From 0989b76c1b0d0dbbc77bd5ebd58bd3e3fbcd9ac2 Mon Sep 17 00:00:00 2001
From: tengge1 <930372551@qq.com>
Date: Sat, 26 Oct 2019 20:39:21 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E9=AA=8C=E8=AF=81=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ShadowEditor.Server/Base/ApiAuthAttribute.cs | 68 +++++++++-----------
 ShadowEditor.Server/Helpers/UserHelper.cs    |  4 ++
 2 files changed, 33 insertions(+), 39 deletions(-)

diff --git a/ShadowEditor.Server/Base/ApiAuthAttribute.cs b/ShadowEditor.Server/Base/ApiAuthAttribute.cs
index 6fad18a5..5247365c 100644
--- a/ShadowEditor.Server/Base/ApiAuthAttribute.cs
+++ b/ShadowEditor.Server/Base/ApiAuthAttribute.cs
@@ -7,6 +7,10 @@ using System.Web.Http;
 using System.Web.Http.Controllers;
 using System.Web.Http.Filters;
 using System.Web.Security;
+using ShadowEditor.Model.System;
+using ShadowEditor.Server.Helpers;
+using ShadowEditor.Server.CustomAttribute;
+using Newtonsoft.Json;
 
 namespace ShadowEditor.Server.Base
 {
@@ -22,50 +26,36 @@ namespace ShadowEditor.Server.Base
         /// <param name="actionContext"></param>
         public override void OnActionExecuting(HttpActionContext actionContext)
         {
-            try
+            if (!ConfigHelper.EnableAuthority)
             {
-                // 允许匿名访问
-                if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0)
-                {
-                    base.OnActionExecuting(actionContext);
-                    return;
-                }
-
-                // 获取cookie
-                var cookie = actionContext.Request.Headers.GetCookies();
-                if (cookie == null || cookie.Count < 1)
-                {
-                    DenyAction(actionContext, 301, "登录超时！");
-                    return;
-                }
-
-                // 获取票据
-                FormsAuthenticationTicket ticket = null;
-                foreach (var perCookie in cookie[0].Cookies)
-                {
-                    if (perCookie.Name == FormsAuthentication.FormsCookieName)
-                    {
-                        ticket = FormsAuthentication.Decrypt(perCookie.Value);
-                        break;
-                    }
-                }
-
-                // 验证票据
-                if (ticket == null)
-                {
-                    DenyAction(actionContext, 300, "无权限！");
-                    return;
-                }
-
-                // 验证权限后将获得的用户信息写入Session
-                HttpContext.Current.Items.Add("__userID", ticket.UserData); // 获取登陆时写入cookie的用户ID
-
                 base.OnActionExecuting(actionContext);
+                return;
             }
-            catch
+
+            var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AuthorityAttribute>();
+
+            if (attributes.Count == 0)
             {
-                DenyAction(actionContext, 300, "权限验证出错！");
+                base.OnActionExecuting(actionContext);
+                return;
             }
+
+            // 验证权限
+            var user = UserHelper.GetCurrentUser();
+
+            if (user == null)
+            {
+                DenyAction(actionContext, 301, "Not allowed.");
+                return;
+            }
+
+            if (user.Name == "Administrator")
+            {
+                base.OnActionExecuting(actionContext);
+                return;
+            }
+
+            base.OnActionExecuting(actionContext);
         }
 
         /// <summary>
diff --git a/ShadowEditor.Server/Helpers/UserHelper.cs b/ShadowEditor.Server/Helpers/UserHelper.cs
index 40dacb79..0334aa76 100644
--- a/ShadowEditor.Server/Helpers/UserHelper.cs
+++ b/ShadowEditor.Server/Helpers/UserHelper.cs
@@ -66,6 +66,10 @@ namespace ShadowEditor.Server.Helpers
                 return null;
             }
 
+            // 获取角色信息
+
+            // 获取权限信息
+
             return new UserModel
             {
                 ID = doc["ID"].ToString(),