archive-gh-me/ShadowEditor
1
0
Fork 0
mirror of https://github.com/tengge1/ShadowEditor.git synced 2026-01-25 15:08:11 +00:00
Code Issues Projects Releases Wiki Activity
ShadowEditor/ShadowEditor.Server/Base/ApiAuthAttribute.cs
tengge1 e6f4a26301 修复bug。
2019-10-27 10:29:50 +08:00

94 lines
2.8 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using System.Web.Security;
using ShadowEditor.Model.System;
using ShadowEditor.Server.Helpers;
using ShadowEditor.Server.CustomAttribute;
using Newtonsoft.Json;
namespace ShadowEditor.Server.Base
{
/// <summary>
/// ApiController权限验证属性
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class ApiAuth : ActionFilterAttribute
{
/// <summary>
/// 权限验证
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (!ConfigHelper.EnableAuthority)
{
base.OnActionExecuting(actionContext);
return;
}
var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AuthorityAttribute>();
if (attributes.Count == 0)
{
base.OnActionExecuting(actionContext);
return;
}
// 验证权限
var user = UserHelper.GetCurrentUser();
if (user == null)
{
DenyAction(actionContext, 301, "Not allowed.");
return;
}
if (user.RoleName == "Administrator") // 管理员组默认有全部权限
{
base.OnActionExecuting(actionContext);
return;
}
// 必须拥有所有接口权限才允许,否则拒绝。
foreach (var i in attributes)
{
if (!user.OperatingAuthorities.Contains(i.Authority))
{
DenyAction(actionContext, 301, "Not allowed.");
return;
}
}
base.OnActionExecuting(actionContext);
}
/// <summary>
/// 处理拒绝访问
/// </summary>
/// <param name="context">上下文环境</param>
/// <param name="code">状态码300-执行出错301-登录超时)</param>
/// <param name="msg">说明</param>
private void DenyAction(HttpActionContext context, int code, string msg)
{
var content = JsonHelper.ToJson(new Result
{
Code = code,
Msg = msg
});
// 不要通过StatusCode判断是否执行成功通过Content。
context.Response = new HttpResponseMessage
{
StatusCode = HttpStatusCode.OK,
Content = new StringContent(content, Encoding.UTF8, "application/json")
};
}
}
}
Reference in New Issue View Git Blame Copy Permalink