You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
DS7/DSWeb/Areas/RptMng/Controllers/MsRptWxQryController.cs

173 lines
6.0 KiB
C#

2 years ago
using System;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using DSWeb.Areas.CommMng.DAL;
using DSWeb.Areas.RptMng.Comm;
using HcUtility.Comm;
using Microsoft.Practices.EnterpriseLibrary.Data;
using DSWeb.TruckMng.Comm.Cookie;
using DSWeb.Areas.CommMng.Models;
using DSWeb.EntityDA;
using System.Text;
7 months ago
using DSWeb.SoftMng.Filter;
2 years ago
namespace DSWeb.Areas.RptMng.Controllers
{
public class MsRptWxQryController : Controller
{
//
// GET: /RptMng/MsRptWxQry/
public ActionResult Index()
{
return View();
}
//
// GET/RptMng/MsRptWxQry/QryData
7 months ago
[SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器
2 years ago
public ContentResult QryData(int start, int limit, string condition,string sort)
{
var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), CookieConfig.GetCookie_UserCode(Request), CookieConfig.GetCookie_OrgCode(Request));
if (!string.IsNullOrEmpty(strDa))
{
if (!string.IsNullOrEmpty(condition))
{
condition = condition + " and " + strDa;
}
else
{
condition = strDa;
}
}
var strSql = new StringBuilder();
strSql.Append("SELECT A.ORGCODE, MIN(A.ORGNAME) as ORGNAME, B.KFWXUSER, sum(B.REALHOURS) as REALHOURS, Min(B.REMARK) as REMARK");
strSql.Append(" FROM TMSKFWXHEAD A, TMSKFWXBODY B");
strSql.Append(" WHERE A.BILLNO=B.BILLNO ");
if (!string.IsNullOrEmpty(condition))
{
strSql.Append(" and " + condition);
}
strSql.Append(" GROUP BY A.ORGCODE, B.KFWXUSER ");
var sortstring = DatasetSort.Getsortstring(sort);
if (!string.IsNullOrEmpty(sortstring))
{
strSql.Append(" order by " + sortstring);
}
var dbparams = new List<CustomDbParamter>();
var paramps_sSQL = new CustomDbParamter();
paramps_sSQL.ParameterName = "@sSQL";
paramps_sSQL.DbType = DbType.String;
paramps_sSQL.Direction = ParameterDirection.Input;
paramps_sSQL.Value = strSql.ToString();
dbparams.Add(paramps_sSQL);
var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set");
var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true);
return new ContentResult() { Content = json };
/*
var dbparams = new List<CustomDbParamter>();
var paramps_OrgCode = new CustomDbParamter();
paramps_OrgCode.ParameterName = "@PS_ORGCODE";
paramps_OrgCode.DbType = DbType.String;
paramps_OrgCode.Direction = ParameterDirection.Input;
paramps_OrgCode.Value = RptHelper.JsonGetValue(condition, "PS_ORGCODE").ToString();
dbparams.Add(paramps_OrgCode);
var paramps_KfWxUser = new CustomDbParamter();
paramps_KfWxUser.ParameterName = "@PS_KFWXUSER";
paramps_KfWxUser.DbType = DbType.String;
paramps_KfWxUser.Direction = ParameterDirection.Input;
paramps_KfWxUser.Value = RptHelper.JsonGetValue(condition, "PS_KFWXUSER").ToString();
dbparams.Add(paramps_KfWxUser);
var paramps_PgDateBgn = new CustomDbParamter();
paramps_PgDateBgn.ParameterName = "@PS_PGDATEBGN";
paramps_PgDateBgn.DbType = DbType.String;
paramps_PgDateBgn.Direction = ParameterDirection.Input;
paramps_PgDateBgn.Value = RptHelper.JsonGetValue(condition, "PS_PGDATEBGN").ToString();
dbparams.Add(paramps_PgDateBgn);
var paramps_PgDateEnd = new CustomDbParamter();
paramps_PgDateEnd.ParameterName = "@PS_PGDATEEND";
paramps_PgDateEnd.DbType = DbType.String;
paramps_PgDateEnd.Direction = ParameterDirection.Input;
paramps_PgDateEnd.Value = RptHelper.JsonGetValue(condition, "PS_PGDATEEND").ToString();
dbparams.Add(paramps_PgDateEnd);
var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsRptWxQry", dbparams, "Result_Set");
var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", false);
return new ContentResult() { Content = json };
*/
}
public static string GetRangDAStr(string tb, string userid, string usercode, string orgcode)
{
string str = "";
var strSql = new StringBuilder();
strSql.Append("SELECT ");
strSql.Append(" VISIBLERANGE,OPERATERANGE ");
strSql.Append(" from VW_User_Authority ");
strSql.Append(" where [NAME]='modTruckYl' and USERID='" + userid + "' and ISDELETE=0");
string visiblerange = "4";
string operaterange = "4";
Database db = DatabaseFactory.CreateDatabase();
using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString()))
{
while (reader.Read())
{
visiblerange = Convert.ToString(reader["VISIBLERANGE"]);
operaterange = Convert.ToString(reader["OPERATERANGE"]);
break;
}
reader.Close();
}
if (visiblerange == "4")
{
str = "1=2";
}
else if (visiblerange == "3")
{
str = " UPPER(A.ORGCODE)='" + orgcode + "'";
}
else if (visiblerange == "2")
{
str = " UPPER(A.ORGCODE)='" + orgcode + "'";
}
else if (visiblerange == "1")
{
str = " UPPER(A.ORGCODE)='" + orgcode + "'";
}
return str;
}
#region 参照部分
#endregion
}
}