设计方向:
1.摒弃SiteMap,避免在容易书写错误的sitemap中书写,导航在controller和action上打标签生成。
2.controller统一继承basecontroller,在basecontroller上统一权限拦截。
3.使用缓存保存权限列表,避免反复读取数据库。
4.使用Elinq作为ORM工具
5.使用页面部分试图权限
一. 获取权限视图缓存列表
/// <summary>
/// 获取权限视图缓存列表
/// </summary>
/// <returns></returns>
public static List<AuthModel> GetAuthCache()
{
List<AuthModel> viewRoleGroup;
string key = "ViewAuthList";
if (HttpRuntime.Cache[key] != null)
{
viewRoleGroup = (List<AuthModel>)HttpRuntime.Cache[key];
}
else
{
viewRoleGroup = ElinqHelper.List<AuthModel>().Where(p => p.ID > 0).ToList();
}
return viewRoleGroup; }
/// 获取权限视图缓存列表
/// </summary>
/// <returns></returns>
public static List<AuthModel> GetAuthCache()
{
List<AuthModel> viewRoleGroup;
string key = "ViewAuthList";
if (HttpRuntime.Cache[key] != null)
{
viewRoleGroup = (List<AuthModel>)HttpRuntime.Cache[key];
}
else
{
viewRoleGroup = ElinqHelper.List<AuthModel>().Where(p => p.ID > 0).ToList();
}
return viewRoleGroup; }
二.权限判断业务逻辑
//权限判断业务逻辑
protected virtual bool AuthorizeCore(ActionExecutingContext filterContext, bool isViewPage)
{
HttpCookie cookie = System.Web.HttpContext.Current.Request.Cookies.Get("userCookie");
if (cookie != null)
{
HttpContext.Current.Session["name"] = cookie.Values["name"];
HttpContext.Current.Session["zu"] = cookie.Values["zu"];
}
if (HttpContext.Current.Session["name"] == null) return false;
if (HttpContext.Current.Session["name"].ToString() == "admin") return true;
if (filterContext.HttpContext == null) throw new ArgumentNullException("httpContext");
var controllerName = filterContext.RouteData.Values["controller"].ToString();
var actionName = filterContext.RouteData.Values["action"].ToString();
var list = GetCache.GetAuthCache();
var grouplist = list.FirstOrDefault(p => p.CONTROLLERNAME == controllerName && p.ACTIONNAME == actionName).GROUPISLIST;
var group = Convert.ToDecimal(HttpContext.Current.Session["zu"]);
if (grouplist.Contains(group))return true;
return false; }
protected virtual bool AuthorizeCore(ActionExecutingContext filterContext, bool isViewPage)
{
HttpCookie cookie = System.Web.HttpContext.Current.Request.Cookies.Get("userCookie");
if (cookie != null)
{
HttpContext.Current.Session["name"] = cookie.Values["name"];
HttpContext.Current.Session["zu"] = cookie.Values["zu"];
}
if (HttpContext.Current.Session["name"] == null) return false;
if (HttpContext.Current.Session["name"].ToString() == "admin") return true;
if (filterContext.HttpContext == null) throw new ArgumentNullException("httpContext");
var controllerName = filterContext.RouteData.Values["controller"].ToString();
var actionName = filterContext.RouteData.Values["action"].ToString();
var list = GetCache.GetAuthCache();
var grouplist = list.FirstOrDefault(p => p.CONTROLLERNAME == controllerName && p.ACTIONNAME == actionName).GROUPISLIST;
var group = Convert.ToDecimal(HttpContext.Current.Session["zu"]);
if (grouplist.Contains(group))return true;
return false; }
三.权限拦截
[newAuthorizeFilterAttribute]
public class BaseController : Controller
{
protected override void OnException(ExceptionContext filterContext)
{
filterContext.Controller.ViewData["ErrorMessage"] = filterContext.Exception.Message;
filterContext.Result = new ViewResult()
{
ViewName = "Error",
ViewData = filterContext.Controller.ViewData,
};
filterContext.ExceptionHandled = true;
} }
public class BaseController : Controller
{
protected override void OnException(ExceptionContext filterContext)
{
filterContext.Controller.ViewData["ErrorMessage"] = filterContext.Exception.Message;
filterContext.Result = new ViewResult()
{
ViewName = "Error",
ViewData = filterContext.Controller.ViewData,
};
filterContext.ExceptionHandled = true;
} }
四.更新权限列表
[Description("更新权限列表")]
public ActionResult UpAuthList()
{
var count = 0;
var result = GetActionPermission.GetAllActionByAssembly().Where(p => !(p.ActionMethod is HttpPostAttribute));
var dbConfiguration = ElinqHelper.dbConfiguration;
ElinqHelper.AddClass<AuthModel>();
using (var ctx = dbConfiguration.CreateDbContext())
{
var q = ctx.Set<AuthModel>();
var sqlResult = q.Where(p => p.ID > 0);
foreach (var item in result)
{
var newId = ElinqHelper.NextVal("SQ_AUTH");
var auth = sqlResult.FirstOrDefault(p => p.CONTROLLERNAME == item.ControllerName
&& p.ACTIONNAME == item.ActionName);
if (auth != null)
{
if (string.IsNullOrEmpty(auth.CONTROLLERNAME) || string.IsNullOrEmpty(auth.ACTIONNAME)) break;
if (auth.DESCRIPTION != item.Description)
{
if (q.Update(new { DESCRIPTION = item.Description, LASTTIME = DateTime.Now }, p => p.ID == auth.ID) > 0) count++;
}
}
else
{
AuthModel model = new AuthModel
{
ID = newId,
CONTROLLERNAME = item.ControllerName,
ACTIONNAME = item.ActionName,
DESCRIPTION = item.Description,
LASTTIME = DateTime.Now
};
if (q.Insert(model) > 0)
{
newId++;
count++;
}
}
}
}
return Content("成功更新" + count.ToString() + "个");}
public ActionResult UpAuthList()
{
var count = 0;
var result = GetActionPermission.GetAllActionByAssembly().Where(p => !(p.ActionMethod is HttpPostAttribute));
var dbConfiguration = ElinqHelper.dbConfiguration;
ElinqHelper.AddClass<AuthModel>();
using (var ctx = dbConfiguration.CreateDbContext())
{
var q = ctx.Set<AuthModel>();
var sqlResult = q.Where(p => p.ID > 0);
foreach (var item in result)
{
var newId = ElinqHelper.NextVal("SQ_AUTH");
var auth = sqlResult.FirstOrDefault(p => p.CONTROLLERNAME == item.ControllerName
&& p.ACTIONNAME == item.ActionName);
if (auth != null)
{
if (string.IsNullOrEmpty(auth.CONTROLLERNAME) || string.IsNullOrEmpty(auth.ACTIONNAME)) break;
if (auth.DESCRIPTION != item.Description)
{
if (q.Update(new { DESCRIPTION = item.Description, LASTTIME = DateTime.Now }, p => p.ID == auth.ID) > 0) count++;
}
}
else
{
AuthModel model = new AuthModel
{
ID = newId,
CONTROLLERNAME = item.ControllerName,
ACTIONNAME = item.ActionName,
DESCRIPTION = item.Description,
LASTTIME = DateTime.Now
};
if (q.Insert(model) > 0)
{
newId++;
count++;
}
}
}
}
return Content("成功更新" + count.ToString() + "个");}
五.导航
public static MvcHtmlString GetWebPath(this HtmlHelper html, string itemTemplate)
{
var sb = new StringBuilder();
var controllerList = GetCache.GetControllerCache();
var menu = GetCache.GetActionCache()
.Where(p => p.Attrs.Count(q => q.TypeId.ToString() == "MvcApplication.Controllers.Menu") > 0);
CurrentUser currentuser = new CurrentUser();
if (currentuser.ActionPermission == null)
return MvcHtmlString.Create(sb.ToString());
foreach (var controller in controllerList)
{
if (currentuser.ActionPermission != null)
{
var list = currentuser.ActionPermission.Where(p => p.CONTROLLERNAME == controller.ControllerName && p.CONTROLLERNAME != "Home");
foreach (var item in list)
{
var result = menu.FirstOrDefault(p => p.ActionName == item.ACTIONNAME && p.ControllerName == item.CONTROLLERNAME);
if (result != null)
{
sb.Append(itemTemplate.Replace("{0}", result.ControllerName).Replace("{1}", result.ActionName).Replace("{2}",
controller.Description));
break;
}
}
}
}
return MvcHtmlString.Create(sb.ToString());}
{
var sb = new StringBuilder();
var controllerList = GetCache.GetControllerCache();
var menu = GetCache.GetActionCache()
.Where(p => p.Attrs.Count(q => q.TypeId.ToString() == "MvcApplication.Controllers.Menu") > 0);
CurrentUser currentuser = new CurrentUser();
if (currentuser.ActionPermission == null)
return MvcHtmlString.Create(sb.ToString());
foreach (var controller in controllerList)
{
if (currentuser.ActionPermission != null)
{
var list = currentuser.ActionPermission.Where(p => p.CONTROLLERNAME == controller.ControllerName && p.CONTROLLERNAME != "Home");
foreach (var item in list)
{
var result = menu.FirstOrDefault(p => p.ActionName == item.ACTIONNAME && p.ControllerName == item.CONTROLLERNAME);
if (result != null)
{
sb.Append(itemTemplate.Replace("{0}", result.ControllerName).Replace("{1}", result.ActionName).Replace("{2}",
controller.Description));
break;
}
}
}
}
return MvcHtmlString.Create(sb.ToString());}
六.页面代码块级权限设计
public static HelperResult RoleHtmlTags(this HtmlHelper htmlHelper, string action, Func<string, HelperResult> template)
{
var controller = HttpContext.Current.Request.RequestContext.RouteData.Values["controller"].ToString();
CurrentUser currentuser = new CurrentUser();
var auth = currentuser.ActionPermission.Count(p => p.CONTROLLERNAME == controller && p.ACTIONNAME == action);
if (auth > 0)
{
return new HelperResult(writer =>
{
writer.Write(template.Invoke(null));
});
}
else
{
return null;
}
}
页面使用方法
@Html.RoleHtmlTags("WorkLogEdit", @<span>@Html.ActionLink("编辑", "WorkLogEdit", new { id = dt.id })<span>|</span></span>)