标签:des style blog http io ar color os sp
/// <summary> /// 自定义AuthorizeAttribute /// </summary> public class UserAuthorizeAttribute : FilterAttribute, IAuthorizationFilter, IActionFilter { IPagePermissionManager _pagePermissionManager; IRoleManager _roleManager; IUserManager _userManager; //ICache _cache; private UserEntity _currentUser; private string _parameter; public UserAuthorizeAttribute() { this._pagePermissionManager = (IPagePermissionManager)DependencyResolver.Current.GetService(typeof(IPagePermissionManager)); this._roleManager = (IRoleManager)DependencyResolver.Current.GetService(typeof(IRoleManager)); this._userManager = (IUserManager)DependencyResolver.Current.GetService(typeof(IUserManager)); //this._cache = (ICache)DependencyResolver.Current.GetService(typeof(ICache)); } public void OnAuthorization(AuthorizationContext filterContext) { //base.OnAuthorization(filterContext); //string area = filterContext.RouteData.DataTokens["area"].ToString(); string controller = filterContext.RouteData.Values["controller"].ToString(); string action = filterContext.RouteData.Values["action"].ToString(); //验证Html.SecurityActionLink 中的操作方法 bool isCheckSecurityActionLink = false; if (filterContext.ActionDescriptor != null) { string _controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string _actionName = filterContext.ActionDescriptor.ActionName; if (_controller != controller) { controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; isCheckSecurityActionLink = true; } if (_actionName != action) { action = filterContext.ActionDescriptor.ActionName; isCheckSecurityActionLink = true; } } //获取Route Url中的参数 int organizationId = 0; if (filterContext.ActionDescriptor != null && filterContext.ActionDescriptor.GetParameters() != null) { organizationId = ObjectExtensions.ToInt32(filterContext.ActionDescriptor.GetParameters().FirstOrDefault(t => t.ParameterName == "api_orgId"), 0); } //int organizationId = ObjectExtensions.ToInt32(filterContext.HttpContext.Request.QueryString["api_orgId"], 0); string path = filterContext.RequestContext.HttpContext.Server.MapPath("/Config/PagePermission.config"); string userData = string.Empty; _currentUser = null; if (filterContext.HttpContext.User.Identity.IsAuthenticated) { HttpCookie authCookie = filterContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);//解密 userData = authTicket.UserData; if (!string.IsNullOrEmpty(userData)) { string[] arrUserData = userData.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries); _currentUser = new UserEntity(); _currentUser.UserID = ObjectExtensions.ToInt32(arrUserData[0], 0); _currentUser.UserName = arrUserData[1]; _currentUser.TrueName = arrUserData[2]; _currentUser.OrganizationID = ObjectExtensions.ToInt32(arrUserData[3], 0); _currentUser.InheritFromGroup = string.Compare(arrUserData[4], "True") == 0 ? true : false; ////获取当前用户在当前页面所属模块的所有操作权限 //List<int> operateCodeList = new List<int>(); //if (!string.IsNullOrEmpty(controller) && !string.IsNullOrEmpty(action)) //{ // string pageUrl = controller + "/" + action; // int moduleId = _pagePermissionManager.GetModuleID(pageUrl); // List<PagePermission> pagePermissionList = _pagePermissionManager.GetPagePermissionList(moduleId); // foreach (PagePermission pagePermission in pagePermissionList) // { // if (!string.IsNullOrEmpty(pagePermission.PageUrl)) // { // string[] arrayPageUrl = pagePermission.PageUrl.Split(new string[] { "/" }, StringSplitOptions.RemoveEmptyEntries); // string controllerName = string.Empty; // string actionName = string.Empty; // if (arrayPageUrl.Length > 2) // { // controllerName = arrayPageUrl[1]; // actionName = arrayPageUrl[2]; // } // else // { // controllerName = arrayPageUrl[0]; // actionName = arrayPageUrl[1]; // } // if (!string.IsNullOrEmpty(controllerName) && !string.IsNullOrEmpty(actionName)) // { // if (this.IsAllowed(path, controllerName, actionName, organizationId)) // { // operateCodeList.Add(pagePermission.OperateCode); // } // } // } // } //} //_currentUser.OperateCodeList = operateCodeList; //获取当前用户有权限的模块权限码 _currentUser.ModuleCodeList = GetModuleCodeList(); } } } _parameter = "currentUser"; //filterContext.Controller.ViewBag.currentUser = _currentUser; bool isAllowed = this.IsAllowed(path, controller, action, organizationId); if (!isAllowed) { if (isCheckSecurityActionLink) { filterContext.Result = new ViewResult(); } else { filterContext.RequestContext.HttpContext.Response.Write("对不起,您没有权限!"); filterContext.RequestContext.HttpContext.Response.End(); } } } public void OnActionExecuted(ActionExecutedContext filterContext) { if (filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Controller.ViewBag.currentUser = _currentUser; } } public void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.ActionParameters.ContainsKey(_parameter)) { filterContext.ActionParameters[_parameter] = _currentUser; } } /// <summary> /// 验证页面权限 /// </summary> /// <param name="path"></param> /// <param name="controller"></param> /// <param name="action"></param> /// <returns></returns> public bool IsAllowed(string path, string controller, string action, int organizationId) { bool isAllowed = false; if (!string.IsNullOrEmpty(controller) && !string.IsNullOrEmpty(action)) { string pageUrl = controller + "/" + action; //不检查NoCheckedPage.config 中配置的页面 string noCheckedPagePath = "/Config/NoCheckedPage.config"; List<string> noCheckedPageUrlList = XmlManager.GetAttributesValue(noCheckedPagePath, "PageUrl"); if (noCheckedPageUrlList.Contains(pageUrl)) { return true; } UserEntity userEntity = _currentUser; //用户是否登录 if (!HttpContext.Current.User.Identity.IsAuthenticated) { return false; } if (userEntity == null) { return false; } int userId = userEntity.UserID; //用户是否属于指定的部门 if (organizationId > 0) { if (organizationId != userEntity.OrganizationID) { return false; } } List<int> userRolesId = GetUserRolesId(userId, userEntity.InheritFromGroup); //超级管理员不用验证 if (userRolesId.Contains((int)SuperManagerEnum.SuperManager)) { isAllowed = true; } else { if (!string.IsNullOrEmpty(path)) { List<PagePermission> list = _pagePermissionManager.DeserializeToList<PagePermission>(path); //List<PagePermission> list = _cache.Get<List<PagePermission>>("ciwong_admin_permission_pagepermissionlist"); //if (list == null || list.Count == 0) //{ // list = _pagePermissionManager.DeserializeToList<PagePermission>(path); // _cache.Add<List<PagePermission>>("ciwong_admin_permission_pagepermissionlist", list, 1200); //} if (list.Count > 0) { //处理带空白符URL,不区分大小写 PagePermission pagePermission = list.FirstOrDefault(t => t.PageUrl.Trim().ToLower() == pageUrl.Trim().ToLower()); if (pagePermission != null) { //用户的模块权限是否被禁止 List<DisableUserPermission> disableUserPermissionList = new List<DisableUserPermission>(); disableUserPermissionList = _userManager.GetDisableUserPermission(userId, pagePermission.ModuleID, pagePermission.ModuleCode); foreach (DisableUserPermission disableUserPermission in disableUserPermissionList) { if ((pagePermission.OperateCode & disableUserPermission.OperateCode) == pagePermission.OperateCode) { return false; } } //用户是否拥有模块权限 List<Roles_ModulePermission> rolesModelPermissionList = new List<Roles_ModulePermission>(); rolesModelPermissionList = _roleManager.GetRolesModulePermission(userRolesId, pagePermission.ModuleID, pagePermission.ModuleCode); foreach (Roles_ModulePermission rolesModelPermission in rolesModelPermissionList) { if ((pagePermission.OperateCode & rolesModelPermission.OperateCode) == pagePermission.OperateCode) { isAllowed = true; } } } } } } } return isAllowed; } /// <summary> /// 获取当前用户的模块权限 /// </summary> /// <returns></returns> public List<string> GetModuleCodeList() { List<string> moduleCodeList = new List<string>(); UserEntity userEntity = _currentUser; //用户是否登录 if (!HttpContext.Current.User.Identity.IsAuthenticated) { return moduleCodeList; } if (userEntity == null) { return moduleCodeList; } int userId = userEntity.UserID; List<int> userRolesId = GetUserRolesId(userId, userEntity.InheritFromGroup); //超级管理员拥有所有模块的权限 if (userRolesId.Contains((int)SuperManagerEnum.SuperManager)) { moduleCodeList.Add("SuperManager"); } else { List<Roles_ModulePermission> rolesModulePermissionList = _roleManager.GetRolesModulePermission(userRolesId); List<DisableUserPermission> disableUserPermissionList = _userManager.GetDisableUserPermissionList(userId); if (disableUserPermissionList.Count > 0) { List<string> disableUserPermissionCode = disableUserPermissionList.Select(t => t.ModuleCode).ToList(); foreach (Roles_ModulePermission rolesModulePermission in rolesModulePermissionList) { if (!disableUserPermissionCode.Contains(rolesModulePermission.ModuleCode)) { moduleCodeList.Add(rolesModulePermission.ModuleCode); } } } else { moduleCodeList = rolesModulePermissionList.Select(t => t.ModuleCode).ToList(); } } return moduleCodeList; } private List<int> GetUserRolesId(int userId, bool inheritFromGroup) { List<int> userRolesId = new List<int>(); List<int> userGroupRolesId = new List<int>(); if (inheritFromGroup) { int groupId = _userManager.GetGroupID(userId); if (groupId > 0) { userGroupRolesId = _roleManager.GetUserGroupRoles(groupId); } //合并用户角色 userRolesId = _roleManager.GetUserRoles(userId); if (userGroupRolesId.Count > 0 && userRolesId.Count > 0) { userRolesId = userRolesId.Union(userGroupRolesId).ToList<int>(); } } else { userRolesId = _roleManager.GetUserRoles(userId); } return userRolesId; } }
标签:des style blog http io ar color os sp
原文地址:http://www.cnblogs.com/ccmo/p/4129653.html
