1 public class UserPermissionFilter:System.Web.Mvc.ActionFilterAttribute 2 { 3 public override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext) 4 { 5 #region 判断是否有 此 controller 和 action 的权限 6 LoginUserViewModel user = AdminUserBll.GetLoginUser(); 7 var permissionListAll = ModuleBll.Instance.GetLevelModuleListIsArrayAllInCache(); 8 if (null != user && !string.IsNullOrEmpty(user.user_name)) 9 { 10 bool ret = true; 11 if (user.PermissionList != null && user.PermissionList.Count > 0) 12 { 13 string action = filterContext.ActionDescriptor.ActionName; 14 string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; 15 string url = (controller + "/" + action).ToUpper(); 16 var module = permissionListAll.FirstOrDefault(c => c.action_url.ToUpper() == url); 17 if ((controller.ToUpper() != "HOME" && action.ToUpper() != "LOGIN") && 18 controller.ToUpper() != "MENU" && module != null) /*此Action下的不作权限*/ 19 //&& module != null 20 { 21 ret = AdminUserBll.LoginUserIsPermission(controller, action, user); 22 } 23 if (!ret) 24 { 25 filterContext.HttpContext.Response.Redirect("/Home/NoRight", true); 26 //throw new System.Web.HttpException(403, "无权访问"); 27 } 28 } 29 } 30 else 31 { 32 filterContext.HttpContext.Response.Redirect("/login", true); 33 34 } 35 36 37 #endregion 38 39 base.OnActionExecuting(filterContext); 40 } 41 }