对于一个后台管理系统来说,你的权限设计与安全是重中之重,当你为一个权限分配一些菜单后,当这个权限的用户没有菜单权限时,这个菜单的URL是不可以被用户访问的,而在之前的设计中,没有考虑到这点,所以本次Lind.DDD.Manager的升级中,需要把这块完善一下,将会在8月的Lind.DDD中奉献给大家,敬请期待!
思路
用户访问
==>
mvc根据url找到controller/action
==>
判断这个URL是否为库中定义的URL(排除非正常URL,PartialView产生的URL)
==>
判断用户是否有这个URL的权限
==>
正常访问
层关系图
aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAP8AAAEqCAIAAABV7hG1AAAZlklEQVR4nO2d7VMTWdrG90/p/8kPftlav7hqlS4ssDjMLqtlWVpjOSWOvKgjMCQQEiSAgLw4IgyKJN15IQGc0UJAMZLOC1hbak0JZfF8SD0x3X36pDs5/Za+rroq1X367vucvu9f98QpTf/lCILcqr9YvQAIskygH3KvQD/kXoF+yL0C/ZB7Bfoh9wr0Q+4V6Ifcq2rpT+U/TwrvWjyxFk/s+LXFY1cXYJe7AEP//Oa2+JEJo8apKvqHl96c6Qq3DCRvzGzemd/x8WIwmh2Jwe61X8jcmd/56dFWa2D9dFf4xviLT38esoKVuSqkP5X/3NQTafWveZbT44n8zNreo/V9GC56IpH38eKVsVdn7/CvUv9jSy0rVUL/tvjxVEfo5uxWQMhMr+7PrsEwwTOr+8PR7O2FnbN3+fW3H5izW710039w+LWxJ9L++M1oPDeztg/DdE8k9+49fXe6M2TDr0C66ff9tnVxaD0giNOrezCsxSPx3JWxVzfGXxhBcDXSR38q//lMV9izvPswaX1NYQd5kBfP/SzY7fuPPvoDi9ut/vXReG5qdc+15jiu7IhaQNlILTNWlsRajyfyl0dfto3/bhDHlUkf/S2e2M3Zzcnk3sNVW5vjOOIIR5L2cS3ZlFPL1iPb1pKEvusU9zxLnby1bBDHlUkf/SdvLfc+Sz1M5m1ujuPoI8oALWEazyqM0KV2OnGKsgGO8FAkc+zqgjEYVyh99B+/tjjIi5PJvM3NcRx9RBmgJYyYViaN61E7qpyxNDMl0v4OxrLOpv/Y1YVAJDORyNvcHMfRR5QBWsIKuwUWy2YrHSw9hb42taOlU5fK8lJrdzCWczz9Qw6hnw5KNfRPqLMom6g0vhRiyqR0+umrtblrhP7xlZzNzXEcfUQZoBZWKmWYlrTFc+nJlSrNWfwkrscRDkZr4pvPg5Wczc1xHH1EGVBZmBJZYmTpJ31StQUoM6hls62HQb85NpN+LaerxSsHtd8/oL966adfyIzFczY3x3H0EWVAZWHKZ3/pODEPfQrijKVpy67Ntr5fA/T7hcxoPOdyF+AubMjG1eLVdstmKJ1IdqdZXgddrhH6R+I5GNbrIdAPu9a1QP+gIAZjWRjWa8f/TYcC/cOxLAzrdaAW6OfF4WgWhvW6Fuj38eL9aBaG9dpfG/QPRTIwrNd+AfTDbnUt0N8fFgNCBob1epAXnU3/yVvL3U9TfiEDw3o9EHY4/U09kfZftwd5EYb1uncpdaJtySCOK5M++junX14K/uGzuo6w8xwWf5x6fcGXMIjjyqSP/vjmXn131BtK+3gRhrXbG06f7088ir03iOPKpPu33C74EtenXvfz4gAMa3M/L7Y/ftPYEzk4/GoExBVLN/0fPn051RHqfvYeNwCsyWGx7/nuubuCDX/Ov5LfcH66LtZ3R7uX3veH0zBMsTec/uX5brN35UF4hzm71avC3++fS+ye6ghdn3rtDaW9YRgm2BPa7Xzytu5exJ7oH1Xz7pYPn75c8CWavSs/TG70hdKeUNobSnvc7duTUcvXYK0LDPQt796c3WoZSJ67a99XVxxV/96u+WT68lDS8ndF2cF/vRhoqK870dpr+Urs4KaeyKTwzm5/zJUJ72xkJp4PN9TXzc5MW70QSKtAPzOBfscJ9DMT6HecQD8zgX7HCfQzE+h3nEA/M4F+xwn0MxPod5xAPzOBfscJ9DMT6HecQD8zgX7HCfQzE+h3nEA/M4F+xwn0MxPod5xAf1VKpVKzM9MF93Tfa6iv62y/VRzZ2NiweoEQTaC/Ks0/mWtq/GdDfR3RXR0dVi8Qogn0V6XDg4P/fN9CRP/f351PpVJWLxCiCfRXq/knc981/0tB/z/w4Le/QH+1Ij7+8eB3hEA/Ayke/3jwO0Ogn4Fkj388+J0i0M9G80/mmpsa8eB3lkA/Gx0eHBS+/JxvasSD3ykC/czk6ettqK+7fOmS1QuBtKpa+lP5z5PCuxZPrMUTO35t0fKfkbHQf/uvp6G+7u/ft1m+EmtdgKF/ftOGP9wpU1X0Dy+9OdMVbhlI3pjZvDO/4+PFYDQ7EnOpg8JuW2/Qt7hh+UostF/I3Jnf+enRVmtg/XRX+Mb4i09/HrKClbkqpD+V/9zUE2n1r3mW0+OJ/Mza3qP1fRgueiKR9/HilbFXZ+/Y98cMK6F/W/x4qiN0c3YrIGSmV/dn12CY4JnV/eFo9vbCztm7/PrbD8zZrV666T84/NrYE2l//GYsnrO8vrD9PZncu/f03enOkA2/Aumm3/fb1sWh9UAkM7O2D8NaPBLPXRl7dWP8hREEVyN99Kfyn890hT3Lu1PJvZlVGNbqQV4897Ngt+8/+ugPLG63+tfH4rnp1T0LzZFEP0qMlOWkz6j9qJYpiDHKQfq8DvJEIn959GXb+O8GcVyZ9NHf4ondnN2cSlpcSl2UaDxUDf30VLruRnoe4qRqjwBre6R077PUyVvLBnFcmXS/q713KTW1umetiQxRIks3lAGyDfosshnVBtUWQ9wuOx3lFLW0amuw0PcjmWOOflf78WuLfkG0vI5qHChhojBXlmxK8rLLI+YhxqitTbntdPpHYlln03/s6sJQJPNwdc9aE3mVHS3dlZ1LTKi2q3Z7KIMLG7LdsqstO5EyoWxqymJs5dF4zvH0349mJpN5B5njOL0xxd0CfPR45XbppzJh2Um1nCubrihdV22yR0B/laY8INVI1ZKTCJySLeVElHuDckcRTyx7URT6lQGgX4scRj+x/cRx7beHkp6yGBHJLss3fc1lY8rSr3YJNnEt0D8UyUwk8taa47jiRqmUAWonEkdK05YOEkXPrCVDaSotMRpXS6+AhQ7GQD9r+ukB2hlVGyfGEPNoPEsZrH39EyX3SdnFUO5VS1wj9I+v5Cw0x3GyT2KMmmR5KFNQwtQCKGsr7io36PlrxsGo8/+PZyCSebCSs8ocx5VuK6UMI55ODJAlUYukTyRboSyeeAn0y6wZD4N+2LWuCfqFzFg8B8N6fR/0081xnK7xwqGiKGfRM1RwSDk7UXoT6l2SxoR2MOivsPHFQV08VU+/bGol1vQp6Nei6zI1TqEWQLwhTb5zaoF+v5AZjedMNsdxsm21Zy3xFGISumQxxDXINpTLUDtads3KxVOmUFukrFwaZzHONUL/SDxntImUyAJkG5RttRG1PMQY5WfpLnFqSk7tV025UvoIPbKC5VXpIdCvpfcURoktpNwb9Dz0u4XICpF+tZXQV6V3Mcq5lEdBvy7ppn9QEIOxrHHmOE62QRwsfTTKwoqfSinTqoXJYpTJ6csgplK7urK7GgtCPFFZDfosxnnI6f+6xUz61VihQ6wlGzGP2lyl9FDOKo0hrp8iehGIl6lWEAr9ZQtitGuE/uFY1jhzHKfcLh0se6hsttJdZR7ZBnFXy8K0L7I0Xqmy10JcmNplVrAqVg7UAv28OBzNGmeO47QMlo4QT1GOE0+hbKidpZaHski1FVZcBI1zaR80wbVAv48X70ezxpnjONluQbKA0k/iicRUlOmUG8rdspMSl6o2tfYiqK2EclRtJbILKZWhbb0fzfpBv5auUzpRypPyNtB1MygT3lfgqwxQzkgXZeqydVAOUmA1Ad8qXSP0D0UyRpjjuNJtpeiRZVNpn105rsxPHNdyrlokXcqLUi7G5vYLoB92q2uB/gFeDEQyMKzXg7VAf1gMCBkY1utBvibo9wsZGNZrH+iHXetaoN8bTg/yIgzrtS8sOpv+k7eWu5+mLK8j7ET3h9POpr+pJ9L+67aPF2FYr3uWUifalgziuDLpo79z+uWl4B/9vDgAw7ocFn+cen3BlzCI48qkj/745l59d9QbSltfTdhR9obT5/sTj2LvDeK4Mul+Z+MFX+L61Gs8/mHt7ufF9sdvGnsiB4dfjYC4Yumm/8OnL6c6Qt3P3veH0zCsxb883z13V9gWPxpBcDWq5F3tT9fF+u5o9xJuALiMveH0L893m70rD8I7zNmtXpXQf3R0NJfYPdURuj712htKe8MwTLAntNv55G3dvYg90T+qmP6jo6MPn75c8CWavSs/TG70hdKeUNobSnvc7duTUcvXYK0LDPQt796c3WoZSJ67y79K/Y8hr2xVOf0FzSfTl4eSx64uwH+9GGiorzvR2mv5Suzgpp7IpPDObn/Mlala+qGieD7cUF83OzNt9UIgrQL9zAT6HSfQz0yg33EC/cwE+h0n0M9MoN9xAv3MBPodJ9DPTKDfcQL9zAT6HSfQz0yg33EC/cwE+h0n0M9MoN9xAv3MBPodJ9DPTKDfcQL9zAT6HSfQz0yg33EC/cwE+h0n0M9MoN9xAv3MBPodJ9DPTKDfcQL9zAT6HSfQz0yg33EC/cwE+h0n0M9MoN9xAv3MBPodJ9DPTKDfcQL9VSmVSs3OTBfc032vob6us/1WcWRjY8PqBUI0gf6qNP9krqnxnw31dUR3dXRYvUCIJtBflQ4PDv7zfQsR/X9/dz6VSlm9QIgm0F+t5p/Mfdf8LwX9/8CD3/4C/dWK+PjHg98RAv0MpHj848HvDIF+BpI9/vHgd4pAPxvNP5lrbmrEg99ZAv1sdHhwUPjyc76pEQ9+pwj0M5Onr7ehvu7ypUtWLwTSqmrpT+U/TwrvWjyxFk/s+LVFy18XZaH/9l9PQ33d379vs3wl9ncBmP75TWtf4lsV/cNLb850hVsGkjdmNu/M7/h4MRjNjsRc6qCw29Yb9C1uWL4Sm9svZO7M7/z0aKs1sH66K3xj/MWnPw9ZAa1LFdKfyn9u6om0+tc8y+nxRH5mbe/R+j4M6/JEIu/jxStjr87esebFppXQvy1+PNURujm7FRAy06v7s2swXKFnVveHo9nbCztn7/Lrbz8w55su3fQfHH5t7Im0P34zGs/NrO3DcPWeSO7de/rudGfI5K9Auun3/bZ1cWg9IIjTq3swzMoj8dyVsVc3xl8YQbma9NGfyn8+0xX2LO8+TFpfL7jGPMiL534WzPz+o4/+wOJ2q399NJ6bWt2z1hzHUQ4pRT9KjCw7kTKAGFxBziqroXEZakVTVsmcno4n8pdHX7aN/24Q60rpo7/FE7s5uzmZ3Hu4ytgUHCmnaByvIImWWehSS0I5VDpCTEVcjMbrVaYtTS7bKDupQe55ljp5a9kg1pXSR//JW8u9z1IPk3nm5jiu7HZhV5U2aozapIVDWjKoZaOsVsuCiaeopS2bXzlIT6IcpMxugocimWNXF4xBnSB99B+/tjjIi5PJPHNzHFd2W7mr5RS1kcKg3hPLXkUxs8brUptUVzD9xNKbgZ65dFd2ljkOxrL2pf/Y1YVAJDORyDM35RkpC1M7nZ5KdlQtYdk8xYCyS9V4XcqzCiPERaoFEy9NSxLZID3GBAdjOVvTP2QY/WW3KZ2ouEOUhGo0a+RJ43VR6CfeurrWI7tXtZ8C+gkq0D++kmNujuPKbhd21UQ/WozRvhgtSYq7xVOUqeh5iKcoM1OCiWtTJlFOSsxMvHYjOk50MGr7bz4PVnLMTaFEFqZ2usbBKufStYDKFlkYKR0vbqsFq20rPzVOIQvQcnVMPOxa+stu64VMjWyNBNPvEMotVAzTEkOnkDJYtla6Kkmh3zT0HziAfiEzFs8xN8dxura1pFKL1zhODFMOFkZKP7Vco/JQQfTFyG6esvWhV1I2UrqAsjU0yPdtTr9fyIzGc8zNcZyubXqe0k9ijJrUlqQ2WNxVbpQ9l1Xd1NavVr2yg8W0xi1bzQ6gfySeg2EjPAT6Ydfa7vQPCmIwloVhI2zrv+lQoH84loVhIxywO/28OBzNwrARtjv9Pl68H83CsBH225/+oUgGho2wXwD9sFttd/r7w2JAyMCwER7kRfvSf/LWcvfTlF/IwLARHgjbmP6mnkj7r9uDvAjDRrh3KXWibckg1pXSR3/n9MtLwT98VtcIrk2HxR+nXl/wJQxiXSl99Mc39+q7o95Q2seLMMzW3nD6fH/iUey9Qawrpfu33C74EtenXvfz4gAMs3M/L7Y/ftPYEzk4/GoE6ETppv/Dpy+nOkLdz97jBoCZOSz2Pd89d1cw+ef8K/kN56frYn13tHvpfX84DcNV2htO//J8t9m78iC8w5xvuir8/f65xO6pjtD1qdfeUNobhuEK7Qntdj55W3cvYj76R9W8u+XDpy8XfIlm78oPkxt9obQnlPaG0h5zfXsyavKMbrDRVS1w0re8e3N2q2Ugee6uNa+uOKr+vV3zyfTloaQl737668VAQ33didZey99CVUs2s6pNPZFJ4Z2Zf8yVycHvbOT5cEN93ezMtNULqSm5qqqgH5LIVVUF/ZBErqoq6IckclVVQT8kkauqCvohiVxVVdAPSeSqqoJ+SCJXVRX0QxK5qqqgH5LIVVUF/ZBErqoq6IckclVVQT8kkauqCvohiVxVVdAPSeSqqoJ+SCJXVRX0QxK5qqqgH5LIVVUF/ZBErqoq6IckclVVQT8kkauqCvohiVxVVdAPSeSqqoJ+SCJXVRX0QxK5qqqgH5LIVVUF/ZBErqoq6IckclVVQT8kkauqCvohiVxVVdAPSeSqqoJ+SCJXVRX0QxK5qqqgH5LIVVUF/ZBErqoq6IckclVVQT8kkauqCvohiVxVVdAPSeSqqoJ+SCJXVRX0QxK5qqqgH5LIVVUF/ZBErqoq6IckclVVQT8kkauqCvohiVxVVdAPSeSqqoJ+SCJXVRX0QxK5qqoOoz+VSs3OTBfc032vob6us/1WcWRjY8PqBTpSrq2qw+iffzLX1PjPhvo6ors6OqxeoCPl2qo6jP7Dg4P/fN9CbNK/vzufSqWsXqAj5dqqOoz+o6Oj+Sdz3zX/S9Gnf9TwI8oEubOqzqOf+KCq7UeUCXJnVZ1H/xHhQVXjjyhz5MKqOpJ+2YOq5h9R5siFVXUk/UdHR/NP5pqbGl3yiDJNbquqU+k/PDgo/Gf6fFNjzT+iTJPbqupU+o+Ojjx9vQ31dZcvXbJ6ITUlV1WVRn8q/3lSeNfiibV4YsevLR67umAr/+2/nob6ur9/32byvIWC9M9vbosfTeuTab2wqqqW9EKV/uGlN2e6wi0DyRszm3fmd3y8GIxmR2I2clDYbesN+hY3zJzUL2TuzO/89GirNbB+uit8Y/zFpz8Pq6Bak8zshSVVtaoXBPpT+c9NPZFW/5pnOT2eyM+s7T1a34dlnkjkfbx4ZezV2Tv8q9T/GHGOXpjaCzn92+LHUx2hm7NbASEzvbo/uwaremZ1fziavb2wc/Yuv/72A1Ps0QszeiGh/+Dwa2NPpP3xm9F4bmZtH9biieTevafvTneG2H4FQi9M6IWEft9vWxeH1gOCOL26B2v3SDx3ZezVjfEXDOlHL0zoxTf6U/nPZ7rCnuXdh0nrr8FxHuTFcz8LrL7/oBfm9OIb/YHF7Vb/+mg8N7W6Z765EhV2i+PEGFm85R5P5C+Pvmwb/50J/db2glh/WZ3pu5RBW/XiG/0tntjN2c3J5N7DVSvNcZzsU0u8HdzzLHXy1jIT+o3rhdoTRFnGso2QDdJjyk5nSS++0X/y1nLvs9TDZN58cxwn26AMEupoxZqVHopkjl1dYEK/Ob0glo5yexCrXVlHjO6axl58o//4tcVBXpxM5i0xx3HFT7URyol2cDCWZUW/Ob0glo5eT7WjelMZ3TWNvfhG/7GrC4FIZiKRt8ocxxU+CyqOFI/SZeHKCw7GcqzoN6cXlKLRK0wcoeRXJjG6Xxp7IaF/yDr61cqhd9xCs6XfuF5oQVB5iD5CvE+0bFjbCzn94ys5881xXOFTqeLR0g3KtoUORpl98zG0F6X1lJW6NIbYC2IetW0tG9b2Qv7N58FKzipzHKdxpNgPYoxVHmZKv3G9KFZMS+koMaWHiNtaNqzthb3oV0qt6HZDX3vF7U8/sRHKdqg1gsi6LIMt6RcyY/GcheY4jritHFRuWO77bOk3rBdlS6fWBVl8gWbieNnWGN01jb2Q0O8XMqPxnLXmOK74KRsvHZRtK+PNN1v6jetFsVZqRSPWWVlktTxl89MPmdkLOf0j8RxcmYdY02/5FTnXGnsB+s2uOOi3Ty8k9A8KYjCWhSszw7/pgF6Y0ws5/cOxLFyZA6zpt/yKnGuNvZDSz4vD0SxcmRnTj14Y3wsJ/T5evB/NwpXZz5R+9MKEXsjpH4pk4MrsFxjTb/kVOdcaewH6za446LdPLyT094fFgJCBK/MgLzKkH70woReSf9vV/TTlFzJwZR4IM6MfvTCnF9/ob+qJtP+6PciLcGXuXUqdaFtiQj96YU4vvtHfOf3yUvAPn9XrdqrD4o9Try/4EkzoRy/M6cU3+uObe/XdUW8o7eNFWK+94fT5/sSj2Hsm9KMX5vRC8ltuF3yJ61Ov+3lxANbjfl5sf/ymsSdycPiVCf3ohTm9kND/4dOXUx2h7mfvUXQdDot9z3fP3RXY/pw/emFCL+S/4fx0XazvjnYvve8Pp+Gy9obTvzzfbfauPAjvMEQfvTCnF4Tf759L7J7qCF2feu0Npb1hWNWe0G7nk7d19yJGoI9emNAL8rtbPnz6csGXaPau/DC50RdKe0Jpbyjtgf+/Dn3Luzdnt1oGkufuGvjqCvTC6F7Q3ts1n0xfHkpa/m4me7qpJzIpvGP4x1y60AsjeuHgdzZCUJUC/ZB7Bfoh9wr0Q+4V6IfcK9APuVegH3KvQD/kXoF+yL0C/ZB7Bfoh9wr0Q+7V/wEUdyeZYyM8DgAAAABJRU5ErkJggg==" alt="" />
实现
使用了MVC环境下的AOP方法拦截技术,它主要通过过滤器(AuthorizeAttribute)来实现对action的拦截,然后注入自己的代码,这也是MVC几大过滤器带给我们的惊喜!
AuthorizeAttribute 为我们提供了一个用户授权的过滤器,当用户访问Action之前,它将被执行
// 摘要:
// 表示一个特性,该特性用于限制调用方对操作方法的访问。
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
// 摘要:
// 初始化 System.Web.Mvc.AuthorizeAttribute 类的新实例。
public AuthorizeAttribute(); // 摘要:
// 获取或设置用户角色。
//
// 返回结果:
// 用户角色。
public string Roles { get; set; }
//
// 摘要:
// 获取此特性的唯一标识符。
//
// 返回结果:
// 此特性的唯一标识符。
public override object TypeId { get; }
//
// 摘要:
// 获取或设置授权用户。
//
// 返回结果:
// 授权用户。
public string Users { get; set; } // 摘要:
// 重写时,提供一个入口点用于进行自定义授权检查。
//
// 参数:
// httpContext:
// HTTP 上下文,它封装有关单个 HTTP 请求的所有 HTTP 特定的信息。
//
// 返回结果:
// 如果用户已经过授权,则为 true;否则为 false。
//
// 异常:
// System.ArgumentNullException:
// httpContext 参数为 null。
protected virtual bool AuthorizeCore(HttpContextBase httpContext);
//
// 摘要:
// 处理未能授权的 HTTP 请求。
//
// 参数:
// filterContext:
// 封装有关使用 System.Web.Mvc.AuthorizeAttribute 的信息。filterContext 对象包括控制器、HTTP 上下文、请求上下文、操作结果和路由数据。
protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext);
//
// 摘要:
// 在过程请求授权时调用。
//
// 参数:
// filterContext:
// 筛选器上下文,它封装有关使用 System.Web.Mvc.AuthorizeAttribute 的信息。
//
// 异常:
// System.ArgumentNullException:
// filterContext 参数为 null。
public virtual void OnAuthorization(AuthorizationContext filterContext);
//
// 摘要:
// 在缓存模块请求授权时调用。
//
// 参数:
// httpContext:
// HTTP 上下文,它封装有关单个 HTTP 请求的所有 HTTP 特定的信息。
//
// 返回结果:
// 对验证状态的引用。
//
// 异常:
// System.ArgumentNullException:
// httpContext 参数为 null。
protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext);
}
对于我们的菜单权限过滤器,需要继承它,我们起名为ManagerUrlAttribute,下面是大叔设计的代码,大家可以作为参考
/// <summary>
/// 后台URL菜单的权限
/// 需要考虑到PartialView的问题
/// </summary>
public class ManagerUrlAttribute : AuthorizeAttribute
{
/// <summary>
/// 验证失败后所指向的控制器和action
/// 可以在使用特性时为它进行赋值
/// </summary>
public ManagerUrlAttribute(string failControllerName = "Home", string failActionName = "Login")
{
_failControllerName = failControllerName;
_failActionName = failActionName;
}
/// <summary>
/// 出错时要跳转的控制器
/// </summary>
string _failControllerName;
/// <summary>
/// 出错时要跳转的action
/// </summary>
string _failActionName;
/// <summary>
/// 菜单仓储
/// </summary>
static IExtensionRepository<WebManageMenus> menuRepository = new ManagerEfRepository<WebManageMenus>(new ManagerContext());
/// <summary>
/// 所有已经定义的菜单项
/// </summary>
static List<WebManageMenus> allMenuList = menuRepository.GetModel().ToList(); public override void OnAuthorization(AuthorizationContext filterContext)
{ var menuIdArr = Array.ConvertAll<string, int>(CurrentUser.ExtInfo.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries), i => int.Parse(i));
var menuUrlArr = allMenuList.Where(i => menuIdArr.Contains(i.Id)).Select(i => i.LinkUrl).ToList();
var controllerName = filterContext.RouteData.Values["controller"].ToString();
var actionName = filterContext.RouteData.Values["action"].ToString();
var isValid = allMenuList.FirstOrDefault(i => i.LinkUrl == "/" + controllerName + "/" + actionName) != null;//是否为有效的URL,过滤分布视图 //当前为正常页面,不是分布视图
if (isValid)
{
//没有当前URL的权限,跳到登陆页
if (!menuUrlArr.Contains("/" + controllerName + "/" + actionName))
{
filterContext.Result = new RedirectToRouteResult("Default", new RouteValueDictionary {
{ "Action",_failActionName },
{ "Controller", _failControllerName} });
}
}
} }
本代码解决了分布视图在过滤器中的尴尬,将分布视图产生的action进行过滤,我们先将所有定义的菜单URL取出来,然后用户访问时,先判断当前URL是否为已经定义的URL,如果是,再进行权限的比较.