简单的MVC 权限管理
花了3天时间研究了下对于 NHibernate+MVC4+bootstrap+Redis(这个是选配只做了登陆测试)+T4 这些都是第一次使用。用着有些生硬权当鼓励下自己,记录下来有空就继续完善。
思路是:扩展AuthorizeAttribute,在Controller里面标识类或方法,来获取档期url地址 判断是否合法访问
首选是框架的结构:
一个简单的三层 ,Libs里面放了nhibernate 和redis的dll
Model 、IDTO、DTO、 IBusiness、Business这几个层都是用T4模板生成
NHibernate.CMS.Framework放了些工具方法
NHibernate.CMS.MVC是 相当于UI展现
结构就大概这样了,主要的几个访问方法IDO文件
/// <summary> /// 基仓储实现的方法 /// </summary> /// <typeparam name="T"></typeparam> public interface IBaseRepository<T> where T : class,new() { //添加 object AddEntities(T entity); object AddEntities(string entityName, object obj); //修改 bool UpdateEntities(T entity); //修改 bool UpdateEntities(string entityName, object obj); //删除 bool DeleteEntities(T entity); //删除 bool DeleteEntities(string entityName, object obj); bool DeleteEntities(string query); bool DeleteEntities(string query, object[] values, Type.IType[] types); //查询 IList<T> LoadEntities(Func<T, bool> wherelambda); IList<T> LoadEntities(string queryString); //分页 IList<T> LoadPagerEntities<S>(int pageSize, int pageIndex, out int total, Func<T, bool> whereLambda, bool isAsc, Func<T, S> orderByLambda); IList<T> LoadPagerEntities<S>(PageResult pagsinfo, out int total, Func<T, bool> whereLambda, bool isAsc, System.Linq.Expressions.Expression<Func<T, object>> orderByLambda); IList<T> LoadPagerEntities<S>(PageResult pagsinfo, out int total, string whereLambda, string orderByLambda); System.Data.DataTable LoadPagerEntities(PageResult pagsinfo, out int total, string whereLambda, string orderByLambda); System.Collections.IList ExecuteSQL(string queryString); //获取实体 T GetSingleModel(T entity,object id); T GetSingleModel(Func<T, bool> wherelambda); }
DTO是实现IDTO的接口
//连接-单例模式 用法2 public class Singleton { private static Singleton _instance = null; private static readonly object lockHelper = new object(); protected ISession m_Session; public ISession SingletonSession { get { return m_Session; } } protected ISessionFactory Singleton_SessionFactory; private Singleton() { string path = NHibernate.CMS.Framework.Utility.AppSettingsHelper.GetString("hibernatecfgxml") + "Config/hibernate.cfg.xml"; //HttpContextBase.GetServerPath("Config/hibernate.cfg.xml"); var config = new Configuration().Configure(path); Singleton_SessionFactory = config.BuildSessionFactory(); m_Session = Singleton_SessionFactory.OpenSession(); } public static Singleton CreateInstance { get { if (_instance == null) { lock (lockHelper) { if (_instance == null) _instance = new Singleton(); } } return _instance; } } } public partial class BaseRepository<T> where T : class { //添加 public object AddEntities(T entity) { try { var id = Singleton.CreateInstance.SingletonSession.Save(entity); Singleton.CreateInstance.SingletonSession.Flush(); return id; } catch (Exception ex) { Console.WriteLine(ex.Message); } return null; } //添加 public object AddEntities(string entityName, object obj) { try { var id = Singleton.CreateInstance.SingletonSession.Save(entityName, obj); Singleton.CreateInstance.SingletonSession.Flush(); return id; } catch (Exception ex) { Console.WriteLine(ex.Message); } return null; } //修改 public bool UpdateEntities(T entity) { try { Singleton.CreateInstance.SingletonSession.Update(entity); Singleton.CreateInstance.SingletonSession.Flush(); return true; } catch (Exception ex) { Console.WriteLine(ex.Message); } return false; } //修改 public bool UpdateEntities(string entityName, object obj) { try { Singleton.CreateInstance.SingletonSession.Update(entityName, obj); Singleton.CreateInstance.SingletonSession.Flush(); return true; } catch (Exception ex) { Console.WriteLine(ex.Message); } return false; } //删除 public bool DeleteEntities(T entity) { try { Singleton.CreateInstance.SingletonSession.Delete(entity); Singleton.CreateInstance.SingletonSession.Flush(); return true; } catch (Exception ex) { Console.WriteLine(ex.Message); } return false; } //删除 public bool DeleteEntities(string entityName, object obj) { try { Singleton.CreateInstance.SingletonSession.Delete(entityName, obj); Singleton.CreateInstance.SingletonSession.Flush(); return true; } catch (Exception ex) { Console.WriteLine(ex.Message); } return false; } //删除 public bool DeleteEntities(string query) { try { Singleton.CreateInstance.SingletonSession.Delete(query); Singleton.CreateInstance.SingletonSession.Flush(); return true; } catch (Exception ex) { Console.WriteLine(ex.Message); } return false; } //删除 public bool DeleteEntities(string query, object[] values, Type.IType[] types) { try { Singleton.CreateInstance.SingletonSession.Delete(query, values, types); Singleton.CreateInstance.SingletonSession.Flush(); return true; } catch (Exception ex) { Console.WriteLine(ex.Message); } return false; } //查询 public IList<T> LoadEntities(Func<T, bool> wherelambda) { return Singleton.CreateInstance.SingletonSession.Query<T>() .Where(wherelambda).ToList<T>(); } //查询 public IList<T> LoadEntities(string queryString) { IQuery query = Singleton.CreateInstance.SingletonSession.CreateQuery(queryString); return query.List<T>(); } //分页 public IList<T> LoadPagerEntities<S>(int pageSize, int pageIndex, out int total, Func<T, bool> whereLambda, bool isAsc, Func<T, S> orderByLambda) { var tempData = Singleton.CreateInstance.SingletonSession.Query<T>().Where<T>(whereLambda); total = tempData.Count(); //排序获取当前页的数据 if (isAsc) { tempData = tempData.OrderBy<T, S>(orderByLambda). Skip<T>(pageSize * (pageIndex - 1)). Take<T>(pageSize).ToList(); } else { tempData = tempData.OrderByDescending<T, S>(orderByLambda). Skip<T>(pageSize * (pageIndex - 1)). Take<T>(pageSize).ToList(); } return tempData.ToList(); } ////分页 System.Linq.Expressions.Expression<Func<T, bool>> public IList<T> LoadPagerEntities<S>(PageResult pagsinfo, out int total, Func<T, bool> whereLambda, bool isAsc, System.Linq.Expressions.Expression<Func<T, object>> orderByLambda) { //检查查询变量 if (pagsinfo.pageIndex < 0) throw new ArgumentException("当前页数不能小于0", "pageIndex"); if (pagsinfo.pageSize <= 0) throw new ArgumentException("每页记录数不能小于0", "pageCount"); int skip, take; skip = pagsinfo.pageSize*(pagsinfo.pageIndex - 1) ; take = pagsinfo.pageSize; var queryOver = Singleton.CreateInstance.SingletonSession.Query<T>().Where(whereLambda); var Ovorder = Singleton.CreateInstance.SingletonSession.Query<T>().Where(whereLambda); total = Ovorder.ToList().Count; if (isAsc) return queryOver.AsQueryable().OrderBy(orderByLambda).Skip(skip).Take(take).ToList(); else return queryOver.AsQueryable().OrderByDescending(orderByLambda).Skip(skip).Take(take).ToList(); } /// <summary> /// 执行sql分页 /// </summary> public DataTable LoadPagerEntities(PageResult pagsinfo, out int total, string whereLambda, string orderByLambda) { if (pagsinfo.pageIndex < 0) throw new ArgumentException("当前页数不能小于0", "pageIndex"); if (pagsinfo.pageSize <= 0) throw new ArgumentException("每页记录数不能小于0", "pageCount"); if (string.IsNullOrWhiteSpace(whereLambda)) whereLambda = " 1=1 "; int skip, take; //(@pageIndex-1)*@pageSize+1 AND @pageIndex*@pageSize skip = (pagsinfo.pageSize + 1) * (pagsinfo.pageIndex - 1); take = (pagsinfo.pageSize * pagsinfo.pageIndex); string queryString1 = string.Format("select ROW_NUMBER() OVER( ORDER BY {0}) AS RowNumber,* from {1} where {2} ", orderByLambda, typeof(T).Name, whereLambda); string queryString = string.Format(@"select * from( {0} ) T where RowNumber BETWEEN {1} and {2} ", queryString1, skip, take); ISQLQuery query1 = Singleton.CreateInstance.SingletonSession.CreateSQLQuery(queryString1); total = query1.List().Count; using (IDbCommand command = Singleton.CreateInstance.SingletonSession.Connection.CreateCommand()) { command.CommandText = queryString; IDataReader reader = command.ExecuteReader(); DataTable result = new DataTable(); result.Load(reader); return result; // return reader.GetSchemaTable(); } } public IList ExecuteSQL(string queryString) { ISQLQuery query = Singleton.CreateInstance.SingletonSession.CreateSQLQuery(queryString); return query.List(); } //获取单条 public T GetSingleModel(T entity, object id) { System.Type types = typeof(T); object obj= Singleton.CreateInstance.SingletonSession.Get(types.Name, id); if (obj == null) return null; return obj as T; } //获取单条 public T GetSingleModel(Func<T, bool> wherelambda) { System.Type types = typeof(T); var obj = Singleton.CreateInstance.SingletonSession.Query<T>().Where(wherelambda).ToList<T>().FirstOrDefault(); if (obj == null) return null; return obj as T; } }
前端调用验证部分:
[Permission]--标示为权限验证
public class AdminControllerBase : Controller--其他Controller继承此类
Permission继承AuthorizeAttribute
/// <summary> /// 权限拦截 /// </summary> public class PermissionAttribute : AuthorizeAttribute { /// <summary> /// 登陆页面 /// </summary> public class PageUrl { public string Controller { get; set; } public string Action { get; set; } public string Url { get { return string.Format("{0}/{1}", Controller, Action); } } } private PageUrl url; //重写Authorization public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } //获取当前页面地址 url = new PageUrl(); url.Controller = filterContext.RouteData.Values["controller"] as string; url.Action = filterContext.RouteData.Values["action"] as string; //判断用户是否登录 // string Token=Caching.Get("adminLogin-key").ToString();//缓存 Model.adminlogin loginModel = HttpContext.Current.Session[CMSKeys.SESSION_ADMIN_INFO] as Model.adminlogin; //NHibernate.CMS.RedisFramework.RedisHelper.Single_Get_Itme<Model.adminlogin>(RedisKeys.REDIS_KEY_ADMINLOGIN + Token); if (loginModel==null) { // 未登录,跳转至登录页面 filterContext.Result = new RedirectResult("/Home/Login"); return; } else { if (!AuthorizeCore(filterContext.HttpContext)) { filterContext.Result = new RedirectResult("/Home/Error/premission"); //filterContext.HttpContext.Response.Write(""); } //redirect to login page } } /// <summary> /// 重写AuthorizeAttribute的AuthorizeCore方法 /// </summary> /// <param name="httpContext"></param> /// <returns></returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { bool result = false; //string Token = Caching.Get("adminLogin-key").ToString();//缓存 Model.adminlogin loginModel = HttpContext.Current.Session[CMSKeys.SESSION_ADMIN_INFO] as Model.adminlogin; //NHibernate.CMS.RedisFramework.RedisHelper.Single_Get_Itme<Model.adminlogin>(RedisKeys.REDIS_KEY_ADMINLOGIN + Token); //获取登陆标示 if (loginModel != null) { //进行权限校验 string action = url.Action; string controller = url.Controller; //如果是admin 拥有所有权限 if (loginModel.UserName == "admin") return true; Isys_actionService action_bll = new sys_actionService();//模块功能信息表 Isys_acl_userService acl_user_bll = new sys_acl_userService();//用户权限控制信息表 Isys_acl_groupService acl_group_bll = new sys_acl_groupService();//分组权限控制信息表 Isys_group_userService group_user_bll = new sys_group_userService();//用户与用户组信息表 var actionModel = action_bll.GetSingleModel(o => o.actionKey == action && o.moduleKey == controller); if (actionModel == null) return false;//表示没找到 action var acl_userModel = acl_user_bll.GetSingleModel(w => w.actionID == actionModel.actionID && w.userID == loginModel.UserID); if (acl_userModel != null) return true;//表示有该权限 var group_userModel = group_user_bll.GetSingleModel(k => k.userID == loginModel.UserID); var acl_groupModel = acl_group_bll.GetSingleModel(o => o.groupID == group_userModel.groupID && o.actionID == actionModel.actionID); if (acl_groupModel != null) result = acl_groupModel.access; } return result; } }
到此 验证机制主要部分已经写完就剩下在表里面添加数据测试了。
登陆测试
以上admind登陆的
测试a
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。