[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)] public class PowerAttribute : FilterAttribute, IActionFilter { public void OnActionExecuted(ActionExecutedContext filterContext) { //throw new NotImplementedException(); } /// <summary> /// 權限標示名 /// </summary> public string PowerName { get; set; } /// <summary> /// 是否超級管理員應用 /// </summary> public bool IsSuper = false; PRotected User LoginUser = null; protected PowerConfig Power = null; public IPowerConfigService powerConfigService = AutofacDependencyResolver.Current.applicationContainer.Resolve<IPowerConfigService>(); public void OnActionExecuting(ActionExecutingContext filterContext) { LoginUser = CacheHelper.GetCache(Constant.CacheKey.LoginUserInfoCacheKey + "_" + filterContext.HttpContext.User.Identity.Name) as User; bool b = false; if (IsSuper == false) { //非超級管理員專屬操作 //權限id集合 string[] acts = LoginUser.Role.ActionIds.Split(','); Power = CacheHelper.GetCache(Constant.CacheKey.PowerConfigCacheKey) as PowerConfig; if (Power == null) { Power = powerConfigService.LoadConfig(Constant.PowerConfigPath); CacheHelper.SetCache(Constant.CacheKey.PowerConfigCacheKey, Power); } try { if (Power != null) { var p = Power.PowerList.FirstOrDefault(t => t.Name == PowerName); if (p != null) { if (acts.Contains(p.Id.ToString())) { //存在權限 b = true; } } } } catch { b = false; } } //超級管理員都可以使用 if (LoginUser.IsSuperUser) { b = true; } #region 無權限執行 if (b == false) { //無權限執行 if (filterContext.HttpContext.Request.IsAjaxRequest()) { //filterContext.Result = new JsonResult() { // Data = new { pass = false, error = "無權訪問" }, // JsonRequestBehavior=JsonRequestBehavior.AllowGet //}; filterContext.Result = new ContentResult() { Content = "無權訪問", ContentEncoding = Encoding.UTF8 }; } else { filterContext.Controller.ViewData["ErrorMessage"] = "無權訪問";//filterContext.Exception.Message + " 親!您犯錯了哦!";//得到報錯的內容 filterContext.Result = new ViewResult()//new一個url為Error視圖 { ViewName = "Error",/*在Shard文件夾下*/ ViewData = filterContext.Controller.ViewData//view視圖的屬性中的viewdata被賦值 }; } } #endregion } }
使用這個過濾攔截各種action的訪問,做到權限的顆粒化,使用時候直接在action或者controller的頭部加[Power(IsSuper=true,PowerName="權限名")],IsSuper是針對系統超級管理員設計,判斷action是否為系統級別的action,一般是配置或者高權限的action使用,普通可以不寫,或者為false。
power的參數配置我放到了兩個地方,一個數據庫,另一個是config文件,數據庫可以通過我設計的導出,直接變成config。在運行時候根據角色的actionId去配置文件中取出ID對應的powername,然后根據powename進行判斷(powername可以重復,有利于action的細化分組)
<?xml version="1.0"?><PowerConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <PowerGroupList> <PowerGroup> <GroupName>操作組一</GroupName> <Id>1</Id> </PowerGroup> <PowerGroup> <GroupName>操作組二</GroupName> <Id>2</Id> </PowerGroup> </PowerGroupList> <PowerList> <Power> <ParamStr>/cms/1234</ParamStr> <Name>統計</Name> <GroupId>1</GroupId> <Id>2</Id> </Power> <Power> <ParamStr>/cms/12345</ParamStr> <Name>介紹</Name> <GroupId>1</GroupId> <Id>3</Id> </Power> <Power> <ParamStr>/links/123</ParamStr> <Name>友情鏈接</Name> <GroupId>1</GroupId> <Id>7</Id> </Power> <Power> <ParamStr>/cms/123</ParamStr> <Name>合作單位</Name> <GroupId>1</GroupId> <Id>8</Id> </Power> <Power> <ParamStr>/proj</ParamStr> <Name>產品展示</Name> <GroupId>1</GroupId> <Id>9</Id> </Power> <Power> <ParamStr>/message</ParamStr> <Name>客戶留言</Name> <GroupId>1</GroupId> <Id>10</Id> </Power> <Power> <ParamStr>/gundong</ParamStr> <Name>滾動圖</Name> <GroupId>1</GroupId> <Id>11</Id> </Power> <Power> <ParamStr>/guangao</ParamStr> <Name>廣告位</Name> <GroupId>1</GroupId> <Id>12</Id> </Power> <Power> <ParamStr>/cms/123</ParamStr> <Name>文章</Name> <GroupId>2</GroupId> <Id>1</Id> </Power> <Power> <ParamStr>/admin/ActionAdd</ParamStr> <Name>文章查看</Name> <GroupId>2</GroupId> <Id>4</Id> </Power> <Power> <ParamStr>/cms/12</ParamStr> <Name>文章刪除</Name> <GroupId>2</GroupId> <Id>5</Id> </Power> <Power> <ParamStr>/cms/123</ParamStr> <Name>文章修改</Name> <GroupId>2</GroupId> <Id>6</Id> </Power> </PowerList></PowerConfig>
上面就是生成的config,運行時候會加載到緩存,提高性能。他的生成是基于,Action和ActionGroup的,而Action和ActionGroup數據會存儲到數據庫,可以可視化添加。
新聞熱點
疑難解答
