using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using DSWeb.MvcShipping.Helper; using DSWeb.MvcShipping.Comm.Cookie; using DSWeb.Areas.CommMng.DAL; using DSWeb.Areas.RptMng.Comm; using HcUtility.Comm; using HcUtility.Core; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.EntityDA; using DSWeb.Areas.CommMng.Models; using System.IO; using DSWeb.MvcShipping.DAL.MsSysParamSet; using DSWeb.SoftMng.Filter; namespace DSWeb.MvcShipping.Controllers { /// /// 欠费报表查询 /// [JsonRequestBehavior] public class MsRptNoFeeDetailController : Controller { // // GET: /MvcShipping/MsRptOpProfit public ActionResult Index() { return View(); } public ActionResult CrIndex() { return View(); } // // GET:/RptMng/MsRptPcHeadQry/QryData [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult BsListData(int start, int limit, string condition, string sort, string printstr,string sortstr) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var NORPTFEESTATUS = MsSysParamSetDAL.GetData("PARAMNAME='NORPTFEESTATUS'"); if (NORPTFEESTATUS.PARAMVALUE == "1") { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and F.FEESTATUS<>1 "; } else { condition = " F.FEESTATUS<>1 "; } } var NORPTSTLDATETYPE = MsSysParamSetDAL.GetData("PARAMNAME='NORPTSTLDATETYPE'"); var strSql = new StringBuilder(); strSql.Append("SELECT * "); strSql.Append(",case OPDATE when '' then 0 else case when BALTTLDR<>0 OR BALTTLCR<>0 then DATEDIFF([day],CASE WHEN STLDATE IS NULL THEN OPDATE ELSE STLDATE END,GETDATE()) "); strSql.Append(" else (DATEDIFF([day],CASE WHEN STLDATE IS NULL THEN OPDATE ELSE STLDATE END,SETTLETIME)) end end AS NODAY"); strSql.Append(" FROM ("); strSql.Append("SELECT B.BSNO,B.OPTYPE, B.OPLBNAME, B.BSTYPE,B.CUSTOMERNAME, B.CUSTNO, B.MBLNO, B.HBLNO,B.VESSEL, B.VOYNO, B.INPUTBY, B.CREATETIME, B.BSSTATUS, B.SALE, B.OP, B.DOC,"); strSql.Append("case B.ETD when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.ETD,23) end as ETD"); strSql.Append(",case B.OPDATE when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.OPDATE,23) end as OPDATE,B.ENTERP,B.SERVICECONTRACTNO"); strSql.Append(",case B.CUSTOMDATE when '1900-01-01 00:00:00.000' then '' else CONVERT(varchar(100), B.CUSTOMDATE,23) end as CUSTOMDATE"); strSql.Append(",B.CUSTSERVICE, B.PORTLOAD, B.PORTDISCHARGE, B.CUSTOMNO, B.ACCDATE,B.CARRIER, B.BSSOURCE, B.LANE, B.FORWARDER,B.NETWEIGHT,B.KGS,B.TEU,B.CNTRTOTAL,B.CORPID"); strSql.Append(",B.TRADETYPE,B.GOODSNAME,B.FEESTATUS,B.SALECORPID,(select [NAME] from [company] where GID=B.SALECORPID) as SALECORP,B.STLNAME"); strSql.Append(",(CASE B.FEESTATUS WHEN 1 THEN '锁定' else '未锁定' end) as FEESTATUSREF "); strSql.Append(",F.CUSTOMERNAME AS CUSTNAME "); strSql.Append(",C.[DESCRIPTION] AS CUSTFULLNAME "); strSql.Append(",isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS STLRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTCR,"); strSql.Append("isnull(SUM(CASE CURRENCY WHEN 'RMB' THEN ISNULL(INVOICE,0) ELSE 0 END),0) AS INVRMB,"); strSql.Append("isnull(SUM(CASE CURRENCY WHEN 'USD' THEN ISNULL(INVOICE,0) ELSE 0 END),0) AS INVUSD,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS TTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS TTLCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT-SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT-SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLCR"); strSql.Append(",case when isnull(SUM(F.AMOUNT),0)<>isnull(SUM(F.SETTLEMENT),0) then (case B.OPDATE when '1900-01-01 00:00:00.000' then 0 else DATEDIFF([day],B.OPDATE, GETDATE()) end) "); strSql.Append(" else (case B.OPDATE when '1900-01-01 00:00:00.000' then 0 else DATEDIFF([day],B.OPDATE, S.SETTLETIME) end) end AS ACTUALDAY,S.SETTLETIME"); if (NORPTSTLDATETYPE.PARAMVALUE == "1") { strSql.Append(",[dbo].[GetCustStlDay](B.OPDATE,F.CUSTOMERNAME,B.SALE) AS STLDATE"); } else { strSql.Append(",CASE WHEN B.STLDATE IS NULL THEN B.OPDATE ELSE B.STLDATE END STLDATE"); } //strSql.Append(",case B.OPDATE when '1900-01-01 00:00:00.000' then 0 else case when isnull(SUM(F.AMOUNT),0)<>isnull(SUM(F.SETTLEMENT),0) then DATEDIFF([day],B.OPDATE,(CASE C.STLNAME WHEN '月结' THEN "); //strSql.Append("DATEADD(month,1,DATEADD(day,ISNULL(CAST(C.STLDATE AS INT),1),DATEADD(day,-Day(B.OPDATE)+1,B.OPDATE)))"); //strSql.Append("WHEN '半月结' THEN (CASE WHEN DATEPART(DAY, GETDATE())<=15 THEN DATEADD(day,ISNULL(CAST(C.STLFIRSTHALFDATE AS INT),16),DATEADD(Day,-Day(B.OPDATE)+1,B.OPDATE))"); //strSql.Append("ELSE DATEADD(MONTH,1,DATEADD(day,ISNULL(CAST(C.STLMIDDLEDATE AS INT),1),DATEADD(Day,-Day(B.OPDATE)+1,B.OPDATE))) END)"); //strSql.Append("ELSE GETDATE() END)) else (DATEDIFF([day],B.OPDATE, S.SETTLETIME)) end end AS NODAY"); strSql.Append(" FROM CH_FEE F "); strSql.Append(" INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); strSql.Append(" LEFT JOIN info_client C ON (C.SHORTNAME=F.CUSTOMERNAME) "); strSql.Append(" LEFT JOIN V_MAX_SETTLEMENTTIME S ON (S.CUSTOMERNAME=F.CUSTOMERNAME AND S.BSNO=B.BSNO) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } strSql.Append(" GROUP BY B.BSNO,B.OPTYPE,B.OPLBNAME, B.BSTYPE,B.CUSTOMERNAME, B.CUSTNO, B.MBLNO, B.HBLNO,B.VESSEL, B.VOYNO, B.INPUTBY, B.CREATETIME, B.BSSTATUS, B.SALE, B.OP, B.DOC,"); strSql.Append(" B.ETD"); strSql.Append(" ,B.OPDATE,B.ENTERP,B.SERVICECONTRACTNO"); strSql.Append(" ,B.CUSTOMDATE"); strSql.Append(" ,B.CUSTSERVICE, B.PORTLOAD, B.PORTDISCHARGE, B.CUSTOMNO, B.ACCDATE,B.CARRIER, B.BSSOURCE, B.LANE, B.FORWARDER,B.NETWEIGHT,B.KGS,B.TEU,B.CNTRTOTAL,B.CORPID"); strSql.Append(" ,B.TRADETYPE,B.GOODSNAME,B.FEESTATUS,B.SALECORPID,F.CUSTOMERNAME,C.[DESCRIPTION] "); strSql.Append(" ,c.STLNAME,C.STLDATE,C.STLFIRSTHALFDATE,C.STLMIDDLEDATE, S.SETTLETIME,B.STLDATE,B.STLNAME"); strSql.Append(") AS T "); if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { if (!string.IsNullOrEmpty(sortstr)) { strSql.Append(" order by " + sortstr); } else { strSql.Append(" order by CUSTNAME,OPDATE "); } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by CUSTNAME,OPDATE "); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult GetSqlStr(string condition) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = condition }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult FeeListData(int start, int limit, string condition, string sort, string printstr,string sortstr) { //var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); //if (!string.IsNullOrEmpty(strDa)) //{ // if (!string.IsNullOrEmpty(condition)) // { // condition = condition + " and " + strDa; // } // else // { // condition = strDa; // } //} var NORPTFEESTATUS = MsSysParamSetDAL.GetData("PARAMNAME='NORPTFEESTATUS'"); if (NORPTFEESTATUS.PARAMVALUE == "1") { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and F.FEESTATUS<>1 "; } else { condition = " F.FEESTATUS<>1 "; } } var strSql = new StringBuilder(); strSql.Append("SELECT F.GID,F.FEETYPE,F.FEENAME,F.FEEDESCRIPTION,F.CUSTOMERNAME AS CUSTNAME,F.UNIT,F.UNITPRICE,F.QUANTITY,F.AMOUNT,F.CURRENCY,F.EXCHANGERATE"); strSql.Append(",F.TAXRATE,F.NOTAXAMOUNT,F.ACCTAXRATE,F.REMARK,F.SETTLEMENT,F.INVOICE,F.ORDERAMOUNT,F.ORDERINVOICE,F.ENTEROPERATOR,F.FEESTATUS"); strSql.Append(",(select EnumValueName from tSysEnumValue where LangId=0 and EnumTypeID=99024 and EnumValueID=F.FeeStatus) as FeeStatus_Ref"); strSql.Append(",(select EnumValueName from tSysEnumValue where LangId=0 and EnumTypeID=99020 and EnumValueID=F.FeeType) as FeeType_Ref"); strSql.Append(" FROM CH_FEE F "); strSql.Append(" INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { if (!string.IsNullOrEmpty(sortstr)) { strSql.Append(" order by " + sortstr + ",F.SORT"); } else { strSql.Append(" order by F.CUSTOMERNAME,F.SORT"); } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring + ",F.SORT"); } else { strSql.Append(" order by F.CUSTOMERNAME,F.SORT"); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult CustListData(int start, int limit, string condition, string sort, string printstr,string sortstr) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var NORPTFEESTATUS = MsSysParamSetDAL.GetData("PARAMNAME='NORPTFEESTATUS'"); if (NORPTFEESTATUS.PARAMVALUE == "1") { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and F.FEESTATUS<>1 "; } else { condition = " F.FEESTATUS<>1 "; } } var strSql = new StringBuilder(); strSql.Append("SELECT F.CUSTOMERNAME AS CUSTNAME "); strSql.Append(",C.[DESCRIPTION] AS CUSTFULLNAME "); strSql.Append(",isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS STLRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS TTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS TTLCR,"); strSql.Append("isnull(SUM(CASE CURRENCY WHEN 'RMB' THEN ISNULL(INVOICE,0) ELSE 0 END),0) AS INVRMB,"); strSql.Append("isnull(SUM(CASE CURRENCY WHEN 'USD' THEN ISNULL(INVOICE,0) ELSE 0 END),0) AS INVUSD,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT-SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT-SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLCR"); strSql.Append(" FROM CH_FEE F "); strSql.Append("INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); strSql.Append(" LEFT JOIN info_client C ON (C.SHORTNAME=F.CUSTOMERNAME) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } strSql.Append(" Group by F.CUSTOMERNAME,C.[DESCRIPTION] "); if ((!string.IsNullOrEmpty(printstr)) && (printstr == "true")) { if (!string.IsNullOrEmpty(sortstr)) { strSql.Append(" order by " + sortstr); } else { strSql.Append(" order by F.CUSTOMERNAME"); } var jsonRespose = new JsonResponse { Success = true, Message = "完成", Data = strSql.ToString() }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } else { var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by F.CUSTOMERNAME"); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult SumListData(int start, int limit, string condition, string sort) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), Convert.ToString(Session["SHOWNAME"]), Convert.ToString(Session["COMPANYID"])); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var NORPTFEESTATUS = MsSysParamSetDAL.GetData("PARAMNAME='NORPTFEESTATUS'"); if (NORPTFEESTATUS.PARAMVALUE == "1") { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and F.FEESTATUS<>1 "; } else { condition = " F.FEESTATUS<>1 "; } } var strSql = new StringBuilder(); strSql.Append("SELECT isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT,0) ELSE 0 END) ELSE 0 END),0) AS RMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS STLRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'RMB' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END) ELSE 0 END),0) AS BALRMBCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT,0) ELSE 0 END)ELSE 0 END),0) AS USDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS STLUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN ISNULL(AMOUNT-SETTLEMENT,0) ELSE 0 END)ELSE 0 END),0) AS BALUSDCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT,0) END) END)ELSE 0 END),0) AS OTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(SETTLEMENT,0) END) END)ELSE 0 END),0) AS STLOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN (CASE CURRENCY WHEN 'USD' THEN 0 ELSE (CASE CURRENCY WHEN 'RMB' THEN 0 ELSE ISNULL(AMOUNT-SETTLEMENT,0) END) END) ELSE 0 END),0) AS BALOTCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS TTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS TTLCR,"); //strSql.Append("isnull(SUM(CASE CURRENCY WHEN 'RMB' THEN ISNULL(INVOICE,0) ELSE 0 END),0) AS INVRMB,"); //strSql.Append("isnull(SUM(CASE CURRENCY WHEN 'USD' THEN ISNULL(INVOICE,0) ELSE 0 END),0) AS INVUSD,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS STLTTLCR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 1 THEN ISNULL(AMOUNT-SETTLEMENT,0) * ISNULL(EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLDR,"); strSql.Append("isnull(SUM(CASE FEETYPE WHEN 2 THEN ISNULL(AMOUNT-SETTLEMENT,0) *ISNULL( EXCHANGERATE,0) ELSE 0 END),0) AS BALTTLCR"); strSql.Append(" FROM CH_FEE F "); strSql.Append("INNER JOIN V_OP_BILL B ON (F.BSNO=B.BSNO) "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" Where " + condition); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } public static string GetRangDAStr(string tb, string userid, string usercode, string companyid) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE,AUTHORITYID,VSSQL "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modNoTotalreportRange' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; string AUTHORITYID = ""; string VSSQL = ""; Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]); VSSQL = Convert.ToString(reader["VSSQL"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "5") { var userstr = new StringBuilder(); userstr.Append(" select COMPANYID from user_authority_range_company where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (B.Corpid='" + Convert.ToString(reader["COMPANYID"]) + "' or B.SALECORPID='" + Convert.ToString(reader["COMPANYID"]) + "' "; } else { str = str + " or B.Corpid='" + Convert.ToString(reader["COMPANYID"]) + "' or B.SALECORPID='" + Convert.ToString(reader["COMPANYID"]) + "'"; }; } str = str + ")"; reader.Close(); } } else if (visiblerange == "6") { var userstr = new StringBuilder(); userstr.Append(" select OPID,(select SHOWNAME from [user] where GID=user_authority_range_op.OPID) SHOWNAME from user_authority_range_op where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.CUSTSERVICE='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.DOC='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.FRCUSTSERVICE='" + Convert.ToString(reader["SHOWNAME"]) + "' "; } else { str = str + " or B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.CUSTSERVICE='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.DOC='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.FRCUSTSERVICE='" + Convert.ToString(reader["SHOWNAME"]) + "' "; }; } str = str + ")"; reader.Close(); } } else if (visiblerange == "3") { str = " (B.OP='" + usercode + "' OR B.SALE='" + usercode + "')"; } else if (visiblerange == "2") { if (tb == "index") { var rangeDa = new RangeDA(); var deptname = rangeDa.GetDEPTNAME(userid); var userstr = new StringBuilder(); userstr.Append(" select SHOWNAME from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "') and GID in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "'"; } else { str = str + " or B.OP='" + Convert.ToString(reader["SHOWNAME"]) + "' OR B.SALE='" + Convert.ToString(reader["SHOWNAME"]) + "'"; }; } str =str+ ")"; reader.Close(); } } else { str = " UPPER(B.Corpid)='" + companyid + "'"; } } else if (visiblerange == "1") { str = " UPPER(B.Corpid)='" + companyid + "'"; } VSSQL = VSSQL.Trim(); if (!string.IsNullOrEmpty(VSSQL)) { if (!string.IsNullOrEmpty(str)) { str = str + " and (" + VSSQL + ") "; } else { str = " (" + VSSQL + ") "; } } return str; } #region 参照部分 #endregion } }