From dd61c88921a3d9b96933165718418240f420b41a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8E=8B=E6=99=93=E5=AF=92?= <823756726@qq.com>
Date: Tue, 5 Nov 2024 14:20:39 +0800
Subject: [PATCH] =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E4=BF=AE=E5=A4=8D=EF=BC=9A?=
 =?UTF-8?q?=E5=BC=B1=E5=8F=A3=E4=BB=A4=EF=BC=88=E8=B4=A6=E5=8F=B7=E5=AD=98?=
 =?UTF-8?q?=E5=9C=A8=E8=A7=84=E5=BE=8B=EF=BC=8C=E5=8F=AF=E5=A4=A7=E9=87=8F?=
 =?UTF-8?q?=E6=8E=A5=E7=AE=A1=E8=B4=A6=E5=8F=B7=EF=BC=89+=E4=BB=BB?=
 =?UTF-8?q?=E6=84=8F=E8=AF=BB=E5=8F=96=E6=89=80=E6=9C=89=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E5=BA=93=E5=86=85=E7=9A=84=E6=89=80=E6=9C=89=E5=86=85=E5=AE=B9?=
 =?UTF-8?q?+=E5=A4=A7=E9=87=8F=E8=B6=8A=E6=9D=83=E8=AE=BF=E9=97=AE?=
 =?UTF-8?q?=E5=AF=BC=E8=87=B4=E6=95=8F=E6=84=9F=E4=BF=A1=E6=81=AF=E6=B3=84?=
 =?UTF-8?q?=E9=9C=B2=20=EF=BC=88=E5=8C=85=E6=8B=AC=E4=BD=86=E4=B8=8D?=
 =?UTF-8?q?=E9=99=90=E4=BA=8E=E8=BA=AB=E4=BB=BD=E8=AF=81=EF=BC=8C=E6=89=8B?=
 =?UTF-8?q?=E6=9C=BA=E5=8F=B7=EF=BC=8C=E8=B4=A6=E5=8F=B7=EF=BC=8C=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=EF=BC=89+=E8=B6=8A=E6=9D=83=E7=AF=A1=E6=94=B9?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/EmpInfoController.cs          | 27 +++++++++++++
 .../Controllers/StuInfoBasicController.cs     | 12 ++++++
 .../Controllers/UserController.cs             | 23 +++++++++++
 .../Controllers/DatabaseLinkController.cs     | 18 +++++++--
 .../Controllers/DatabaseTableController.cs    | 40 +++++++++++++++++++
 .../Controllers/LoginController.cs            |  7 +++-
 .../Learun.Application.Web.csproj             |  5 +--
 .../Views/Login/Default.cshtml                |  2 +-
 .../Learun.Cache.Redis/CacheByRedis.cs        | 10 +++++
 9 files changed, 134 insertions(+), 10 deletions(-)

diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs
index d4e52139f..45acaaf3e 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs	
@@ -172,6 +172,17 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
         [AjaxOnly]
         public ActionResult GetPageList(string pagination, string queryJson)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description == "学生")
+            {
+                return Fail("不允许学生查看教师信息");
+            }
+            if (user.Description == "教师")
+            {
+                var json=queryJson.ToJObject();
+                json["EmpNo"] = user.enCode;
+                queryJson=json.ToString();
+            }
             Pagination paginationobj = pagination.ToObject<Pagination>();
             var data = empInfoIBLL.GetPageList(paginationobj, queryJson);
             var jsonData = new
@@ -302,6 +313,22 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
             entity.resume = WebHelper.HtmlEncode(entity.resume);
             entity.SyncFlag = false;
             var model = empInfoIBLL.GetEmpInfoEntityByEmpNo(entity.EmpNo);
+            var user = LoginUserInfo.Get();
+            if (user.Description=="学生")
+            {
+                return Fail("不允许学生修改教师信息");
+            }
+            if (user.Description == "教师")
+            {
+                if (string.IsNullOrEmpty(keyValue))
+                {
+                    return Fail("不允许教师新增教师信息");
+                }
+                if (entity.EmpId!=keyValue||entity.EmpNo != user.account)
+                {
+                    return Fail("只允许教师修改自己的信息");
+                }
+            }
             var model_mobile = empInfoIBLL.GetEmpInfoEntityByMobile(entity.mobile);
             if (string.IsNullOrEmpty(keyValue))
             {
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs
index e28398b9b..e0afa8b47 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs	
@@ -574,6 +574,18 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
         [AjaxOnly]
         public ActionResult SaveForm(string keyValue, string strEntity)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description == "学生")
+            {
+                if (string.IsNullOrEmpty(keyValue))
+                {
+                    return Fail("不允许学生添加信息");
+                }
+                if (keyValue!=user.userId)
+                {
+                    return Fail("不允许学生修改其他学生信息");
+                }
+            }
             StuInfoBasicEntity entity = strEntity.ToObject<StuInfoBasicEntity>();
             entity.SyncFlag = false;
             var model = stuInfoBasicIBLL.GetStuInfoBasicEntityByStuNo(entity.StuNo);
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs
index dee4e3634..e68e2c64c 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs	
@@ -98,6 +98,16 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
         [AjaxOnly]
         public ActionResult GetPageList(string pagination, string keyword, string companyId, string departmentId, string tp)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description == "学生")
+            {
+                keyword = user.account;
+                tp = null;
+            }
+            if (user.Description == "教师")
+            {
+                tp = "1";
+            }
             Pagination paginationobj = pagination.ToObject<Pagination>();
             var data = userIBLL.GetPageList(companyId, departmentId, paginationobj, keyword, tp);
             var jsonData = new
@@ -120,6 +130,11 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
         [AjaxOnly]
         public ActionResult GetList(string companyId, string departmentId, string keyword)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description == "学生")
+            {
+                keyword = user.account;
+            }
             if (string.IsNullOrEmpty(companyId))
             {
                 var department = departmentIBLL.GetEntity(departmentId);
@@ -303,6 +318,14 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
         [AjaxOnly]
         public ActionResult SaveForm(string keyValue, UserEntity entity)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description == "学生"|| user.Description == "教师")
+            {
+                if (keyValue != user.userId)
+                {
+                    return Fail("只允许修改自己的信息");
+                }
+            }
             userIBLL.SaveEntity(keyValue, entity);
             return Success("保存成功！");
         }
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs
index 23c04271e..c3f1c5438 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs	
@@ -13,7 +13,7 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
     /// </summary>
     public class DatabaseLinkController : MvcControllerBase
     {
-        DatabaseLinkIBLL databaseLinkIBLL = new  DatabaseLinkBLL();
+        DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL();
 
         #region  获取视图
         /// <summary>
@@ -46,6 +46,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetList(string keyword)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseLinkIBLL.GetListByNoConnection(keyword);
             return JsonResult(data);
         }
@@ -83,9 +88,14 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetTreeList()
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseLinkIBLL.GetTreeList();
             return JsonResult(data);
-        } 
+        }
 
         #endregion
 
@@ -135,9 +145,9 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         /// <returns></returns>
         [HttpPost]
         [AjaxOnly]
-        public ActionResult TestConnection(string connection, string dbType,string keyValue)
+        public ActionResult TestConnection(string connection, string dbType, string keyValue)
         {
-            bool res = databaseLinkIBLL.TestConnection(connection, dbType,keyValue);
+            bool res = databaseLinkIBLL.TestConnection(connection, dbType, keyValue);
             if (res)
             {
                 return Success("连接成功！");
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs
index 05a32c94e..ade4501ff 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs	
@@ -87,6 +87,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetList(string databaseLinkId,string tableName)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseTableIBLL.GetTableList(databaseLinkId, tableName);
             return JsonResult(data);
         }
@@ -100,6 +105,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetDraftList(string queryJson)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = dbDraftIBLL.GetList(queryJson);
             return JsonResult(data);
         }
@@ -113,6 +123,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [HttpGet]
         [AjaxOnly]
         public ActionResult GetFieldList(string databaseLinkId, string tableName) {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseTableIBLL.GetTableFiledList(databaseLinkId, tableName);
             return JsonResult(data);
         }
@@ -130,6 +145,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetTableDataList(string databaseLinkId, string tableName, string field, string logic, string keyword, string pagination)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             Pagination paginationobj = pagination.ToObject<Pagination>();
             var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName, field, logic, keyword, paginationobj);
             var jsonData = new
@@ -151,6 +171,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetTableDataAllList(string databaseLinkId, string tableName)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName);
             return JsonResult(data);
         }
@@ -163,6 +188,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         [AjaxOnly]
         public ActionResult GetTreeList(string parentId)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseTableIBLL.GetTreeList(parentId);
             return JsonResult(data);
         }
@@ -174,6 +204,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         /// <returns></returns>
         public ActionResult GetFieldTreeList(string databaseLinkId, string tableName)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseTableIBLL.GetFiledTreeList(databaseLinkId, tableName);
             return JsonResult(data);
         }
@@ -185,6 +220,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
         /// <returns></returns>
         public ActionResult GetSqlColName(string databaseLinkId, string strSql)
         {
+            var user = LoginUserInfo.Get();
+            if (user.Description != "管理员")
+            {
+                return Fail("不允许的操作");
+            }
             var data = databaseTableIBLL.GetSqlColName(databaseLinkId, strSql);
             return JsonResult(data);
         }
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs b/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs
index 0feb9ff09..1f415a39c 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs	
@@ -555,7 +555,6 @@ namespace Learun.Application.Web.Controllers
         //[HandlerValidateAntiForgeryToken]
         public ActionResult CheckLogin(string username, string password, string verifycode, string up, string defaultPwdTip)
         {
-
             int error = OperatorHelper.Instance.GetCurrentErrorNum();
             if (error >= 3)
             {
@@ -634,6 +633,12 @@ namespace Learun.Application.Web.Controllers
             }
             else
             {
+                var key = $"login_attempts:{GetIP()}";
+                var currentAttempts = _redis.StringIncrement(key,15);
+                if (currentAttempts > 10)
+                {
+                    return Fail("登录次数10分钟超过10次，已被禁止登录，请20分钟后重试！", error);
+                }
                 //记录ip
                 userBll.UpdateIp(GetIP(), userEntity.F_UserId);
                 OperatorHelper.Instance.AddLoginUser(userEntity.F_Account, "Learun_ADMS_6.1_PC", null);//写入缓存信息
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj b/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj
index e63b9296a..997c67cc4 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj	
@@ -23,7 +23,7 @@
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
     <UseGlobalApplicationHostFile />
-    <Use64BitIISExpress />
+    <Use64BitIISExpress>false</Use64BitIISExpress>
     <SccProjectName>
     </SccProjectName>
     <SccLocalPath>
@@ -104,9 +104,6 @@
     <Reference Include="Microsoft.Practices.Unity.RegistrationByConvention">
       <HintPath>..\packages\Unity.4.0.1\lib\net45\Microsoft.Practices.Unity.RegistrationByConvention.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.QualityTools.Testing.Fakes, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-    </Reference>
     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
       <Private>True</Private>
diff --git a/Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml b/Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml
index 754ba1912..3995b378a 100644
--- a/Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml	
+++ b/Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml	
@@ -86,7 +86,7 @@
                 <div class="lr-login-bypsw noreg">
                     <div class="error_info">*&nbsp;<span>密码不正确</span></div>
                     <div class="lr-login-input">
-                        <img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号">
+                        <img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号/学号">
                     </div>
                     <div class="lr-login-input">
                         <img class="inp_icon" src="~/Content/images/Login/default_psw0.png" alt=""><input id="lr_password" type="password" placeholder="密码">
diff --git a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs
index 86c8e6473..b8910132a 100644
--- a/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs	
+++ b/Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs	
@@ -138,6 +138,16 @@ namespace Learun.Cache.Redis
             return new RedisCache(dbId, null).ListLength(cacheKey);
         }
 
+        public double StringIncrement(string cacheKey, int dbId = 0)
+        {
+            var current = new RedisCache(dbId, null).StringIncrement(cacheKey);
+            if (current == 1)
+            {
+                new RedisCache(dbId, null).KeyExpire(cacheKey, TimeSpan.FromMinutes(10));
+            }
+            return current;
+        }
+
         #endregion 同步方法
 
         #endregion List