.Get(Const.SessionId);
            if (UserCK != null && !String.IsNullOrEmpty(UserCK.Value))
            {
                try
                {
                    User = JsonConvert.DeserializeObject<yy_User>(
                        HttpUtility.UrlDecode(UserCK.Value)
                        );
                }
                catch { }
            }
            #endregion

            #region 如果无需权限验证直接跳过
            if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
              filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                base.OnActionExecuting(filterContext);

                return;
            }
            #endregion

            #region 登陆失败,或没有登陆
            if (User == null)
            {
                filterContext.Result = new RedirectResult("/Admin/Login");
                return;
            }
            #endregion

            #region 没有权限访问当前页面
            String ActionPath = "/" +
                filterContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower() +
                "/" +
                filterContext.ActionDescriptor.ActionName.ToLower();

            var CurrentViewPage = Permission.Where(x => x.PageName == ActionPath).FirstOrDefault();

            if (CurrentViewPage == null)
            {
                filterContext.Result = new RedirectResult("/Admin/NoPermission");
                return;
            }
            //当前访问的页面,用于在客户端定位页面所属的菜单类目,做选中效果
            ViewBag.CurrentPage = CurrentViewPage;

            base.OnActionExecuting(filterContext);
            #endregion

            ViewBag.User = User;
        }
示例#2
0
        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            #region 如果无需权限验证直接跳过
            if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0)
            {
                base.OnActionExecuting(actionContext);

                return;
            }
            #endregion

            String UserStr = String.Empty;

            try
            {
                UserStr = actionContext.Request.Headers.GetCookies().FirstOrDefault()
                    .Cookies.FirstOrDefault().Value;

                UserStr = HttpUtility.UrlDecode(UserStr);
            }
            catch
            {

            }

            if (!String.IsNullOrEmpty(UserStr))
            {
                try
                {
                    User = JsonConvert.DeserializeObject<yy_User>(UserStr);
                }
                catch { User = null; }
            }

            if (User == null)
            {
                actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
                {
                    Content = new StringContent("无效的用户",
                        Encoding.UTF8,
                        "application/json")
                };

                return;
            }

            //String ActionPath = "/" + actionContext.ActionDescriptor.ControllerDescriptor.ControllerName.ToLower() + "/" + actionContext.ActionDescriptor.ActionName.ToLower();
            //如果没有权限访问当前API方法
            //如果需要验证每一个API的权限可继续验证,这里暂时不需要了
        }
示例#3
0
 public ResponseItem Put(yy_User value)
 {
     var _Operator = DB.yy_User.Find(value.ID);
     if (_Operator != null)
     {
         if (!_Operator.UserPwd.Equals(value.UserPwd))
         {
             value.UserPwd = MD5(value.UserPwd);
             _Operator.UserPwd = value.UserPwd;
         }
         _Operator.Address = value.Address;
         _Operator.CityID = value.CityID;
         _Operator.CountryID = value.CountryID;
         _Operator.CreateDate = value.CreateDate;
         _Operator.DistrictID = value.DistrictID;
         _Operator.Gender = value.Gender;
         _Operator.LockFlag = value.LockFlag;
         _Operator.Mail = value.Mail;
         _Operator.Mobile = value.Mobile;
         _Operator.Permission = value.Permission;
         _Operator.ProvinceID = value.ProvinceID;
         _Operator.Role = value.Role;
         _Operator.HeadImgUrl = value.HeadImgUrl;
         DB.SaveChanges();
         return new ResponseItem(0, "");
     }
     return new ResponseItem(1, "不存在的用户。");
 }
示例#4
0
        public ResponseItem ShowHide(yy_User value)
        {
            var _News = DB.yy_User.Find(value.ID);
            if (_News != null)
            {
                _News.LockFlag = value.LockFlag;
                DB.SaveChanges();

                return new ResponseItem(0, "");
            }

            return new ResponseItem(2, "不存在的用户。");
        }
示例#5
0
 public ResponseItem Post(yy_User value)
 {
     var ExistsUser = DB.yy_User.Where(x => x.UserName == value.UserName).FirstOrDefault();
     if (ExistsUser!=null) 
     {
         return new ResponseItem(1, "已存在的用户账号。");
     }
     try
     {
         DB.yy_User.Add(value);
         DB.SaveChanges();
         return new ResponseItem(0, "添加用户成功。");
     }
     catch (Exception ex)
     {
         return new ResponseItem(2, ex.Message);
     }
 }