62,046
社区成员
发帖
与我相关
我的任务
分享
public class AuthorizeFilter : ActionFilterAttribute
{
//Action方法执行之前执行此方法
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.RouteData.Values["controller"].ToString().Contains("Login"))return;
base.OnActionExecuting(filterContext);
//校验用户是否已经登录
if (UserCookie.UserId == null || UserCookie.UserName == null)
{ //跳转到登陆页
filterContext.HttpContext.Response.Redirect("/Login/LoginIndex");
}
else
{
string conName = filterContext.RouteData.Values["controller"].ToString();
if (conName.Contains("Home")) return;
string actName = filterContext.RouteData.Values["action"].ToString();
LoginBLL _bll = new LoginBLL();
if(!_bll.GetPermission(UserCookie.UserId,conName,actName))//判断用户是否有权限执行Action
{
return;
//filterContext.HttpContext.Response.Redirect("~/Login/ErroPage");
}
}
}
}
[AuthorizeFilter]
public bool ChangeState(string type,string id, int state)
{
return _bll.ChangeState(type,id, state);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
//Action方法执行之前执行此方法
private bool canexcute=false;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.RouteData.Values["controller"].ToString().Contains("Login"))return;
base.OnActionExecuting(filterContext);
//校验用户是否已经登录
if (UserCookie.UserId == null || UserCookie.UserName == null)
{ //跳转到登陆页
filterContext.HttpContext.Response.Redirect("/Login/LoginIndex");
}
else
{
string conName = filterContext.RouteData.Values["controller"].ToString();
if (conName.Contains("Home")) return;
string actName = filterContext.RouteData.Values["action"].ToString();
LoginBLL _bll = new LoginBLL();
if(!_bll.GetPermission(UserCookie.UserId,conName,actName))//判断用户是否有权限执行Action
{
canexcute=false;
}
else
{
canexcute=true;
}
}
}
base.OnAuthorization(filterContext);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//测试用
return canexcute;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
var manager=new AuthorizationManager("");
var messageAll = HtmlControlEx.GetLanguage("NoAuthorization").Replace("{0}",manager.GetActionName(_controllerName, _actionName));
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
var result = new BasePageResult(-5);
result.Message = messageAll;
filterContext.Result = new JsonResult { Data=result};//这里返回Json格式的内容,前台js配合判断
}
else
{
var message = new HandlerPageError(new Exception(messageAll), this._controllerName, _actionName);
filterContext.Result=new ViewResult
{
ViewName = "~/Views/Shared/ShowMessage.cshtml",
ViewData = new ViewDataDictionary<HandlerPageError>(message),
TempData = filterContext.Controller.TempData
};
}
}