增加了认证和授权的功能:修改RoleHelper和BAAuthorizeAttributes
This commit is contained in:
parent
b74a37aad3
commit
a1db5bc2fd
|
@ -1,7 +1,9 @@
|
||||||
using System;
|
using Bootstrap.DataAccess;
|
||||||
using System.Web.Mvc;
|
|
||||||
using Longbow.Security.Principal;
|
using Longbow.Security.Principal;
|
||||||
using Longbow.Web.Mvc;
|
using Longbow.Web.Mvc;
|
||||||
|
using System;
|
||||||
|
using System.Linq;
|
||||||
|
using System.Web.Mvc;
|
||||||
|
|
||||||
namespace Bootstrap.Admin
|
namespace Bootstrap.Admin
|
||||||
{
|
{
|
||||||
|
@ -15,7 +17,8 @@ namespace Bootstrap.Admin
|
||||||
{
|
{
|
||||||
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
|
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
|
||||||
{
|
{
|
||||||
var roles = "Administrators;Users".Split(';'); //RoleHelper.RetrieveRolesByUserName();
|
string username = filterContext.HttpContext.User.Identity.Name;
|
||||||
|
var roles = RoleHelper.RetrieveRolesByUserName(username).Select(r => r.RoleName);
|
||||||
filterContext.HttpContext.User = new LgbPrincipal(filterContext.HttpContext.User.Identity, roles);
|
filterContext.HttpContext.User = new LgbPrincipal(filterContext.HttpContext.User.Identity, roles);
|
||||||
}
|
}
|
||||||
base.OnAuthorization(filterContext);
|
base.OnAuthorization(filterContext);
|
||||||
|
@ -27,7 +30,8 @@ namespace Bootstrap.Admin
|
||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
protected override bool AuthenticateRole()
|
protected override bool AuthenticateRole()
|
||||||
{
|
{
|
||||||
Roles = "Administrators;SupperAdmin"; //RoleHelper.RetrieveRolesByUrl();
|
string url = string.Format("~/{0}/{1}", ControllerName, ActionName);
|
||||||
|
Roles = string.Join(";", RoleHelper.RetrieveRolesByURL(url).Select(r => r.RoleName));
|
||||||
return base.AuthenticateRole();
|
return base.AuthenticateRole();
|
||||||
}
|
}
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|
|
@ -355,5 +355,74 @@ namespace Bootstrap.DataAccess
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// 根据用户名查询某个用户所拥有的角色
|
||||||
|
/// 从UserRole表查
|
||||||
|
/// 从User-〉Group-〉GroupRole查
|
||||||
|
/// </summary>
|
||||||
|
/// <returns></returns>
|
||||||
|
public static IEnumerable<Role> RetrieveRolesByUserName(string username)
|
||||||
|
{
|
||||||
|
string key = string.Format("{0}{1}", RoleDataKey, username);
|
||||||
|
return CacheManager.GetOrAdd(key, CacheSection.RetrieveIntervalByKey(RoleDataKey), k =>
|
||||||
|
{
|
||||||
|
List<Role> Roles = new List<Role>();
|
||||||
|
try
|
||||||
|
{
|
||||||
|
string sql = "select r.ID, r.RoleName, r.[Description] from Roles r left join UserRole ur on r.ID =ur.RoleID inner join Users u on ur.UserID=u.ID and u.UserName=@UserName union select r.ID, r.RoleName, r.[Description] from Roles r left join RoleGroup rg on r.ID =rg.RoleID inner join Groups g on rg.GroupID=g.ID left join UserGroup ug on ug.GroupID=g.ID inner join Users u on ug.UserID=u.ID and u.UserName=@UserName";
|
||||||
|
DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql);
|
||||||
|
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@UserName", username, ParameterDirection.Input));
|
||||||
|
using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd))
|
||||||
|
{
|
||||||
|
while (reader.Read())
|
||||||
|
{
|
||||||
|
Roles.Add(new Role()
|
||||||
|
{
|
||||||
|
ID = (int)reader[0],
|
||||||
|
RoleName = (string)reader[1],
|
||||||
|
Description = (string)reader[2],
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception ex) { ExceptionManager.Publish(ex); }
|
||||||
|
return Roles;
|
||||||
|
}, CacheSection.RetrieveDescByKey(RoleDataKey));
|
||||||
|
}
|
||||||
|
/// <summary>
|
||||||
|
/// 根据菜单url查询某个所拥有的角色
|
||||||
|
/// 从NavigatorRole表查
|
||||||
|
/// 从Navigators-〉GroupNavigatorRole-〉Role查查询某个用户所拥有的角色
|
||||||
|
/// </summary>
|
||||||
|
/// <returns></returns>
|
||||||
|
public static IEnumerable<Role> RetrieveRolesByURL(string url)
|
||||||
|
{
|
||||||
|
string key = string.Format("{0}{1}", RoleDataKey, url);
|
||||||
|
return CacheManager.GetOrAdd(key, CacheSection.RetrieveIntervalByKey(RoleDataKey), k =>
|
||||||
|
{
|
||||||
|
string sql = "select r.ID, r.RoleName, r.[Description] from Roles r left join NavigationRole nr on r.ID =nr.RoleID inner join Navigations n on nr.NavigationID =n.ID and n.Url=@URl";
|
||||||
|
List<Role> Roles = new List<Role>();
|
||||||
|
try
|
||||||
|
{
|
||||||
|
DbCommand cmd = DBAccessManager.SqlDBAccess.CreateCommand(CommandType.Text, sql);
|
||||||
|
cmd.Parameters.Add(DBAccessManager.SqlDBAccess.CreateParameter("@URl", url, ParameterDirection.Input));
|
||||||
|
using (DbDataReader reader = DBAccessManager.SqlDBAccess.ExecuteReader(cmd))
|
||||||
|
{
|
||||||
|
while (reader.Read())
|
||||||
|
{
|
||||||
|
Roles.Add(new Role()
|
||||||
|
{
|
||||||
|
ID = (int)reader[0],
|
||||||
|
RoleName = (string)reader[1],
|
||||||
|
Description = (string)reader[2],
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception ex) { ExceptionManager.Publish(ex); }
|
||||||
|
return Roles;
|
||||||
|
}, CacheSection.RetrieveDescByKey(RoleDataKey));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue