前五章均是从整体上讲述了Web应用程序的多用户权限控制实现流程,本章讲述Web权限管理系统的权限配置模块。页面模块涉及到的数据表为权限表。权限配置模块是按照用户组和页面,栏目结合组成的。通过配置一个用户组可以访问的页面即完成了该类型用户的访问权限管理。
为了更规范和方便后期系统的二次开发和维护,对应特定的业务模块采用Area(域)的方式开发,权限模块的开发域如下图所示:
由于在Areas下还建立了一个新的目录SystemManage,故需要改变原来的路由。权限模块的路由文件名称为RightManageAreaRegistration。改变路由代码的文件名称为如下:
using System.Web.Mvc;
namespace CodeForMvcTest.Areas.RightManage
{
public class RightManageAreaRegistration : AreaRegistration
{
public override string AreaName
{
get
{
return "SystemManage/RightManage";
}
}
public override void RegisterArea(AreaRegistrationContext context)
{
context.MapRoute(
"SystemManage_RightManage_default",
"SystemManage/RightManage/{controller}/{action}/{id}",
new { action = "Index", id = UrlParameter.Optional }
);
}
}
}
权限模块的Model可参看第三章项目架构的系统共有类,对应model为TreeModel.cs。文件路径为Areas/SystemManage/Models。
权限模块的视图包含在权限域中,文件路径为Areas/SystemManage/OperatorManage/Views/RightManage,视图名称为RightMange.cshtml。视图的完整代码如下:
1 @{ 2 ViewBag.Title = "权限管理"; 3 Layout = "~/Views/Shared/_BaseLayout.cshtml"; 4 } 5 6 <div class="easyui-layout" data-options="fit:true"> 7 8 <div data-options="region:'north',split:true" style="height: 50px;"> 9 <table style="margin-left: 5px; margin-top: 5px;"> 10 <tr> 11 <td><span style="margin-left: 10px;">用户组:</span></td> 12 <td> 13 <select class="easyui-combobox" name="operatorGroupId" id="operatorGroupId" style="width: 150px;" 14 data-options="editable:false,required:true,onSelect:GetRightList"> 15 @Html.Raw(ViewBag.GroupList) 16 </select> 17 </td> 18 <td> 19 <button id="btn_submit" style="margin-left: 10px; margin-right: 10px;" onclick="UpdateRight();">保存修改</button> 20 </td> 21 </tr> 22 </table> 23 24 </div> 25 26 <div data-options="region:'center',split:true" style="padding-bottom: 10px; padding-top: 10px;"> 27 <ul class="easyui-tree" id="pageTree" 28 data-options=" 29 checkbox:true, 30 url:'/SystemManage/RightManage/RightManage/GetRightTree', 31 method:'get', 32 onLoadSuccess:GetRightList"> 33 </ul> 34 <br /> 35 </div> 36 37 </div> 38 39 @section scripts 40 { 41 <script type="text/javascript" src="/Areas/SystemManage/SystemJS/rightManage.js"></script> 42 <script type="text/javascript"> 43 </script> 44 }
权限模块相关的JS文件路径为Areas/SystemManage/SystemJS,JS文件名称为rightManage.js。JS的完整代码如下:
1 //加载用户组对应的权限列表 2 function GetRightList() { 3 LoadMask("正在查询,请稍等... ..."); 4 5 var operatorGroupId = $("#operatorGroupId").combobox("getValue"); 6 var roots = $("#pageTree").tree('getRoots'); 7 if (roots != null && roots.length > 0) { 8 for (var i = 0; i < roots.length; i++) { 9 $("#pageTree").tree("uncheck", roots[i].target); 10 } 11 } 12 13 $.ajax({ 14 url: '/SystemManage/RightManage/RightManage/RightManage', 15 data: { operatorGroupId: operatorGroupId }, 16 type: 'POST', 17 dataType: 'json', 18 success: function (data) { 19 if (data.isSuccess == "0") { 20 alert("未能成功加载用户组对应权限!"); 21 } else { 22 if (data.dataList.length > 0) { 23 for (var i = 0; i < data.dataList.length; i++) { 24 var nodeId = data.dataList[i]; 25 var node = $("#pageTree").tree("find", nodeId); 26 if (node != null && $("#pageTree").tree("isLeaf", node.target) == true) { 27 $("#pageTree").tree("check", node.target); 28 } 29 } 30 } 31 } 32 HideMask(); 33 }, 34 error: function (data) { 35 if (data.responseText.indexOf("/Login/Login") >= 0) { 36 window.parent.location.href = '/Login/Login'; 37 } 38 alert("加载用户组对应权限出错!"); 39 HideMask(); 40 } 41 }); 42 }; 43 44 //修改用户组的权限 45 function UpdateRight() { 46 LoadMask("正在修改,请稍等... ..."); 47 var operatorGroupId = $("#operatorGroupId").combobox("getValue"); 48 var nodes = $("#pageTree").tree("getChecked"); //选中的所有节点 49 //将所有叶子节点(即页面节点)的ID值取出,组合为数组 50 var rightArray = []; 51 if (nodes.length > 0) { 52 var j = 0; 53 for (var i = 0; i < nodes.length; i++) { 54 if ($("#pageTree").tree('isLeaf', nodes[i].target) == true) { 55 var nodeObj; 56 nodeObj = { 57 PageIndex: nodes[i].id 58 }; 59 rightArray[j] = nodeObj; 60 j++; 61 } 62 } 63 } 64 65 $.ajax({ 66 url: '/SystemManage/RightManage/RightManage/UpdateRight', 67 data: { operatorGroupId: operatorGroupId, rightIdListStr: JSON.stringify(rightArray) }, 68 dataType: 'text', 69 type: 'POST', 70 traditional: true, 71 success: function (data) { 72 if (data.indexOf("/Login/Login") >= 0) { 73 window.parent.location.href = '/Login/Login'; 74 } 75 alert(data); 76 HideMask(); 77 }, 78 error: function (data) { 79 if (data.responseText.indexOf("/Login/Login") >= 0) { 80 window.parent.location.href = '/Login/Login'; 81 } 82 alert("修改权限出错!"); 83 HideMask(); 84 } 85 }); 86 87 88 };
权限模块的控制器包含在权限域中,文件路径为Areas/SystemManage/PageMange/Controllers,控制器名称为RightManageController.cs。控制器的完整代码如下:
1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Web; 5 using System.Web.Mvc; 6 using Session; 7 using OdbcDbAccess; 8 using System.Data; 9 using Models; 10 using Controllers; 11 using System.Data.SqlClient; 12 using Newtonsoft.Json; 13 using LogInfo; 14 using System.IO; 15 using System.Text; 16 17 namespace CodeForMvcTest.Areas.RightManage.Controllers 18 { 19 public class RightManageController : BaseController 20 { 21 /// <summary> 22 /// **************************** 23 /// 功能:权限处理类 24 /// 作者:Author 25 /// 时间:2015-7-18 26 /// 邮箱:[email protected] 27 /// **************************** 28 29 public ActionResult RightManage() 30 { 31 IList<OperatorGroup> groupList = GetOperatorGroup(); 32 ViewBag.GroupList = DataTransfor.ListToComboboxHtml(groupList, "GroupId", "GroupName", false); 33 return View(); 34 } 35 36 /// <summary> 37 /// 获取权限树 38 /// </summary> 39 /// <returns></returns> 40 public ActionResult GetRightTree() 41 { 42 IList<TreeModel> catalogNodeList = new List<TreeModel>(); 43 //查询语句 44 string sql = "select * from catalog where isavailable=1 order by catalogid,showno"; 45 try 46 { 47 //获取目录数据,并封装 48 DataSet categoryDs = SqlHelper.ExecuteQuery(SqlSeverConnectionName, sql); 49 if (categoryDs != null && categoryDs.Tables.Count > 0) 50 { 51 catalogNodeList = TreeModel.BuildTreeNodeList(categoryDs.Tables[0].Rows, "catalogid", "catalogname", 52 "parentid", false); 53 //获取页面数据 54 sql = "select catalogid,pageid,pagename from pageinfo where isavailable=1 order by catalogid,showno"; 55 DataSet pageDs = SqlHelper.ExecuteQuery(SqlSeverConnectionName, sql); 56 57 if (pageDs != null && pageDs.Tables.Count > 0) 58 { 59 DataTable table = pageDs.Tables[0]; 60 foreach (DataRow pageRow in table.Rows) 61 { 62 decimal parentId = DBNull.Value.Equals(pageRow["catalogid"]) ? 0 : Convert.ToDecimal(pageRow["catalogid"]); 63 decimal id = DBNull.Value.Equals(pageRow["pageid"]) ? 0 : Convert.ToDecimal(pageRow["pageid"]); 64 id = Convert.ToDecimal(parentId + id.ToString("0000")); 65 string pageName = DBNull.Value.Equals(pageRow["pagename"]) ? "" : Convert.ToString(pageRow["pagename"]); 66 67 var node = new TreeModel 68 { 69 id = id, 70 text = pageName, 71 state = "close" 72 }; 73 74 if (!TreeModel.FoundTreeNode(catalogNodeList, node, parentId)) 75 { 76 catalogNodeList.Add(node); 77 } 78 79 } 80 } 81 } 82 } 83 catch (Exception ex) 84 { 85 Log.SaveErrorLog(ex.ToString(), "构建页面列表树出错!"); 86 } 87 return Json(catalogNodeList, JsonRequestBehavior.AllowGet); 88 } 89 90 91 /// <summary> 92 /// 通过用户组ID获取拥有的页面权限 93 /// </summary> 94 /// <param name="operatorGroupId">用户组ID</param> 95 /// <returns></returns> 96 [HttpPost] 97 public ActionResult RightManage(int operatorGroupId) 98 { 99 //对应的节点ID 100 IList<decimal> nodeId = new List<decimal>(); 101 102 try 103 { 104 string sql = "select * from rightlist where operatorgroupid='" + operatorGroupId + "'"; 105 DataSet dataSet = SqlHelper.ExecuteQuery(SqlSeverConnectionName, sql); 106 if (dataSet != null && dataSet.Tables.Count > 0) 107 { 108 DataTable table = dataSet.Tables[0]; 109 decimal categoryId, pageId; 110 foreach (DataRow dr in table.Rows) 111 { 112 categoryId = Convert.ToDecimal(dr["categoryid"]); 113 pageId = Convert.ToDecimal(categoryId + Convert.ToInt32(dr["pageid"]).ToString("0000")); 114 if (!nodeId.Contains(categoryId)) 115 { 116 nodeId.Add(categoryId); 117 } 118 nodeId.Add(pageId); 119 } 120 } 121 object result = new 122 { 123 isSuccess = 1, 124 dataList = nodeId 125 }; 126 return Json(result); 127 } 128 catch (Exception ex) 129 { 130 Log.SaveErrorLog(ex.ToString(), "查询用户组权限出错"); 131 object result = new 132 { 133 isSuccess = 0 134 }; 135 return Json(result); 136 } 137 } 138 139 140 /// <summary> 141 /// 修改用户组权限 142 /// </summary> 143 /// <param name="operatorGroupId">用户组ID</param> 144 /// <param name="rightIdList">权限ID列表</param> 145 /// <returns></returns> 146 [HttpPost] 147 public ActionResult UpdateRight(int operatorGroupId, string rightIdListStr) 148 { 149 IList<Page> rightIdList = JsonConvert.DeserializeObject<IList<Page>>(rightIdListStr); 150 var sql = new StringBuilder(); 151 sql.Append("delete from rightlist where operatorgroupid=").Append(operatorGroupId); 152 153 try 154 { 155 if (rightIdList != null && rightIdList.Count > 0) 156 { 157 string sqlItem = "insert into rightlist (pageid,categoryid,operatorgroupid,state,issys) values ({0},{1},{2},1,0)"; 158 foreach (Page item in rightIdList) 159 { 160 string pageNodeId = item.PageIndex.ToString(); 161 if (pageNodeId.Length > 4) 162 { 163 string categoryId = pageNodeId.Substring(0, pageNodeId.Length - 4); 164 string pageId = pageNodeId.Substring(pageNodeId.Length - 4, 4); 165 166 sql.Append(";").Append(string.Format(sqlItem, Convert.ToInt32(pageId), categoryId, operatorGroupId)); 167 } 168 } 169 } 170 string sqlinfo=sql.ToString (); 171 int result=SqlHelper .ExecuteTran(SqlSeverConnectionName,sqlinfo); 172 173 Log.SaveOperatorLog("", 1, "修改权限成功"); 174 return Content("修改成功!"); 175 } 176 catch (Exception ex) 177 { 178 179 Log.SaveErrorLog(ex.ToString(), "修改权限出错"); 180 return Content("未能成功修改权限!"); 181 } 182 183 } 184 185 186 /// <summary> 187 /// 获取用户组列表 188 /// </summary> 189 /// <returns></returns> 190 private IList<OperatorGroup> GetOperatorGroup() 191 { 192 IList<OperatorGroup> groupList = new List<OperatorGroup>(); 193 string sql = "select * from operatorgroup order by groupid"; 194 try 195 { 196 DataSet dataSet = SqlHelper.ExecuteQuery(SqlSeverConnectionName, sql); 197 int[] columnIndexArray = { 0, 1, 3, 4, 7 }; 198 string[] propertyArray = { "GroupId", "GroupName", "OrderNum", "State", "ParentId" }; 199 groupList = DataTransfor.DataSetTransfor<OperatorGroup>(dataSet, columnIndexArray, propertyArray); 200 } 201 catch (Exception ex) 202 { 203 Log.SaveErrorLog(ex.ToString(), "获取用户组出错!"); 204 } 205 return groupList; 206 } 207 } 208 }
权限管理主界面如下图所示: