namespace QS.Web.Extensions
{
/// <summary>
/// 验证session、权限 状态
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
public class RequestFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
FilterAttributesInfo attributes = filterContext.GetExecutingContext(); switch (attributes.Action.ToUpper())
{
case "LOGIN":
case "LOGINVALID":
case "LOGOUT": break;
default:
//session验证
var sessionUserInfo = filterContext.HttpContext.Session[SystemConsts.AdminSession.ToString()];
if (null == sessionUserInfo)
{
var url = new UrlHelper(filterContext.RequestContext);
var routeUrl = url.Action("Login", "Account", new { ErrorMsg = "用户信息丢失!" });
filterContext.Result = new RedirectResult(routeUrl);
}
else
{
//参数非空验证
foreach (var param in attributes.ParameterArray)
{
param.ParameterName.CheckNotNullOrEmpty(param.ParameterName);
}
//权限验证
var permissions = filterContext
.HttpContext
.Session[SystemConsts.AdminRolePermissions.ToString()]
as List<SystemUserPermissionDto>;
if (!permissions.Any(x =>
x.ControllerName.ToLower() == attributes.Controller.ToLower() &&
x.ActionName.ToLower() == attributes.Action.ToLower()))
{
filterContext.Result = new ContentResult() { Content = "invalid operation :no permission" };
}
}
break;
}
base.OnActionExecuting(filterContext);
}
}
}
其中涉及到获取 filterContext的方法类如下:
// -----------------------------------------------------------------------
// <copyright file="FilterAttributesInfo.cs" company="技术支持——谭明超">
// Copyright (c) 2016 QS.Web.Extensions. All rights reserved.
// </copyright>
// <last-editor>谭明超</last-editor>
// <last-date>2016/8/2 18:37:01</last-date>
// ----------------------------------------------------------------------- using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc; namespace QS.Web.Extensions
{
/// <summary>
/// 互殴去
/// </summary>
public class FilterAttributesInfo
{
/// <summary>
/// 控制器名称
/// </summary>
public string Controller { get; set; }
/// <summary>
/// 方法名称
/// </summary>
public string Action { get; set; }
/// <summary>
/// route参数
/// </summary>
public ParameterDescriptor[] ParameterArray { get; set; } } /// <summary>
/// 获取 filter filterContext的相关属性
/// </summary>
public static class FilterAttributeExtension
{
/// <summary>
/// 获取当前filterContext的相关属性
/// </summary>
/// <param name="filterContext"></param>
/// <returns></returns>
public static FilterAttributesInfo GetExecutingContext(this ActionExecutingContext filterContext)
{
return new FilterAttributesInfo
{
Controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
Action = filterContext.ActionDescriptor.ActionName,
ParameterArray = filterContext.ActionDescriptor.GetParameters()
};
}
} }