bootstrap adminlte教程4-2:实现文章的阅读权限的问题(前台checkbox读出角色列表选择)
要实现的方法很简单,就是 cmscontent表中有一个字段是cmspression,就是用来看角色包含 不包含 。
1.CmsContentsController中先要上面上先引用role管理的方法
private RoleManager _roleManager;
public RoleManager RoleManager
{
get
{
return _roleManager ?? HttpContext.GetOwinContext().Get<RoleManager>();
}
private set
{
_roleManager = value;
}
}
然后在Creat方法的GET中代码如下
// GET: CmsContents/Create
public ActionResult Create()
{
ViewBag.drolistmenu = db.CmsColumns.Select(g => new SelectListItem
{
Text = g.Name,
Value = g.Id.ToString(),
Selected = false
});
var roleList = RoleManager.Roles.Select(c => new { rolename=c.Name, rolename2=c.Name }).ToList(); ///取出ROLE表的数据,我全是角色名作参数
ViewBag.rolelist1 = new MultiSelectList(roleList, "rolename", "rolename2"); //生成MultiSelectList格式的veiwbag
return View(); }
前台进行更改
@model jsdhh2.Models.CmsContent
@{
ViewBag.Title = "Create"; Layout = "~/Views/Shared/_AdminLayout.cshtml";
}
<!-- Content Header (Page header) -->
<section class="content-header">
<h1>
新建文章
<small>注意选择正确的栏目</small>
</h1>
<ol class="breadcrumb">
<li><a href="#"><i class="fa fa-dashboard"></i> Level</a></li>
<li class="active">Here</li>
</ol>
</section>
<!--end Content Header (Page header) -->
<h1></h1>
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
@Html.ActionLink("返回", "Index", "", new { @class = "btn btn-warning" })
</div>
<div class="panel-body">
@using (Html.BeginForm())
{
@Html.AntiForgeryToken()
<div class="form-horizontal">
<h4>发表文章</h4>
<hr />
@Html.ValidationSummary(true, "", new { @class = "text-danger" })
<div class="form-group">
<div class="control-label col-md-2">请选择栏目</div>
<div class="col-md-10">
@Html.DropDownList("ColumnId", new SelectList(ViewBag.drolistmenu, "Value", "Text"), "请选择")
@Html.ValidationMessageFor(model => model.ColumnId, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="control-label col-md-2">标题</div>
<div class="col-md-10">
@Html.EditorFor(model => model.Title, new { htmlAttributes = new { @class = "form-control" } })
@Html.ValidationMessageFor(model => model.Title, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="control-label col-md-2">请输入内容</div>
<div class="col-md-10">
@Html.EditorFor(model => model.Contents, new { htmlAttributes = new { @class = "form-control" } })
@Html.ValidationMessageFor(model => model.Contents, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="control-label col-md-2">请选择授权阅读人</div>
<div class="col-md-10">
@Html.CheckBox("All", true)全选
@foreach (var item in (MultiSelectList)ViewBag.rolelist1)
{
@*@Html.CheckBox("sefe",item.Value)@item.Value*@
@Html.CheckBox(@item.Value, false)@item.Value
@*<input type="checkbox" name="selectRole" value=@item.Value id=@item.Value/>@item.Value*@
})
@*@Html.EditorFor(model => model.CmsPermission, new { htmlAttributes = new { @class = "form-control" } })*@
@Html.ValidationMessageFor(model => model.CmsPermission, "", new { @class = "text-danger" })
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="发表" class="btn btn-success" />
</div>
</div>
</div>
}
</div>
</div>
</div>
注意我增另了一个全选,要是新建文章不取消,那么就写一个ALL进去。
在Creat 方法的POST代码
// POST: CmsContents/Create
// 为了防止“过多发布”攻击,请启用要绑定到的特定属性,有关
// 详细信息,请参阅 https://go.microsoft.com/fwlink/?LinkId=317598。
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Create([Bind(Include = "ColumnId,Title,Contents,CmsPermission")] CmsContent cmsContent, FormCollection form)
{
var dt = DateTime.Now;
string str = dt.ToString("yyyyMMddHHmmss");
cmsContent.Id = str;
cmsContent.CreatUser = Session["username"].ToString();
cmsContent.PcIp = Request.UserHostAddress;
cmsContent.CreatUser = Session["username"].ToString();
cmsContent.ReplyCount =0;
cmsContent.CreatTime = DateTime.Now;
var winnars = from x in form.AllKeys ///选择所有的传进来的form
//var winnars = from x in form["selectRole"]
where form[x] != "false"
select x;
string Lstring = "";
//foreach (var id in winnars)
foreach(var id in winnars)
{
Lstring = Lstring + id + ",";
}
cmsContent.CmsPermission = Lstring;
if (ModelState.IsValid)
{
db.CmsContents.Add(cmsContent);
await db.SaveChangesAsync();
return RedirectToAction("Index");
}
return View(cmsContent);
}
这样新建的时候的样子
查看详细。
发现他写入了一起其他控件的name进来。处理了一天没搞好,我的水平,实在郁闷。。
先就中止了。
2.进行查看页面的权限管理
在Details方法中进行分析
// GET: CmsContents/Details/5
public async Task<ActionResult> Details(string id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
CmsContent cmsContent = await db.CmsContents.FindAsync(id);
if (cmsContent == null)
{
return HttpNotFound();
}
string ifrolename = Session["role"].ToString();
if (!cmsContent.CmsPermission.Contains("All")& !cmsContent.CmsPermission.Contains(ifrolename)){ ///这里分析这个字段是否有ALL或角色名。
return View("NoYueDu");
}
return View(cmsContent);
}
5,建一个
NoYueDu的视图,在 CmsContents下面,写上:你没有访问的权限
6.试图访问:
浙公网安备 33010602011771号