using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using DSWeb.MvcShipping.Helper; using DSWeb.MvcShipping.Comm.Cookie; using DSWeb.Areas.CommMng.DAL; using DSWeb.Areas.RptMng.Comm; using HcUtility.Comm; using HcUtility.Core; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.EntityDA; using DSWeb.Areas.CommMng.Models; using DSWeb.SoftMng.Filter; namespace DSWeb.MvcShipping.Controllers { /// /// 报表服务项目查询 /// [JsonRequestBehavior] public class MsRptApplyServiceController : Controller { // // GET: /MvcShipping/MsRptFeeStatus public ActionResult Index() { return View(); } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult BsListData(int start, int limit, string condition, string sort, string printstr) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var strSql = new StringBuilder(); strSql.Append("SELECT S.WORK,S.STARTDATETIME,S.PLANENDTIME,S.ENDDATETIME,S.ENDOP,S.STATUS "); strSql.Append(",(SELECT top 1 ISNULL(workload,0) FROM code_op_service_work WHERE NAME=S.WORK) AS WORKLOAD"); strSql.Append(",A.BSNO,A.BSSTATUS,A.FEESTATUS,A.BSDATE,A.ACCDATE,A.OPDATE,A.MBLNO,A.HBLNO,A.CUSTNO"); strSql.Append(",A.CUSTOMERNAME,A.BSTYPE,A.VESSEL,A.VOYNO,A.ETD,A.ETA,A.PORTLOAD,A.PORTDISCHARGE"); strSql.Append(",A.INPUTBY,A.OP,A.SALE,A.CUSTOMSER,A.BSSOURCE,A.BSSOURCEDETAIL"); strSql.Append(",A.CORPID,A.SALEDEPT,A.PKGS,A.KGS,A.NETWEIGHT,A.CBM"); strSql.Append(",A.CUSTOMNO,A.CUSTOMDATE,A.INSPECTIONNO,A.INSPECTIONDATE,A.INVNO,A.CONTRACTNO,A.ARCOUNTRY,A.GOODSOURCE"); strSql.Append(",A.DOCNO,A.TRADETYPE,A.REMARK,A.BOOKNO,A.BYCUSTOM,A.ENTERPID,A.ENTERP"); strSql.Append(",A.ISSERVICE1,A.ISSERVICE2,A.ISSERVICE3,A.ISSERVICE4,A.ISSERVICE5,A.ISSERVICE6,A.ISSERVICE7,A.ISSERVICE8"); strSql.Append(",(select EnumValueName from tSysEnumValue where LangId=0 and EnumTypeID=96004 and EnumValueID=A.BsType) as BSTYPEREF"); strSql.Append(",(CASE A.BsStatus WHEN 1 THEN '锁定' else '未锁定' end) as BSSTATUSREF "); strSql.Append(",(CASE A.FeeStatus WHEN 1 THEN '锁定' else '未锁定' end) as FEESTATUSREF "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE1') as SERVICE1 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE2') as SERVICE2 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE3') as SERVICE3 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE4') as SERVICE4 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE5') as SERVICE5 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE6') as SERVICE6 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE7') as SERVICE7 "); strSql.Append(",(Select STATUS from op_apply_service where BSNO=A.BSNO AND OPField='SERVICE8') as SERVICE8 "); strSql.Append(" from op_apply_service_detail S LEFT JOIN OP_APPLY A ON (A.BSNO=S.BSNO)"); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by A.BSDATE,A.BSNO DESC"); } if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } public static string GetRangDAStr(string tb, string userid, string usercode, string companyid) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modFeeModifyreportRange' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "3") { str = " (B.OP='" + usercode + "' OR B.SALE='" + usercode + "')"; } else if (visiblerange == "2") { if (tb == "index") { var rangeDa = new RangeDA(); var deptname = rangeDa.GetDEPTNAME(userid); var userstr = new StringBuilder(); userstr.Append(" select SHOWNAME from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "') and GID in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "'"; } else { str = str + " or B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "'"; }; } str = str + ")"; reader.Close(); } } else { str = " UPPER(B.Corpid)='" + companyid + "'"; } } else if (visiblerange == "1") { str = " UPPER(B.Corpid)='" + companyid + "'"; } return str; } #region 参照部分 #endregion } }