可以声明一个自定义控制器BaseController继承Controller重写Controller中的OnActionExecuting虚方法,然后其他控制器继承BaseController就可以,避免了给每个控制器打个过滤标签去验证
public class BaseController : Controller
{
public UserInfo LoginUser { get; set; }
/// <summary>
/// 执行控制器中的方法之前先执行该方法。
/// </summary>
/// <param name="filterContext"></param>
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
//if (Session["userInfo"] == null)
bool isSucess = false;
if(Request.Cookies["sessionId"]!=null)
{
string sessionId = Request.Cookies["sessionId"].Value;
//根据该值查Memcache.
object obj=Common.MemcacheHelper.Get(sessionId);
if(obj!=null)
{
UserInfo userInfo = Common.SerializeHelper.DeserializeToObject<UserInfo>(obj.ToString());
LoginUser = userInfo;
isSucess = true;
Common.MemcacheHelper.Set(sessionId, obj, DateTime.Now.AddMinutes(20));//模拟出滑动过期时间.
//留一个后门,测试方便。发布的时候一定要删除该代码。
if (LoginUser.UName == "itcast")
{
return;
}
//完成权限校验。
//获取用户请求的URL地址.
string url = Request.Url.AbsolutePath.ToLower();
//获取请求的方式.
string httpMehotd = Request.HttpMethod;
//根据获取的URL地址与请求的方式查询权限表。
IApplicationContext ctx = ContextRegistry.GetContext();
IBLL.IActionInfoService ActionInfoService = (IBLL.IActionInfoService)ctx.GetObject("ActionInfoService");
var actionInfo= ActionInfoService.LoadEntities(a=>a.Url==url&&a.HttpMethod==httpMehotd).FirstOrDefault();
if (actionInfo != null)
{
filterContext.Result = Redirect("/Error.html");
return;
}
//判断用户是否具有所访问的地址对应的权限
IUserInfoService UserInfoService = (IUserInfoService)ctx.GetObject("UserInfoService");
var loginUserInfo = UserInfoService.LoadEntities(u=>u.ID==LoginUser.ID).FirstOrDefault();
//1:可以先按照用户权限这条线进行过滤。
var isExt =(from a in loginUserInfo.R_UserInfo_ActionInfo
where a.ActionInfoID == actionInfo.ID
select a).FirstOrDefault();
if (isExt != null)
{
if (isExt.IsPass)
{
return;
}
else
{
filterContext.Result = Redirect("/Error.html");
return;
}
}
//2:按照用户角色权限这条线进行过滤。
var loginUserRole = loginUserInfo.RoleInfo;
var count = (from r in loginUserRole
from a in r.ActionInfo
where a.ID == actionInfo.ID
select a).Count();
if (count < 1)
{
filterContext.Result = Redirect("/Error.html");
return;
}
}
// filterContext.HttpContext.Response.Redirect("/Login/Index");
}
if (!isSucess)
{
filterContext.Result = Redirect("/Login/Index");//注意.
}
}
} //统一检查权限问题
public class ActionInfoController : BaseController
{
//
// GET: /ActionInfo/
IBLL.IActionInfoService ActionInfoService { get; set; }
public ActionResult Index()
{
return View();
}
#region 获取权限信息
public ActionResult GetActionInfoList()
{
int pageIndex = Request["page"] != null ? int.Parse(Request["page"]) : 1;
int pageSize = Request["rows"] != null ? int.Parse(Request["rows"]) : 5;
int totalCount;
short delFlag = (short)DeleteEnumType.Normarl;
var actionInfoList = ActionInfoService.LoadPageEntities<int>(pageIndex, pageSize, out totalCount, r => r.DelFlag == delFlag, r => r.ID, true);
var temp = from r in actionInfoList
select new { ID = r.ID, ActionInfoName = r.ActionInfoName, Sort = r.Sort, SubTime = r.SubTime, Remark = r.Remark, Url = r.Url, ActionTypeEnum = r.ActionTypeEnum, HttpMethod = r.HttpMethod };
return Json(new { rows = temp, total = totalCount }, JsonRequestBehavior.AllowGet);
}
#endregion
#region 获取上传的文件.
public ActionResult GetFileUp()
{
HttpPostedFileBase file=Request.Files["fileUp"];
string fileName = Path.GetFileName(file.FileName);
string fileExt = Path.GetExtension(fileName);
if (fileExt == ".jpg")
{
string dir = "/ImageIcon/" + DateTime.Now.Year + "/" + DateTime.Now.Month + "/" + DateTime.Now.Day + "/";
Directory.CreateDirectory(Path.GetDirectoryName(Request.MapPath(dir)));
string newfileName = Guid.NewGuid().ToString();
string fullDir = dir + newfileName + fileExt;
file.SaveAs(Request.MapPath(fullDir));
//自己加上图片的缩略图
return Content("ok:" + fullDir);
}
else
{
return Content("no:文件类型错误!!");
}
}
#endregion
#region 完成权限添加
public ActionResult AddActionInfo(ActionInfo actionInfo)
{
actionInfo.DelFlag = 0;
actionInfo.ModifiedOn = DateTime.Now.ToString();
actionInfo.SubTime = DateTime.Now;
actionInfo.Url = actionInfo.Url.ToLower();
ActionInfoService.AddEntity(actionInfo);
return Content("ok");
}
#endregion
}