Write a robust rights management system under the code frist of EF: MVC filtering interception, permission core (v)

[AttributeUsage (AttributeTargets.Method | AttributeTargets.Class, inherited = True, AllowMultiple = True)] public Class Powerattribute:filterattribute, iaction Filter {public void onactionexecuted (ActionExecutedContext filtercontext) {//throw new Notim        Plementedexception ();        }///<summary>/////</summary> public string Powername {get; set;}        <summary>//Whether Super Administrator applies//</summary> public bool Issuper = FALSE;        protected User loginuser = null;        protected Powerconfig Power = null; Public Ipowerconfigservice Powerconfigservice = autofacdependencyresolver.current.applicationcontainer.resolve<                Ipowerconfigservice> (); public void onactionexecuting (ActionExecutingContext filtercontext) {loginuser = Cachehelper.getcache (C Onstant. Cachekey.loginuserinfocachekey + "_" + filterContext.HttpContext.User.Identity.            Name) as User;            BOOL B = false; if (Issuper = = False) {//non-super Admin exclusive operation//permission ID set string[] acts = Logi                NUser.Role.ActionIds.Split (', ');                Power = Cachehelper.getcache (Constant.CacheKey.PowerConfigCacheKey) as Powerconfig;                    if (power = = null) {power = Powerconfigservice.loadconfig (Constant.powerconfigpath);                Cachehelper.setcache (Constant.CacheKey.PowerConfigCacheKey, Power); } try {if (Power! = null) {VA                        R p = Power.PowerList.FirstOrDefault (t = = T.name = = powername); if (P! = null) {if (Acts.                                Contains (P.id.tostring ())) {//presence permission                            B = true;    }                    }}} catch {b = f                Alse;            }}//Super Admin can use if (loginuser.issuperuser) {b = true; #region do not have permission to execute if (b = = false) {//Do not have permission to execute if (filtercontext.httpconte Xt.                    Request.isajaxrequest ()) {//filtercontext.result = new Jsonresult () { Data = new {pass = false, error = "Unauthorized Access"},//Jsonrequestbehavior=jsonrequestbehavior.allo                    WGet//};                        Filtercontext.result = new Contentresult () {Content = "unauthorized Access",                ContentEncoding = Encoding.UTF8}; } else {filtercontext.controller.viewdata["errormessage"] = "unauthorized access";//filTerContext.Exception.Message + "Pro! You made a mistake!                        Filtercontext.result = new ViewResult ()//new a URL for error view { ViewName = "Error",/* under Shard folder */ViewData = Filtercontext.controller.viewdata//view view of the genus                The viewdata in the sex is assigned the value}; }} #endregion}}

Use this filter to intercept various action access, granular permissions, use the time directly in the action or controller's head plus [Power (issuper=true,powername= ")], Issuper is designed for the system Super Administrator to determine if the action is a system-level action, usually a configuration or a high-privilege action to use, normal can not write, or false.

Power parameter configuration I put in two places, one database, and the other is the config file, the database can be directly converted to config through my design of the export. At run time according to the role of the ActionId go to the configuration file to remove the ID corresponding to the powername, and then judge according to Powename (Powername can be repeated, in favor of the action of the Refinement Group)

<?xml version= "1.0"? ><powerconfig xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd= "http ://www.w3.org/2001/XMLSchema "> <PowerGroupList> <PowerGroup> <GroupName> Action Group One &LT;/GROUPNAME&G      T <Id>1</Id> </PowerGroup> <PowerGroup> <GroupName> Action Group Two </GroupName> < id>2</id> </PowerGroup> </PowerGroupList> <PowerList> <Power> &LT;PARAMSTR&G T;/cms/1234</paramstr> <Name> Statistics </Name> <GroupId>1</GroupId> <id>2</i       d> </Power> <Power> <ParamStr>/cms/12345</ParamStr> <Name> Introduction </Name> <GroupId>1</GroupId> <Id>3</Id> </Power> <Power> <paramstr&gt ;/links/123</paramstr> <Name> links </Name> <GroupId>1</GroupId> <Id>7< /id> </Power>   <Power> <ParamStr>/cms/123</ParamStr> <Name> co-organizer </Name> &LT;GROUPID&GT;1&L      t;/groupid> <Id>8</Id> </Power> <Power> <ParamStr>/proj</ParamStr>    <Name> Products </Name> <GroupId>1</GroupId> <Id>9</Id> </Power> <Power> <ParamStr>/message</ParamStr> <Name> Feedback </Name> <groupid>1</       groupid> <Id>10</Id> </Power> <Power> <ParamStr>/gundong</ParamStr>    <Name> Scrolling Chart </Name> <GroupId>1</GroupId> <Id>11</Id> </Power> <Power> <ParamStr>/guangao</ParamStr> <Name> ad bit </Name> <groupid>1</       groupid> <Id>12</Id> </Power> <Power> <ParamStr>/cms/123</ParamStr> <Name> Articles </name> <GroupId>2</GroupId> <Id>1</Id> </Power> <Power> <pa      ramstr>/admin/actionadd</paramstr> <Name> Articles View </Name> <GroupId>2</GroupId> <Id>4</Id> </Power> <Power> <ParamStr>/cms/12</ParamStr> <Name>      Chapter Delete </Name> <GroupId>2</GroupId> <Id>5</Id> </Power> <Power> <ParamStr>/cms/123</ParamStr> <Name> Article modification </Name> <GroupId>2</GroupId> & Lt;id>6</id> </Power> </PowerList></PowerConfig>

The above is the generated config, which is loaded into the cache at runtime to improve performance. His build is based on action and Actiongroup, while action and actiongroup data are stored in the database and can be visualized added.

Write a robust rights management system under the code frist of EF: MVC filtering interception, permission core (v)