在Mvc中使用自定义属性进行权限判断

 

下面的代码参考了  AuthorizeAttribute  ,  实际中 if (!AuthorizeCore()) {。。。。。} 的代码根据实际情况进行改写,如自动跳转至登录,或我现在在DWZ中可以返回 JSON格式的数据等。

这样,至少可以做的是少写没必要的很多重复的代码了。

少写几行代码比什么都重要。

 /// <summary>
    /// 自定权限操作的方法 , added by zbw911
    /// <example> [AllowPurviews] 至少要求登录</example>
    /// </summary>
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
    public sealed class AllowPurviewsAttribute : ActionFilterAttribute
    {
        private string _purviews;

        private string[] _purviewsSplit = new string[0];
        public string Purviews
        {
            get { return _purviews; }
            set
            {
                _purviews = value;
                _purviewsSplit = SplitString(_purviews);
            }
        }

        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }
            if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
            {
                throw new InvalidOperationException("在缓存状态下无法使用此特性");
            }

            var descriptor = filterContext.ActionDescriptor;

            bool allowAnonymous;

            if (!descriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                ControllerDescriptor controllerDescriptor = filterContext.ActionDescriptor.ControllerDescriptor;

                allowAnonymous = controllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);
            }
            else
            {
                allowAnonymous = true;
            }

            if (allowAnonymous)
            {
                return;
            }

            if (!AuthorizeCore())
            {

                var json = new JsonResult();

                json.JsonRequestBehavior = JsonRequestBehavior.AllowGet;
                json.Data = "nono";

                filterContext.Result = json;

            }

        }

        private bool AuthorizeCore()
        {
            if (SessionAll.AdminInfo == null) return false;
            return SessionAll.AdminInfo.PurviewsKeys.Any(x => this._purviewsSplit.Contains(x));
        }

        internal static string[] SplitString(string original)
        {
            if (string.IsNullOrEmpty(original))
            {
                return new string[0];
            }
            IEnumerable<string> source =
                from piece in original.Split(new char[]
                {
                    ','
                })
                let trimmed = piece.Trim()
                where !string.IsNullOrEmpty(trimmed)
                select trimmed;
            return source.ToArray<string>();
        }
    }
posted @ 2013-01-08 18:20  张保维  阅读(360)  评论(0编辑  收藏  举报