diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs index 45acaaf3e..d7b8a86d4 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs @@ -173,15 +173,18 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers public ActionResult GetPageList(string pagination, string queryJson) { var user = LoginUserInfo.Get(); - if (user.Description == "学生") + if (!user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) { - return Fail("不允许学生查看教师信息"); - } - if (user.Description == "教师") - { - var json=queryJson.ToJObject(); - json["EmpNo"] = user.enCode; - queryJson=json.ToString(); + if (user.Description == "学生") + { + return Fail("不允许学生查看教师信息"); + } + if (user.Description == "教师") + { + var json = queryJson.ToJObject(); + json["EmpNo"] = user.enCode; + queryJson = json.ToString(); + } } Pagination paginationobj = pagination.ToObject(); var data = empInfoIBLL.GetPageList(paginationobj, queryJson); @@ -314,21 +317,27 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers entity.SyncFlag = false; var model = empInfoIBLL.GetEmpInfoEntityByEmpNo(entity.EmpNo); var user = LoginUserInfo.Get(); - if (user.Description=="学生") + if (!user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) { - return Fail("不允许学生修改教师信息"); - } - if (user.Description == "教师") - { - if (string.IsNullOrEmpty(keyValue)) + if (user.Description == "学生") { - return Fail("不允许教师新增教师信息"); + return Fail("不允许学生修改教师信息"); } - if (entity.EmpId!=keyValue||entity.EmpNo != user.account) + + if (user.Description == "教师") { - return Fail("只允许教师修改自己的信息"); + if (string.IsNullOrEmpty(keyValue)) + { + return Fail("不允许教师新增教师信息"); + } + + if (entity.EmpId != keyValue || entity.EmpNo != user.account) + { + return Fail("只允许教师修改自己的信息"); + } } } + var model_mobile = empInfoIBLL.GetEmpInfoEntityByMobile(entity.mobile); if (string.IsNullOrEmpty(keyValue)) { diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs index e0afa8b47..b8c1528de 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs @@ -575,17 +575,22 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers public ActionResult SaveForm(string keyValue, string strEntity) { var user = LoginUserInfo.Get(); - if (user.Description == "学生") + if (!user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) { - if (string.IsNullOrEmpty(keyValue)) + if (user.Description == "学生") { - return Fail("不允许学生添加信息"); - } - if (keyValue!=user.userId) - { - return Fail("不允许学生修改其他学生信息"); + if (string.IsNullOrEmpty(keyValue)) + { + return Fail("不允许学生添加信息"); + } + + if (keyValue != user.userId) + { + return Fail("不允许学生修改其他学生信息"); + } } } + StuInfoBasicEntity entity = strEntity.ToObject(); entity.SyncFlag = false; var model = stuInfoBasicIBLL.GetStuInfoBasicEntityByStuNo(entity.StuNo); diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs index e68e2c64c..cfaa53b14 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs @@ -99,15 +99,20 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers public ActionResult GetPageList(string pagination, string keyword, string companyId, string departmentId, string tp) { var user = LoginUserInfo.Get(); - if (user.Description == "学生") - { - keyword = user.account; - tp = null; - } - if (user.Description == "教师") + if (!user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) { - tp = "1"; + if (user.Description == "学生") + { + keyword = user.account; + tp = null; + } + + if (user.Description == "教师") + { + tp = "1"; + } } + Pagination paginationobj = pagination.ToObject(); var data = userIBLL.GetPageList(companyId, departmentId, paginationobj, keyword, tp); var jsonData = new @@ -319,13 +324,17 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers public ActionResult SaveForm(string keyValue, UserEntity entity) { var user = LoginUserInfo.Get(); - if (user.Description == "学生"|| user.Description == "教师") + if (!user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) { - if (keyValue != user.userId) + if (user.Description == "学生" || user.Description == "教师") { - return Fail("只允许修改自己的信息"); + if (keyValue != user.userId) + { + return Fail("只允许修改自己的信息"); + } } } + userIBLL.SaveEntity(keyValue, entity); return Success("保存成功!"); } diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs index c3f1c5438..8997273d3 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs @@ -47,10 +47,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetList(string keyword) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseLinkIBLL.GetListByNoConnection(keyword); return JsonResult(data); } @@ -89,10 +87,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetTreeList() { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseLinkIBLL.GetTreeList(); return JsonResult(data); } diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs index ade4501ff..18fc5fe37 100644 --- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs +++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs @@ -32,7 +32,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers /// /// [HttpGet] - public ActionResult Form() { + public ActionResult Form() + { return View(); } /// @@ -40,7 +41,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers /// /// [HttpGet] - public ActionResult TableIndex() { + public ActionResult TableIndex() + { return View(); } @@ -85,13 +87,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers /// [HttpGet] [AjaxOnly] - public ActionResult GetList(string databaseLinkId,string tableName) + public ActionResult GetList(string databaseLinkId, string tableName) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseTableIBLL.GetTableList(databaseLinkId, tableName); return JsonResult(data); } @@ -106,10 +106,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetDraftList(string queryJson) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = dbDraftIBLL.GetList(queryJson); return JsonResult(data); } @@ -122,12 +120,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers /// [HttpGet] [AjaxOnly] - public ActionResult GetFieldList(string databaseLinkId, string tableName) { + public ActionResult GetFieldList(string databaseLinkId, string tableName) + { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseTableIBLL.GetTableFiledList(databaseLinkId, tableName); return JsonResult(data); } @@ -146,10 +143,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetTableDataList(string databaseLinkId, string tableName, string field, string logic, string keyword, string pagination) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } Pagination paginationobj = pagination.ToObject(); var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName, field, logic, keyword, paginationobj); var jsonData = new @@ -172,10 +167,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetTableDataAllList(string databaseLinkId, string tableName) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName); return JsonResult(data); } @@ -189,10 +182,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetTreeList(string parentId) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseTableIBLL.GetTreeList(parentId); return JsonResult(data); } @@ -205,10 +196,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetFieldTreeList(string databaseLinkId, string tableName) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseTableIBLL.GetFiledTreeList(databaseLinkId, tableName); return JsonResult(data); } @@ -221,10 +210,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers public ActionResult GetSqlColName(string databaseLinkId, string strSql) { var user = LoginUserInfo.Get(); - if (user.Description != "管理员") - { + if (user.Description != "管理员" && !user.roleIds.Contains("d61e1853-cdee-4d49-a5e1-e230f1098e52")) return Fail("不允许的操作"); - } var data = databaseTableIBLL.GetSqlColName(databaseLinkId, strSql); return JsonResult(data); } @@ -264,7 +251,7 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers /// [HttpPost] [AjaxOnly] - public ActionResult SaveTable(string databaseLinkId, string draftId, string tableName,string tableRemark,string strColList) + public ActionResult SaveTable(string databaseLinkId, string draftId, string tableName, string tableRemark, string strColList) { List colList = strColList.ToObject>(); string res = databaseTableIBLL.CreateTable(databaseLinkId, tableName, tableRemark, colList); @@ -276,7 +263,8 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers } return Success("创建成功"); } - else { + else + { return Fail(res); } }