MVC前端鉴权
后端Controller:
public void SetClientPermissions(Controller controller, List<MenuCacheModel> userPrivileges) { var type = controller.GetType(); string[] attrs = { "insert", "delete", "update", "select", "allowallsigninuser", "strict", "allowanonymous" }; var originalMethods = type .GetMethods(BindingFlags.Instance | BindingFlags.Public | BindingFlags.DeclaredOnly); var methods = originalMethods .Select(m => new { Name = m.Name.ToLower(), CustomAttributes = m.CustomAttributes .Where(r => attrs.Contains(r.AttributeType.Name.Replace("Attribute", "").ToLower())) .Select(r => r.AttributeType.Name.Replace("Attribute", "").ToLower()) .ToList() }); controller.ViewBag.Methods = methods; var controllerName = type.Name.ToLower().Replace("controller", ""); controller.ViewBag.Privileges = userPrivileges.Where(r => r.Controller == controllerName); }
调用:_rbacService.SetClientPermissions(this, CurrentUser.Privileges);
Action上加属性:
[AllowAllSignInUser] [Strict] [Update] [HttpGet] public ActionResult Export(RohsToCheckFilter filter) { }
View:
var privileges = @Html.Raw(Json.Encode(ViewBag.Privileges));
var methods= @Html.Raw(Json.Encode(ViewBag.Methods));
var controllerName = "rohstocheck";
var authorizeValidator = new AuthorizeValidator(privileges,methods,controllerName);
其中得到的格式是这样的:
var privileges = [{"Action":null,"Controller":"rohstocheck","Authoritys":"full control"}]; var methods= [{"Name":"create","CustomAttributes":["insert","allowanonymous","strict"]},{"Name":"create","CustomAttributes":["insert","strict"]},{"Name":"delete","CustomAttributes":["delete","strict"]},{"Name":"edit","CustomAttributes":["update","strict"]},{"Name":"edit","CustomAttributes":["update","strict"]},{"Name":"index","CustomAttributes":["select"]},{"Name":"getlistajax","CustomAttributes":["select"]},{"Name":"outboundqtysubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"rohsreceivedqtysubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"rohsresultsubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"iqcconfirmqtysubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"whsconfirmreturnqtysubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"hfsresultsubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"thirdpartyresultssubmit","CustomAttributes":["allowallsigninuser","strict"]},{"Name":"export","CustomAttributes":["allowallsigninuser","strict"]}]; var controllerName = "rohstocheck";
JS:
//鉴权 var AuthorizeValidator = function (privileges, methods, controllerName) { var that = this; this.privileges = privileges; this.methods = methods; this.controllerName = controllerName; this.privilegeType = { readOnly: "read only", allowToExecute: "allow to execute", allowToChange: "allow to change", fullControl: "full control" }; AuthorizeValidator.prototype.hasMethod = function (actionName) { var method = that.methods.filter(r => r.Name == actionName); if (method != null && method.length > 0) { return true; } return false; } AuthorizeValidator.prototype.hasAttribute = function (actionName, attrName) { var method = that.methods.filter(r => r.Name == actionName); if (method != null) { for (i = 0; i < method.length; i++) { if (method[i].CustomAttributes.filter(t=>t == attrName).length > 0) { return true; } } } return false; } //是否有只读权限 AuthorizeValidator.prototype.isReadOnly = function (actionName) { if (that.hasAttribute(actionName, 'select')) { if (privileges.filter(p => p.Controller == controllerName && (p.Action == null || p.Action == '') && (p.Authoritys == that.privilegeType.readOnly || p.Authoritys == that.privilegeType.allowToExecute || p.Authoritys == that.privilegeType.allowToChange)).length > 0) { return true; } } return false; } //是否有增删权限 AuthorizeValidator.prototype.isAllowToExecute = function (actionName) { //如果有增删权限 if (that.hasAttribute(actionName, 'insert') || hasAttribute(actionName, 'delete')) { if (privileges.filter(p => p.Controller == controllerName && (p.Action == null || p.Action == '') && p.Authoritys == that.privilegeType.allowToExecute).length > 0) { return true; } } return false; } //是否有修改权限 AuthorizeValidator.prototype.isAllowToChange = function (actionName) { if (that.hasAttribute(actionName, 'update')) { if (privileges.filter(p => p.Controller == controllerName && (p.Action == null || p.Action == '') && p.Authoritys == that.privilegeType.allowToChange).length > 0) { return true; } } return false; } AuthorizeValidator.prototype.hasPrivilege = function (actionName) { debugger; //如果该用户没有任何权限 if (privileges == null || privileges == '') { return false; } if (!that.hasMethod(actionName)) { return false; } //如果没有相应action的权限 if (privileges.filter(p => p.Controller == controllerName && p.Action == actionName).length == 0) { //如果是严格授权的Action if (that.hasAttribute(actionName, 'strict')) { return false; } //如果有完全控制权限 if (privileges.filter(p => p.Controller == controllerName && (p.Action == null || p.Action == '') && p.Authoritys == that.privilegeType.fullControl).length > 0) { return true; } //如果有只读权限 if (that.isReadOnly(actionName)) { return true; } //如果有增删权限 if (that.isAllowToExecute(actionName)) { return true; } //如果有修改权限 if (that.isAllowToChange(actionName)) { return true; } //如果允许登录的人 if (that.hasAttribute(actionName, 'allowallsigninuser')) { return true; } //如果允许所有人 if (that.hasAttribute(actionName, 'allowanonymous')) { return true; } return false; } return true; } };
使用:
if (!authorizeValidator.hasPrivilege('outboundqtysubmit')) { layer.msg('沒有權限'); return; }
注意:仅能作前端控制,这是不安全的,服务器端还是要再进行一次鉴权的。
浙公网安备 33010602011771号