力软 Learun 是如何验证权限的
艾泽语
管理员密码 system 0000
[HandlerLogin(FilterMode.Enforce)]
public abstract class MvcControllerBase : Controller
D:\BaiduNetdiskDownload\010-力软框架官方版本源码\010-力软框架官方版本源码\release\Learun.Application.Web\App_Start\01 Handler\MvcControllerBase.cs
D:\BaiduNetdiskDownload\010-力软框架官方版本源码\010-力软框架官方版本源码\release\Learun.Application.Web\App_Start\01 Handler\HandlerLoginAttribute.cs
[HandlerLogin(FilterMode.Enforce)]
public abstract class MvcControllerBase : Controller
{
#region 日志操作
/// <summary>
/// 日志对象实体
/// </summary>
private Log _logger;
/// <summary>
/// 日志操作
/// </summary>
public Log Logger
{
get { return _logger ?? (_logger = LogFactory.GetLogger(this.GetType().ToString())); }
}
#endregion
#region 请求响应
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual ActionResult ToJsonResult(object data)
{
return Content(data.ToJson());
}
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="info">消息</param>
/// <returns></returns>
protected virtual ActionResult Success(string info)
{
return Content(new ResParameter { code = ResponseCode.success, info = info, data = new object { } }.ToJson());
}
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual ActionResult SuccessString(string data)
{
return Content(new ResParameter { code = ResponseCode.success, info = "响应成功", data = data }.ToJson());
}
/// <summary>
/// 返回成功数据
/// </summary>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual ActionResult Success(object data)
{
return Content(new ResParameter { code = ResponseCode.success, info = "响应成功", data = data }.ToJson());
}
/// <summary>
/// 返回成功消息
/// </summary>
/// <param name="info">消息</param>
/// <param name="data">数据</param>
/// <returns></returns>
protected virtual ActionResult Success(string info, object data)
{
return Content(new ResParameter { code = ResponseCode.success, info = info, data = data }.ToJson());
}
/// <summary>
/// 带操作日志
/// </summary>
/// <param name="info"></param>
/// <returns></returns>
protected virtual ActionResult Success(string info, string title, OperationType type, string keyValue, string content)
{
OperateLogModel operateLogModel = new OperateLogModel();
operateLogModel.title = title;
operateLogModel.type = type;
operateLogModel.url = (string)WebHelper.GetHttpItems("currentUrl");
operateLogModel.sourceObjectId = keyValue;
operateLogModel.sourceContentJson = content;
OperatorHelper.Instance.WriteOperateLog(operateLogModel);
return Content(new ResParameter { code = ResponseCode.success, info = info, data = new object { } }.ToJson());
}
/// <summary>
/// 返回失败消息
/// </summary>
/// <param name="info">消息</param>
/// <returns></returns>
protected virtual ActionResult Fail(string info)
{
return Content(new ResParameter { code = ResponseCode.fail, info = info }.ToJson());
}
/// <summary>
/// 返回失败消息
/// </summary>
/// <param name="info">消息</param>
/// <param name="data">消息</param>
/// <returns></returns>
protected virtual ActionResult Fail(string info, object data)
{
return Content(new ResParameter { code = ResponseCode.fail, info = info, data = data }.ToJson());
}
#endregion
}
}using Learun.Application.Base.AuthorizeModule;
using Learun.Util;
using Learun.Util.Operat;
using System.Web.Mvc;
namespace Learun.Application.Web
{
/// <summary>
/// 版 本 Learun-ADMS V7.0.3 力软敏捷开发框架
/// Copyright (c) 2013-2018 上海力软信息技术有限公司
/// 创建人:力软-框架开发组
/// 日 期:2017.03.08
/// 描 述:登录认证(会话验证组件)
/// </summary>
public class HandlerLoginAttribute : AuthorizeAttribute
{
private DataAuthorizeIBLL dataAuthorizeIBLL = new DataAuthorizeBLL();
private FilterMode _customMode;
/// <summary>默认构造</summary>
/// <param name="Mode">认证模式</param>
public HandlerLoginAttribute(FilterMode Mode)
{
_customMode = Mode;
}
/// <summary>
/// 响应前执行登录验证,查看当前用户是否有效
/// </summary>
/// <param name="filterContext"></param>
public override void OnAuthorization(AuthorizationContext filterContext)
{
// 登录拦截是否忽略
if (_customMode == FilterMode.Ignore)
{
return;
}
var request = filterContext.HttpContext.Request;
string account = "";
if (!request.Headers["account"].IsEmpty())
{
account = request.Headers["account"].ToString();
}
var areaName = filterContext.RouteData.DataTokens["area"] + "/"; //获取当前区域
var controllerName = filterContext.RouteData.Values["controller"] + "/"; //获取控制器
var action = filterContext.RouteData.Values["Action"]; //获取当前Action
string currentUrl = "/" + areaName + controllerName + action; //拼接构造完整url
WebHelper.AddHttpItems("currentUrl", currentUrl);
var _currentUrl = WebHelper.GetHttpItems("currentUrl");
if (_currentUrl.IsEmpty())
{
WebHelper.AddHttpItems("currentUrl", currentUrl);
}
else
{
WebHelper.UpdateHttpItem("currentUrl", currentUrl);
}
// 验证登录状态
int res = OperatorHelper.Instance.IsOnLine(account).stateCode;
if (res != 1)// 登录过期或者未登录
{
if (res == 2)
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new ContentResult { Content = new ResParameter { code = ResponseCode.nologin, info = "other" }.ToJson() };
}
else
{
filterContext.Result = new RedirectResult("~/Login/Index?error=other");
}
return;
}
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new ContentResult { Content = new ResParameter { code = ResponseCode.nologin, info = "nologin" }.ToJson() };
}
else
{
filterContext.Result = new RedirectResult("~/Login/Index");
}
return;
}
// IP过滤
if (!this.FilterIP())
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new ContentResult { Content = new ResParameter { code = ResponseCode.nologin, info = "noip" }.ToJson() };
}
else
{
filterContext.Result = new RedirectResult("~/Login/Index?error=ip");
}
return;
}
// 时段过滤
if (!this.FilterTime())
{
if (filterContext.RequestContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new ContentResult { Content = new ResParameter { code = ResponseCode.nologin, info = "notime" }.ToJson() };
}
else
{
filterContext.Result = new RedirectResult("~/Login/Index?error=time");
}
return;
}
// 判断当前接口是否需要加载数据权限
if (!this.DataAuthorize(currentUrl))
{
filterContext.Result = new ContentResult { Content = new ResParameter { code = ResponseCode.fail, info = "没有该数据权限" }.ToJson() };
return;
}
}
/// <summary>
/// IP过滤
/// </summary>
/// <returns></returns>
private bool FilterIP()
{
bool isFilterIP = Config.GetValue("FilterIP").ToBool();
if (isFilterIP == true)
{
return new FilterIPBLL().FilterIP();
}
return true;
}
/// <summary>
/// 时段过滤
/// </summary>
/// <returns></returns>
private bool FilterTime()
{
bool isFilterIP = Config.GetValue("FilterTime").ToBool();
if (isFilterIP == true)
{
return new FilterTimeBLL().FilterTime();
}
return true;
}
/// <summary>
/// 执行权限认证
/// </summary>
/// <param name="currentUrl">当前连接</param>
/// <returns></returns>
private bool DataAuthorize(string currentUrl)
{
return dataAuthorizeIBLL.SetWhereSql(currentUrl,false);
}
}
}
类似资料: