Action权限验证
1 Action添加特性
[PermissionFilterForJson(Name = "AdvertiserId", ActionName = EaActionNames.广告主相关_广告主上线,Type = (int) EaEnum.LoginType.Advertiser)] public JsonResult AdvertiserEffect(ExEaAdvertiserModel model) { MessageInfo msg = _eaAdvertiserAuditBussiness.Online(base.AccountId, model.AdvertiserId, model.IsHidden, model.IsUpdateOnLineTime); return Json(msg, JsonRequestBehavior.AllowGet); }
2 操作项权限验证,返回Json
public class PermissionFilterForJsonAttribute : PermissionFilterForAttribute { private readonly IPermissionManagementBussiness _pms = ObjectFactory.GetInstance<IPermissionManagementBussiness>(); public override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext) { bool premission = false; MessageInfo msg = new MessageInfo {Status = MessageStatus.Error, Message = "您没有此项功能的操作权限", Title = "pms"}; try { int id = 0; if (filterContext.ActionParameters.ContainsKey(this.Name)) { id = filterContext.ActionParameters[this.Name].TryInt(); } else { var prop = filterContext.ActionParameters.First().Value.GetType().GetProperty(this.Name); if (prop != null) { var v = prop.GetValue(filterContext.ActionParameters.First().Value, null); if (v != null) { id = Convert.ToInt32(v); } } } switch (this.Type) { case (int) EaEnum.LoginType.Advertiser: premission = _pms.AdvertiserCheckPermission(id, this.AccountId, this.ActionName); break; case (int) EaEnum.LoginType.Media: premission = _pms.MediaCheckPermission(id, this.AccountId, this.ActionName); break; } } catch (Exception e) { msg.Message = e.Message; } if (!premission) { filterContext.Result = new JsonResult { Data = msg, ContentType = "text/json", JsonRequestBehavior = JsonRequestBehavior.AllowGet }; } } }
3 面包屑权限验证,返回View
public class PermissionFilterForViewAttribute : PermissionFilterForAttribute { private readonly IPermissionManagementBussiness _pms = ObjectFactory.GetInstance<IPermissionManagementBussiness>(); public override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext) { bool premission = _pms.CheckPms(this.AccountId, this.ActionName); if (!premission) { filterContext.Result = new RedirectResult("/AccountLogin/NoURL"); } } }
4 特性参数
public class PermissionFilterForAttribute : ActionFilterAttribute { /// <summary> /// 类型【广告主/媒体主】 /// </summary> public int Type { get; set; } /// <summary> /// 动作名称 /// </summary> public string ActionName { get; set; } /// <summary> /// 是否只校验CMS权限,不校验资源权限 /// </summary> public bool IsCheckCmsOnly { get; set; } /// <summary> /// 当前登录用户ID /// </summary> public int AccountId { get { if (HttpContext.Current.User != null && HttpContext.Current.User.Identity.IsAuthenticated) return ((EAIdentity)HttpContext.Current.User.Identity).AccountId; else return 0; } } /// <summary> /// 匹配不统一的广告主/媒体主命名 /// </summary> private string _name; public string Name { get { if (string.IsNullOrEmpty(_name)) { _name = this.Type == (int) EaEnum.LoginType.Advertiser ? "advertiserId" : "mediaId"; } return _name; } set { _name = value; } } }