• asp.net MVC 2 自定义用户角色权限设计


    此地http://www.cnblogs.com/xiaoqi/archive/2011/01/24/1942880.html的博文,加上数据库,用entity framework稍作修改分享之。

    实体模型如下图:

     DBUserAuthorizeAttribute.cs如下

    DBUserAuthorizeAttribute.cs
      1 using System;
    2 using System.Collections.Generic;
    3 using System.Linq;
    4 using System.Web;
    5 using System.Web.Mvc;
    6
    7 namespace MVCRole.Models
    8 {
    9 /// <summary>
    10 /// 自定义AuthorizeAttribute
    11 /// </summary>
    12 public class DBUserAuthorizeAttribute : AuthorizeAttribute
    13 {
    14 private UserInfoEntities Database = new UserInfoEntities();
    15 public override void OnAuthorization( AuthorizationContext filterContext ) {
    16 if (filterContext == null) {
    17 throw new ArgumentNullException( "filterContext" );
    18 }
    19 User user = filterContext.HttpContext.Session["CurrentUser"] as User;
    20 string controller = filterContext.RouteData.Values["controller"].ToString();
    21 string action = filterContext.RouteData.Values["action"].ToString();
    22 var isAllowed = this.IsAllowed( user, controller, action );
    23 if (!isAllowed) {
    24 filterContext.HttpContext.Response.StatusCode = 401;
    25 }
    26
    27 }
    28
    29 /// <summary>
    30 /// 判断是否允许访问
    31 /// </summary>
    32 /// <param name="user">用户</param>
    33 /// <param name="controller">控制器</param>
    34 /// <param name="action">action</param>
    35 /// <returns>是否允许访问</returns>
    36 public bool IsAllowed( User user, string controller, string action ) {
    37
    38 // 找controllerAction
    39 var controllerAction = Database.ControllerActions.FirstOrDefault( ca => ca.IsController == false && ca.Name == action && ca.ControllerName == controller );
    40
    41 //action无记录,找controller
    42 if (controllerAction == null) {
    43 controllerAction = Database.ControllerActions.FirstOrDefault( ca => ca.IsController && ca.Name == controller );
    44 }
    45
    46 // 无规则
    47 if (controllerAction == null) {
    48 return true;
    49 }
    50
    51
    52 // 允许没有角色的:也就是说允许所有人,包括没有登录的用户
    53 if (controllerAction.IsAllowedNoneRoles) {
    54 return true;
    55 }
    56 if (user==null) {
    57 return false;
    58 }
    59 // 允许所有角色:只要有角色,就可以访问
    60 if (controllerAction.IsAllowedAllRoles) {
    61 int count = Database.UserRoles.Count( ur => ur.UserID == user.ID );
    62 if (count > 0) {
    63 return true;
    64 }
    65 else {
    66 return false;
    67 }
    68 }
    69
    70 // 选出action对应的角色
    71 var actionRoles = Database.ControllerActionRoles.ToList().FindAll( ca => ca.ControllerActionID == controllerAction.ID );
    72
    73 if (actionRoles.Count == 0) {
    74 // 角色数量为0,也就是说没有定义访问规则,默认允许访问
    75 return true;
    76 }
    77 var userHavedRolesids = Database.UserRoles.ToList().FindAll( ur => ur.UserID == user.ID ).Select( ca => ca.RoleID );
    78 // 查找禁止的角色
    79 var notAllowedRoles = actionRoles.FindAll( r => !r.IsAllowed ).Select( ca => ca.RoleID );
    80 if (notAllowedRoles.Count() > 0) {
    81 foreach (int roleId in notAllowedRoles) {
    82 // 用户的角色在禁止访问列表中,不允许访问
    83 if (userHavedRolesids.Contains( roleId )) {
    84 return false;
    85 }
    86 }
    87 }
    88 // 查找允许访问的角色列表
    89 var allowRoles = actionRoles.FindAll( r => r.IsAllowed ).Select( ca => ca.RoleID ).ToList();
    90 if (allowRoles.Count > 0) {
    91 foreach (int roleId in allowRoles) {
    92 // 用户的角色在访问的角色列表
    93 if (userHavedRolesids.Contains( roleId )) {
    94 return true;
    95 }
    96 }
    97 }
    98 // 默认禁止访问
    99 return false;
    100 }
    101
    102 }
    103 }
      1 using System;
    2 using System.Collections.Generic;
    3 using System.Linq;
    4 using System.Web;
    5 using System.Web.Mvc;
    6
    7 namespace MVCRole.Models
    8 {
    9 /// <summary>
    10 /// 自定义AuthorizeAttribute
    11 /// </summary>
    12 public class DBUserAuthorizeAttribute : AuthorizeAttribute
    13 {
    14 private UserInfoEntities Database = new UserInfoEntities();
    15 public override void OnAuthorization( AuthorizationContext filterContext ) {
    16 var user = filterContext.HttpContext.Session["CurrentUser"] as User;
    17
    18 var controller = filterContext.RouteData.Values["controller"].ToString();
    19 var action = filterContext.RouteData.Values["action"].ToString();
    20 var isAllowed = this.IsAllowed( user, controller, action );
    21
    22 if (!isAllowed) {
    23 filterContext.RequestContext.HttpContext.Response.Write( "无权访问" );
    24 filterContext.RequestContext.HttpContext.Response.End();
    25 }
    26
    27 }
    28
    29 /// <summary>
    30 /// 判断是否允许访问
    31 /// </summary>
    32 /// <param name="user">用户</param>
    33 /// <param name="controller">控制器</param>
    34 /// <param name="action">action</param>
    35 /// <returns>是否允许访问</returns>
    36 public bool IsAllowed( User user, string controller, string action ) {
    37
    38 // 找controllerAction
    39 var controllerAction = Database.ControllerActions.FirstOrDefault( ca => ca.IsController == false && ca.Name == action && ca.ControllerName == controller );
    40
    41 //action无记录,找controller
    42 if (controllerAction == null) {
    43 controllerAction = Database.ControllerActions.FirstOrDefault( ca => ca.IsController && ca.Name == controller );
    44 }
    45
    46 // 无规则
    47 if (controllerAction == null) {
    48 return true;
    49 }
    50
    51
    52 // 允许没有角色的:也就是说允许所有人,包括没有登录的用户
    53 if (controllerAction.IsAllowedNoneRoles) {
    54 return true;
    55 }
    56 if (user==null) {
    57 return false;
    58 }
    59 // 允许所有角色:只要有角色,就可以访问
    60 if (controllerAction.IsAllowedAllRoles) {
    61 int count = Database.UserRoles.Count( ur => ur.UserID == user.ID );
    62 if (count > 0) {
    63 return true;
    64 }
    65 else {
    66 return false;
    67 }
    68 }
    69
    70 // 选出action对应的角色
    71 var actionRoles = Database.ControllerActionRoles.ToList().FindAll( ca => ca.ControllerActionID == controllerAction.ID );
    72
    73 if (actionRoles.Count == 0) {
    74 // 角色数量为0,也就是说没有定义访问规则,默认允许访问
    75 return true;
    76 }
    77 var userHavedRolesids = Database.UserRoles.ToList().FindAll( ur => ur.UserID == user.ID ).Select( ca => ca.RoleID );
    78 // 查找禁止的角色
    79 var notAllowedRoles = actionRoles.FindAll( r => !r.IsAllowed ).Select( ca => ca.RoleID );
    80 if (notAllowedRoles.Count() > 0) {
    81 foreach (int roleId in notAllowedRoles) {
    82 // 用户的角色在禁止访问列表中,不允许访问
    83 if (userHavedRolesids.Contains( roleId )) {
    84 return false;
    85 }
    86 }
    87 }
    88 // 查找允许访问的角色列表
    89 var allowRoles = actionRoles.FindAll( r => r.IsAllowed ).Select( ca => ca.RoleID ).ToList();
    90 if (allowRoles.Count > 0) {
    91 foreach (int roleId in allowRoles) {
    92 // 用户的角色在访问的角色列表
    93 if (userHavedRolesids.Contains( roleId )) {
    94 return true;
    95 }
    96 }
    97 }
    98 // 默认禁止访问
    99 return false;
    100 }
    101
    102 }
    103 }
    HomeController.cs
     1 using System;
    2 using System.Collections.Generic;
    3 using System.Linq;
    4 using System.Web;
    5 using System.Web.Mvc;
    6 using MVCRole.Models;
    7
    8 namespace MVCRole.Controllers
    9 {
    10 [HandleError]
    11 [DBUserAuthorize]
    12 public class HomeController : Controller
    13 {
    14 public ActionResult Index()
    15 {
    16 ViewData["Message"] = "欢迎使用 ASP.NET MVC!";
    17
    18 return View();
    19 }
    20 public ActionResult Admin()
    21 {
    22 ViewData["Message"] = "只有管理员才能访问!";
    23
    24 return View("Index");
    25 }
    26 public ActionResult User()
    27 {
    28 ViewData["Message"] = "只要是注册用户就能访问!";
    29
    30 return View("Index");
    31 }
    32 public ActionResult UserOnly()
    33 {
    34 ViewData["Message"] = "只能是User才能能访问!";
    35
    36 return View("Index");
    37 }
    38
    39 public ActionResult Login(string user)
    40 {
    41 Session["CurrentUser"] = new UserInfoEntities().Users.FirstOrDefault(u => u.UserName == user);
    42 if (Session["CurrentUser"] != null)
    43 {
    44 ViewData["Message"] = "你已登录为" + user;
    45 }
    46
    47 return View("Index");
    48 }
    49
    50
    51 public ActionResult About()
    52 {
    53 return View();
    54 }
    55 }
    56 }

    流程:



  • 相关阅读:
    我的游戏学习日志54———类型游戏策划(1)—动作游戏(1)
    我的游戏学习日志53——游戏游戏策划—小结
    IE8下Extjs报缺少':'符号错误
    Extjs 兼容IE8常见问题及解决方法
    程序员如何提升自己
    extjs layout 最灵活的页面布局样式
    如何运用军事战略建立更好的习惯
    Ext之页面多次请求问题 (下拉框发送无关请求)
    计算机网络通信那些事
    Java基础
  • 原文地址:https://www.cnblogs.com/1971ruru/p/2359972.html
Copyright © 2020-2023  润新知