From a1db5bc2fd066c25f83d6ab8538def68175e7c83 Mon Sep 17 00:00:00 2001 From: "liuchun_0206@163.com" Date: Thu, 3 Nov 2016 14:19:16 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BA=86=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E5=92=8C=E6=8E=88=E6=9D=83=E7=9A=84=E5=8A=9F=E8=83=BD=EF=BC=9A?= =?UTF-8?q?=E4=BF=AE=E6=94=B9RoleHelper=E5=92=8CBAAuthorizeAttributes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../App_Start/BAAuthorizeAttribute.cs | 12 ++-- Bootstrap.DataAccess/RoleHelper.cs | 69 +++++++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/Bootstrap.Admin/App_Start/BAAuthorizeAttribute.cs b/Bootstrap.Admin/App_Start/BAAuthorizeAttribute.cs index 53b417f0..5af1f82d 100644 --- a/Bootstrap.Admin/App_Start/BAAuthorizeAttribute.cs +++ b/Bootstrap.Admin/App_Start/BAAuthorizeAttribute.cs @@ -1,7 +1,9 @@ -using System; -using System.Web.Mvc; +using Bootstrap.DataAccess; using Longbow.Security.Principal; using Longbow.Web.Mvc; +using System; +using System.Linq; +using System.Web.Mvc; namespace Bootstrap.Admin { @@ -15,7 +17,8 @@ namespace Bootstrap.Admin { if (filterContext.HttpContext.User.Identity.IsAuthenticated) { - var roles = "Administrators;Users".Split(';'); //RoleHelper.RetrieveRolesByUserName(); + string username = filterContext.HttpContext.User.Identity.Name; + var roles = RoleHelper.RetrieveRolesByUserName(username).Select(r => r.RoleName); filterContext.HttpContext.User = new LgbPrincipal(filterContext.HttpContext.User.Identity, roles); } base.OnAuthorization(filterContext); @@ -27,7 +30,8 @@ namespace Bootstrap.Admin /// protected override bool AuthenticateRole() { - Roles = "Administrators;SupperAdmin"; //RoleHelper.RetrieveRolesByUrl(); + string url = string.Format("~/{0}/{1}", ControllerName, ActionName); + Roles = string.Join(";", RoleHelper.RetrieveRolesByURL(url).Select(r => r.RoleName)); return base.AuthenticateRole(); } /// diff --git a/Bootstrap.DataAccess/RoleHelper.cs b/Bootstrap.DataAccess/RoleHelper.cs index 575c5ea1..d4c3d0e6 100644 --- a/Bootstrap.DataAccess/RoleHelper.cs +++ b/Bootstrap.DataAccess/RoleHelper.cs @@ -355,5 +355,74 @@ namespace Bootstrap.DataAccess } return ret; } + + /// + /// 根据用户名查询某个用户所拥有的角色 + /// 从UserRole表查 + /// 从User-〉Group-〉GroupRole查 + /// + /// + public static IEnumerable RetrieveRolesByUserName(string username) + { + string key = string.Format("{0}{1}", RoleDataKey, username); + return CacheManager.GetOrAdd(key, CacheSection.RetrieveIntervalByKey(RoleDataKey), k => + { + List Roles = new List(); + try + { + string sql = "select r.ID, r.RoleName, r.[Description] from Roles r left join UserRole ur on r.ID =ur.RoleID inner join Users u on ur.UserID=u.ID and u.UserName=@UserName union select r.ID, r.RoleName, r.[Description] from Roles r left join RoleGroup rg on r.ID =rg.RoleID inner join Groups g on rg.GroupID=g.ID left join UserGroup ug on ug.GroupID=g.ID inner join Users u on ug.UserID=u.ID and u.UserName=@UserName"; + DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql); + cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", username, ParameterDirection.Input)); + using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd)) + { + while (reader.Read()) + { + Roles.Add(new Role() + { + ID = (int)reader[0], + RoleName = (string)reader[1], + Description = (string)reader[2], + }); + } + } + } + catch (Exception ex) { ExceptionManager.Publish(ex); } + return Roles; + }, CacheSection.RetrieveDescByKey(RoleDataKey)); + } + /// + /// 根据菜单url查询某个所拥有的角色 + /// 从NavigatorRole表查 + /// 从Navigators-〉GroupNavigatorRole-〉Role查查询某个用户所拥有的角色 + /// + /// + public static IEnumerable RetrieveRolesByURL(string url) + { + string key = string.Format("{0}{1}", RoleDataKey, url); + return CacheManager.GetOrAdd(key, CacheSection.RetrieveIntervalByKey(RoleDataKey), k => + { + string sql = "select r.ID, r.RoleName, r.[Description] from Roles r left join NavigationRole nr on r.ID =nr.RoleID inner join Navigations n on nr.NavigationID =n.ID and n.Url=@URl"; + List Roles = new List(); + try + { + DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql); + cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@URl", url, ParameterDirection.Input)); + using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd)) + { + while (reader.Read()) + { + Roles.Add(new Role() + { + ID = (int)reader[0], + RoleName = (string)reader[1], + Description = (string)reader[2], + }); + } + } + } + catch (Exception ex) { ExceptionManager.Publish(ex); } + return Roles; + }, CacheSection.RetrieveDescByKey(RoleDataKey)); + } } } \ No newline at end of file