在EF的code frist下寫穩(wěn)健的權(quán)限管理系統(tǒng)：MVC過濾攔截，權(quán)限核心（五）

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = true)]    public class PowerAttribute : FilterAttribute, IActionFilter    {        public void OnActionExecuted(ActionExecutedContext filterContext)        {            //throw new NotImplementedException();        }        /// <summary>        /// 權(quán)限標(biāo)示名        /// </summary>        public string PowerName { get; set; }        /// <summary>        /// 是否超級(jí)管理員應(yīng)用        /// </summary>        public bool IsSuper = false;        PRotected User LoginUser = null;        protected PowerConfig Power = null;        public IPowerConfigService powerConfigService = AutofacDependencyResolver.Current.applicationContainer.Resolve<IPowerConfigService>();                public void OnActionExecuting(ActionExecutingContext filterContext)        {            LoginUser = CacheHelper.GetCache(Constant.CacheKey.LoginUserInfoCacheKey + "_" + filterContext.HttpContext.User.Identity.Name) as User;            bool b = false;            if (IsSuper == false)            {                //非超級(jí)管理員專屬操作                //權(quán)限id集合                string[] acts = LoginUser.Role.ActionIds.Split(',');                Power = CacheHelper.GetCache(Constant.CacheKey.PowerConfigCacheKey) as PowerConfig;                if (Power == null)                {                    Power = powerConfigService.LoadConfig(Constant.PowerConfigPath);                    CacheHelper.SetCache(Constant.CacheKey.PowerConfigCacheKey, Power);                }                try                {                    if (Power != null)                    {                        var p = Power.PowerList.FirstOrDefault(t => t.Name == PowerName);                        if (p != null)                        {                            if (acts.Contains(p.Id.ToString()))                            {                                //存在權(quán)限                                b = true;                            }                        }                    }                }                catch                {                    b = false;                }            }            //超級(jí)管理員都可以使用            if (LoginUser.IsSuperUser)            {                b = true;            }            #region 無權(quán)限執(zhí)行            if (b == false)            { //無權(quán)限執(zhí)行                if (filterContext.HttpContext.Request.IsAjaxRequest())                {                    //filterContext.Result = new JsonResult() {                    //    Data = new { pass = false, error = "無權(quán)訪問" },                    //    JsonRequestBehavior=JsonRequestBehavior.AllowGet                    //};                    filterContext.Result = new ContentResult()                    {                        Content = "無權(quán)訪問",                        ContentEncoding = Encoding.UTF8                    };                }                else                {                    filterContext.Controller.ViewData["ErrorMessage"] = "無權(quán)訪問";//filterContext.Exception.Message + " 親！您犯錯(cuò)了哦！";//得到報(bào)錯(cuò)的內(nèi)容                    filterContext.Result = new ViewResult()//new一個(gè)url為Error視圖                    {                        ViewName = "Error",/*在Shard文件夾下*/                        ViewData = filterContext.Controller.ViewData//view視圖的屬性中的viewdata被賦值                    };                }            }            #endregion        }    }

使用這個(gè)過濾攔截各種action的訪問，做到權(quán)限的顆?；?，使用時(shí)候直接在action或者controller的頭部加[Power(IsSuper=true,PowerName="權(quán)限名")]，IsSuper是針對(duì)系統(tǒng)超級(jí)管理員設(shè)計(jì)，判斷action是否為系統(tǒng)級(jí)別的action，一般是配置或者高權(quán)限的action使用，普通可以不寫，或者為false。

power的參數(shù)配置我放到了兩個(gè)地方，一個(gè)數(shù)據(jù)庫，另一個(gè)是config文件，數(shù)據(jù)庫可以通過我設(shè)計(jì)的導(dǎo)出，直接變成config。在運(yùn)行時(shí)候根據(jù)角色的actionId去配置文件中取出ID對(duì)應(yīng)的powername，然后根據(jù)powename進(jìn)行判斷（powername可以重復(fù)，有利于action的細(xì)化分組）

<?xml version="1.0"?><PowerConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">  <PowerGroupList>    <PowerGroup>      <GroupName>操作組一</GroupName>      <Id>1</Id>    </PowerGroup>    <PowerGroup>      <GroupName>操作組二</GroupName>      <Id>2</Id>    </PowerGroup>  </PowerGroupList>  <PowerList>    <Power>      <ParamStr>/cms/1234</ParamStr>      <Name>統(tǒng)計(jì)</Name>      <GroupId>1</GroupId>      <Id>2</Id>    </Power>    <Power>      <ParamStr>/cms/12345</ParamStr>      <Name>介紹</Name>      <GroupId>1</GroupId>      <Id>3</Id>    </Power>    <Power>      <ParamStr>/links/123</ParamStr>      <Name>友情鏈接</Name>      <GroupId>1</GroupId>      <Id>7</Id>    </Power>    <Power>      <ParamStr>/cms/123</ParamStr>      <Name>合作單位</Name>      <GroupId>1</GroupId>      <Id>8</Id>    </Power>    <Power>      <ParamStr>/proj</ParamStr>      <Name>產(chǎn)品展示</Name>      <GroupId>1</GroupId>      <Id>9</Id>    </Power>    <Power>      <ParamStr>/message</ParamStr>      <Name>客戶留言</Name>      <GroupId>1</GroupId>      <Id>10</Id>    </Power>    <Power>      <ParamStr>/gundong</ParamStr>      <Name>滾動(dòng)圖</Name>      <GroupId>1</GroupId>      <Id>11</Id>    </Power>    <Power>      <ParamStr>/guangao</ParamStr>      <Name>廣告位</Name>      <GroupId>1</GroupId>      <Id>12</Id>    </Power>    <Power>      <ParamStr>/cms/123</ParamStr>      <Name>文章</Name>      <GroupId>2</GroupId>      <Id>1</Id>    </Power>    <Power>      <ParamStr>/admin/ActionAdd</ParamStr>      <Name>文章查看</Name>      <GroupId>2</GroupId>      <Id>4</Id>    </Power>    <Power>      <ParamStr>/cms/12</ParamStr>      <Name>文章刪除</Name>      <GroupId>2</GroupId>      <Id>5</Id>    </Power>    <Power>      <ParamStr>/cms/123</ParamStr>      <Name>文章修改</Name>      <GroupId>2</GroupId>      <Id>6</Id>    </Power>  </PowerList></PowerConfig>

上面就是生成的config，運(yùn)行時(shí)候會(huì)加載到緩存，提高性能。他的生成是基于，Action和ActionGroup的，而Action和ActionGroup數(shù)據(jù)會(huì)存儲(chǔ)到數(shù)據(jù)庫，可以可視化添加。