1 namespace QS.Web.Extensions 2 { 3 /// <summary> 4 /// 验证session、权限 状态 5 /// </summary> 6 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)] 7 public class RequestFilterAttribute : ActionFilterAttribute 8 { 9 public override void OnActionExecuting(ActionExecutingContext filterContext) 10 { 11 FilterAttributesInfo attributes = filterContext.GetExecutingContext(); 12 13 switch (attributes.Action.ToUpper()) 14 { 15 case "LOGIN": 16 case "LOGINVALID": 17 case "LOGOUT": break; 18 default: 19 //session验证 20 var sessionUserInfo = filterContext.HttpContext.Session[SystemConsts.AdminSession.ToString()]; 21 if (null == sessionUserInfo) 22 { 23 var url = new UrlHelper(filterContext.RequestContext); 24 var routeUrl = url.Action("Login", "Account", new { ErrorMsg = "用户信息丢失!" }); 25 filterContext.Result = new RedirectResult(routeUrl); 26 } 27 else 28 { 29 //参数非空验证 30 foreach (var param in attributes.ParameterArray) 31 { 32 param.ParameterName.CheckNotNullOrEmpty(param.ParameterName); 33 } 34 //权限验证 35 var permissions = filterContext 36 .HttpContext 37 .Session[SystemConsts.AdminRolePermissions.ToString()] 38 as List<SystemUserPermissionDto>; 39 if (!permissions.Any(x => 40 x.ControllerName.ToLower() == attributes.Controller.ToLower() && 41 x.ActionName.ToLower() == attributes.Action.ToLower())) 42 { 43 filterContext.Result = new ContentResult() { Content = "invalid operation :no permission" }; 44 } 45 } 46 break; 47 } 48 base.OnActionExecuting(filterContext); 49 } 50 } 51 }
相关文章: