using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using DSWeb.Areas.CommMng.DAL; using DSWeb.Areas.RptMng.Comm; using DSWeb.TruckMng.Helper; using HcUtility.Comm; using DSWeb.Areas.CommMng.Models; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.TruckMng.Comm.Cookie; using DSWeb.EntityDA; using DSWeb.Areas.TruckMng.Models.MsWlPc; using DSWeb.SoftMng.Filter; namespace DSWeb.Areas.TruckMng.Controllers { /// /// 路单查询 /// [JsonRequestBehavior] public class MsRptPcHeadQryController : Controller { // // GET: /RptMng/MsRptPcHeadQry public ActionResult Index() { return View(); } // // GET:/RptMng/MsRptPcHeadQry/QryData [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult QryData(int start, int limit, string condition,string sort) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), CookieConfig.GetCookie_UserCode(Request), CookieConfig.GetCookie_OrgCode(Request)); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append("A.BILLNO,A.GID,A.LRDATE,A.JZDATE,A.USERCODE,A.USERNAME,A.ORGCODE,A.ORGNAME,A.TRUCKNO,A.MBLNO,"); strSql.Append("(SELECT TRUCKNO FROM TMSWLTRUCK WHERE TRUCKNO=A.TRUCKNO) AS TRUCKNO_REF,DRVNAME,"); strSql.Append("(SELECT DRVNAME FROM TMSWLDRIVER WHERE DRVCODE=A.DRVNAME) AS DRVNAME_REF,A.MOBILE,dbo.trimdate(A.ExpDate) ExpDate,A.CONTAINERTYPE,"); strSql.Append("(SELECT CtnName FROM VMSTRUCKCTN WHERE CTNCODE=A.CONTAINERTYPE) AS CONTAINERTYPE_REF,A.CONTAINERQTY,A.VOYVEG, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKVOYINFO WHERE VOYCODE=A.VOYVEG) AS VOYVEG_REF,A.ETDATE,A.ENDPORTDATE,A.MBLNO,A.YARDCODE,"); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.YARDCODE) AS YARDCODE_REF,A.YARDNAME,A.RTNYARDCODE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.RTNYARDCODE) AS RTNYARDCODE_REF,A.RTNYARDNAME,A.BSTYPE,"); strSql.Append("(SELECT ENUMVALUENAME FROM TSYSENUMVALUE WHERE LANGID=0 AND ENUMTYPEID=99025 AND ENUMVALUEID=A.BSTYPE) AS BSTYPE_REF,A.DSTAREA,A.DETINATION,A.FACTORYADDR,A.LINKTEL,A.LINKMAN,A.RATEDMIL,A.RATEDFUEL "); strSql.Append(",A.FUELQTY,A.REALMIL,A.REALFUEL,A.NOLOADMIL,A.OVERLOADMIL,A.TON,A.AROUNDTON,A.LOADCOUNT,A.ARRIVEDATE,A.DDCODE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKUSER WHERE USERCODE=A.DDCODE) AS DDCODE_REF,A.DDNAME,A.RETURNDATE,A.REFBILLNO,A.REMARK,A.ISDOUBLE,A.REFBILLNOSE,A.CONTAINERTYPESE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCTN WHERE CTNCODE=A.CONTAINERTYPESE) AS CONTAINERTYPESE_REF,A.CONTAINERQTYSE,A.MBLNOSE,A.VOYVEGSE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKVOYINFO WHERE VOYCODE=A.VOYVEGSE) AS VOYVEGSE_REF,A.ETDATESE,A.ENDPORTDATESE,A.YARDCODESE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.YARDCODESE) AS YARDCODESE_REF,A.YARDNAMESE,A.DSTAREASE,A.FACTORYADDRSE,A.DETINATIONSE,A.LINKMANSE,A.LINKTELSE,A.RTNYARDCODESE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.RTNYARDCODESE) AS RTNYARDCODESE_REF,A.RTNYARDNAMESE,A.BILLSTATUS, "); strSql.Append("(SELECT ENUMVALUENAME FROM TSYSENUMVALUE WHERE LANGID=0 AND ENUMTYPEID=99026 AND ENUMVALUEID=A.BILLSTATUS) AS BILLSTATUS_REF,A.FEESTATUS, "); strSql.Append("(SELECT ENUMVALUENAME FROM TSYSENUMVALUE WHERE LANGID=0 AND ENUMTYPEID=99027 AND ENUMVALUEID=A.FEESTATUS) AS FEESTATUS_REF,A.GID,A.TOTALMIL,A.LOADPLACE,A.LOADFUEL,A.NOLOADFUEL "); strSql.Append(",A.ARRIVETIME,A.RETURNTIME,A.CUSTLIKEMANCODE,A.CUSTLIKEMANNAME,A.CUSTTEL,A.DRVCODE,A.REFBILLNO"); strSql.Append(",B.CUSTCODE,B.CUSTNAME,B.DETINATION,A.CONTAINERNO,A.SEALNO,A.Ton,A.ActualWeight,case A.isdouble when 1 then '是' else '否' end IsDoubleREF "); strSql.Append("from tMsWlPcHead A,tMsWlBsHead B "); strSql.Append(" where A.RefBillNo=B.BillNo and B.BSTYPE='7' "); if (!string.IsNullOrEmpty(condition)) { strSql.Append(" and " + condition); } var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by A.TRUCKNO,A.LRDATE DESC"); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); /* var dbparams = new List(); var paramps_MblNo = new CustomDbParamter(); paramps_MblNo.ParameterName = "@PS_MBLNO"; paramps_MblNo.DbType = DbType.String; paramps_MblNo.Direction = ParameterDirection.Input; paramps_MblNo.Value = RptHelper.JsonGetValue(condition, "PS_MBLNO").ToString(); dbparams.Add(paramps_MblNo); var paramps_DrvName = new CustomDbParamter(); paramps_DrvName.ParameterName = "@PS_DRVNAME"; paramps_DrvName.DbType = DbType.String; paramps_DrvName.Direction = ParameterDirection.Input; paramps_DrvName.Value = RptHelper.JsonGetValue(condition, "PS_DRVNAME").ToString(); dbparams.Add(paramps_DrvName); var paramps_TruckNo = new CustomDbParamter(); paramps_TruckNo.ParameterName = "@PS_TRUCKNO"; paramps_TruckNo.DbType = DbType.String; paramps_TruckNo.Direction = ParameterDirection.Input; paramps_TruckNo.Value = RptHelper.JsonGetValue(condition, "PS_TRUCKNO").ToString(); dbparams.Add(paramps_TruckNo); var paramps_RefBillNo = new CustomDbParamter(); paramps_RefBillNo.ParameterName = "@PS_REFBILLNO"; paramps_RefBillNo.DbType = DbType.String; paramps_RefBillNo.Direction = ParameterDirection.Input; paramps_RefBillNo.Value = RptHelper.JsonGetValue(condition, "PS_REFBILLNO").ToString(); dbparams.Add(paramps_RefBillNo); var paramps_BillNo = new CustomDbParamter(); paramps_BillNo.ParameterName = "@PS_BILLNO"; paramps_BillNo.DbType = DbType.String; paramps_BillNo.Direction = ParameterDirection.Input; paramps_BillNo.Value = RptHelper.JsonGetValue(condition, "PS_BILLNO").ToString(); dbparams.Add(paramps_BillNo); var paramps_ExpDateBgn = new CustomDbParamter(); paramps_ExpDateBgn.ParameterName = "@PS_EXPDATEBGN"; paramps_ExpDateBgn.DbType = DbType.String; paramps_ExpDateBgn.Direction = ParameterDirection.Input; paramps_ExpDateBgn.Value = RptHelper.JsonGetValue(condition, "PS_EXPDATEBGN").ToString(); dbparams.Add(paramps_ExpDateBgn); var paramps_ExpDateEnd = new CustomDbParamter(); paramps_ExpDateEnd.ParameterName = "@PS_EXPDATEEND"; paramps_ExpDateEnd.DbType = DbType.String; paramps_ExpDateEnd.Direction = ParameterDirection.Input; paramps_ExpDateEnd.Value = RptHelper.JsonGetValue(condition, "PS_EXPDATEEND").ToString(); dbparams.Add(paramps_ExpDateEnd); */ var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } public static string GetRangDAStr(string tb, string userid, string usercode, string orgcode) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modTruckBs' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; Database db = DatabaseFactory.CreateDatabase(); DataSet ds = new DataSet(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "3") { if (tb == "index") { str = " A.UserCode='" + usercode + "'"; } else { str = " UPPER(A.OrgCode)='" + orgcode + "'"; } } else if (visiblerange == "2") { if (tb == "index") { var rangeDa = new RangeDA(); var companyid = rangeDa.GetCORPID(userid); var deptname = rangeDa.GetDEPTNAME(userid); var userstr = new StringBuilder(); userstr.Append(" select codename from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "') and GID in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = "(A.usercode='" + Convert.ToString(reader["codename"]) + "'"; } else { str = str+ " or A.usercode='" + Convert.ToString(reader["codename"]) + "'"; }; } str =str+ ")"; reader.Close(); } } else { str = " UPPER(A.OrgCode)='" + orgcode + "'"; } } else if (visiblerange == "1") { str = " UPPER(A.OrgCode)='" + orgcode + "'"; } return str; } public int SetFee(string GIDList,string FeeName,string Amount, string Type) { var strSql = new StringBuilder(); var userid = Convert.ToString(Session["USERID"]); var _GIDList = JsonConvert.Deserialize>(GIDList); var _count = 0; if (Type == "1") { foreach (var GID in _GIDList) { strSql.Append(" if ((select count(*) _count from ch_fee where FEETYPE=1 "); strSql.Append(" and FEENAME='" + FeeName + "' and amount=" + Amount + " and bsno='" + GID + "')=0) "); strSql.Append(" BEGIN "); strSql.Append(" insert into ch_fee (gid,bsno,feetype,feename,unitprice,quantity,AMOUNT,customername,remark,enteroperator) "); strSql.Append(" VALUES(newid(),'" + GID + "',1,'" + FeeName + "'," + Amount + ",1," + Amount + ",'华泰',dbo.trimdate(getdate())+'批量添加','" + userid + "') "); strSql.Append(" END "); _count = _count + SetFee(strSql); } } else if (Type == "0") { foreach (var GID in _GIDList) { strSql.Append(" delete from ch_fee where FEENAME='" + FeeName + "' and amount=" + Amount + " and bsno='" + GID + "' "); _count = _count + SetFee(strSql); } } return _count;//ExecuteNonQuery } private static int SetFee(StringBuilder strSql) { var _count = 0; Database db = DatabaseFactory.CreateDatabase(); _count = db.ExecuteNonQuery(CommandType.Text, strSql.ToString()); return _count; } #region 参照部分 #endregion } }