using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using DSWeb.MvcShipping.Helper; using DSWeb.MvcShipping.Comm.Cookie; using DSWeb.Areas.CommMng.DAL; using DSWeb.Areas.RptMng.Comm; using HcUtility.Comm; using HcUtility.Core; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.EntityDA; using DSWeb.Areas.CommMng.Models; using System.IO; using DSWeb.SoftMng.Filter; namespace DSWeb.MvcShipping.Controllers { /// /// [JsonRequestBehavior] public class MsRptFeeSettleDiffController : Controller { // // GET: /MvcShipping/MsRptOpProfit public ActionResult Index() { return View(); } // // GET:/RptMng/MsRptPcHeadQry/QryData [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult BsListData(int start, int limit, string condition, string sort, string printstr,string sortstr) { //var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); //if (!string.IsNullOrEmpty(strDa)) //{ // if (!string.IsNullOrEmpty(condition)) // { // condition = condition + " and " + strDa; // } // else // { // condition = strDa; // } //} var strSql = new StringBuilder(); strSql.Append("SELECT B.BSNO,B.OPTYPE, B.OPLBNAME, B.BSTYPE,B.CUSTOMERNAME, B.CUSTNO, B.MBLNO, B.HBLNO,B.VESSEL, B.VOYNO, B.INPUTBY, B.CREATETIME, B.BSSTATUS, B.SALE, B.OP, B.DOC,"); strSql.Append("case B.ETD when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.ETD,23) end as ETD"); strSql.Append(",case B.OPDATE when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.OPDATE,23) end as OPDATE,B.ENTERP"); strSql.Append(",case B.CUSTOMDATE when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.CUSTOMDATE,23) end as CUSTOMDATE"); strSql.Append(",B.CUSTSERVICE, B.PORTLOAD, B.PORTDISCHARGE, B.CUSTOMNO, B.ACCDATE,B.CARRIER, B.BSSOURCE, B.LANE, B.FORWARDER,B.NETWEIGHT,B.KGS,B.TEU,B.CNTRTOTAL,B.CORPID"); strSql.Append(",B.TRADETYPE,B.GOODSNAME,B.FEESTATUS"); strSql.Append(",(CASE B.FEESTATUS WHEN 1 THEN '锁定' else '未锁定' end) as FEESTATUSREF "); strSql.Append(",F.SETTLETIME,F.CUSTOMERNAME as CUSTNAME,SUM(F.RATEDIFF) AS RATEDIFF "); strSql.Append(" FROM v_fee_rate F "); strSql.Append(" INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } strSql.Append(" GROUP BY B.BSNO,B.OPTYPE,B.OPLBNAME, B.BSTYPE,B.CUSTOMERNAME, B.CUSTNO, B.MBLNO, B.HBLNO,B.VESSEL, B.VOYNO, B.INPUTBY, B.CREATETIME, B.BSSTATUS, B.SALE, B.OP, B.DOC,"); strSql.Append(" B.ETD"); strSql.Append(" ,B.OPDATE,B.ENTERP"); strSql.Append(" ,B.CUSTOMDATE"); strSql.Append(" ,B.CUSTSERVICE, B.PORTLOAD, B.PORTDISCHARGE, B.CUSTOMNO, B.ACCDATE,B.CARRIER, B.BSSOURCE, B.LANE, B.FORWARDER,B.NETWEIGHT,B.KGS,B.TEU,B.CNTRTOTAL,B.CORPID"); strSql.Append(" ,B.TRADETYPE,B.GOODSNAME,B.FEESTATUS,F.CUSTOMERNAME,F.SETTLETIME "); if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { if (!string.IsNullOrEmpty(sortstr)) { strSql.Append(" order by " + sortstr); } else { strSql.Append(" order by F.CUSTOMERNAME,B.OPDATE "); } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by F.CUSTOMERNAME,B.OPDATE "); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult GetSqlStr(string condition) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = condition }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult FeeListData(int start, int limit, string condition, string sort, string printstr,string sortstr) { //var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); //if (!string.IsNullOrEmpty(strDa)) //{ // if (!string.IsNullOrEmpty(condition)) // { // condition = condition + " and " + strDa; // } // else // { // condition = strDa; // } //} var strSql = new StringBuilder(); strSql.Append("SELECT B.BSNO,B.OPTYPE, B.OPLBNAME, B.BSTYPE,B.CUSTOMERNAME, B.CUSTNO, B.MBLNO, B.HBLNO,B.VESSEL, B.VOYNO, B.INPUTBY, B.CREATETIME, B.BSSTATUS, B.SALE, B.OP, B.DOC,"); strSql.Append("case B.ETD when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.ETD,23) end as ETD"); strSql.Append(",case B.OPDATE when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.OPDATE,23) end as OPDATE,B.ENTERP"); strSql.Append(",case B.CUSTOMDATE when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.CUSTOMDATE,23) end as CUSTOMDATE"); strSql.Append(",B.CUSTSERVICE, B.PORTLOAD, B.PORTDISCHARGE, B.CUSTOMNO, B.ACCDATE,B.CARRIER, B.BSSOURCE, B.LANE, B.FORWARDER,B.NETWEIGHT,B.KGS,B.TEU,B.CNTRTOTAL,B.CORPID"); strSql.Append(",B.TRADETYPE,B.GOODSNAME,B.FEESTATUS"); strSql.Append(",(CASE B.FEESTATUS WHEN 1 THEN '锁定' else '未锁定' end) as FEESTATUSREF "); strSql.Append(",F.FEEID,F.FEETYPE,F.FEENAME,F.CUSTOMERNAME AS CUSTNAME,F.CURRENCY,F.EXCHANGERATE"); strSql.Append(",F.EXRATE,F.ORIGAMOUNT,F.RATEDIFF,F.BILLNO,F.SETTLETIME"); strSql.Append(" FROM v_fee_rate F left join v_op_bill B ON (B.BSNO=F.BSNO)"); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { if (!string.IsNullOrEmpty(sortstr)) { strSql.Append(" order by " + sortstr); } else { strSql.Append(" order by F.CUSTOMERNAME"); } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by F.CUSTOMERNAME"); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult CustListData(int start, int limit, string condition, string sort, string printstr,string sortstr) { //var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); //if (!string.IsNullOrEmpty(strDa)) //{ // if (!string.IsNullOrEmpty(condition)) // { // condition = condition + " and " + strDa; // } // else // { // condition = strDa; // } //} var strSql = new StringBuilder(); strSql.Append("SELECT F.CUSTOMERNAME AS CUSTNAME,ISNULL(SUM(F.RATEDIFF),0) RATEDIFF"); strSql.Append(" FROM v_fee_rate F "); strSql.Append("INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } strSql.Append(" Group by F.CUSTOMERNAME "); if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { if (!string.IsNullOrEmpty(sortstr)) { strSql.Append(" order by " + sortstr); } else { strSql.Append(" order by F.CUSTOMERNAME"); } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by F.CUSTOMERNAME"); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult SumListData(int start, int limit, string condition, string sort) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var strSql = new StringBuilder(); strSql.Append("SELECT isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS STLRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS TTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS TTLCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT-SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT-SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLCR"); strSql.Append(" FROM CH_FEE F "); strSql.Append("INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } public static string GetRangDAStr(string tb, string userid, string usercode, string companyid) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modNoTotalreportRange' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "3") { str = " (B.OP='" + usercode + "' OR B.SALE='" + usercode + "')"; } else if (visiblerange == "2") { if (tb == "index") { var rangeDa = new RangeDA(); var deptname = rangeDa.GetDEPTNAME(userid); var userstr = new StringBuilder(); userstr.Append(" select SHOWNAME from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "') and GID in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "'"; } else { str = str + " or B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "'"; }; } str =str+ ")"; reader.Close(); } } else { str = " UPPER(B.Corpid)='" + companyid + "'"; } } else if (visiblerange == "1") { str = " UPPER(B.Corpid)='" + companyid + "'"; } return str; } #region 参照部分 #endregion } }