using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using DSWeb.Areas.OA.Models.ChequeCheck; using DSWeb.Areas.CommMng.Models; using DSWeb.TruckMng.Helper; using DSWeb.TruckMng.Helper.Repository; using Microsoft.Practices.EnterpriseLibrary.Data; using HcUtility.Comm; using HcUtility.Core; using DSWeb.EntityDA; using DSWeb.MvcShipping.Comm.Cookie; using DSWeb.SoftMng.Filter; namespace DSWeb.Areas.OA.Controllers { /// /// 项目信息明细 /// public class ChequeCheckController : Controller { // // GET: /Import/RptImportFeedetail/ public ActionResult Index() { return View(); } public ActionResult Edit() { return View(); } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult GetDataList(int start, int limit, string sort, string condition) { var dataList = GetDataList(condition, CookieConfig.GetCookie_UserId(Request), CookieConfig.GetCookie_UserName(Request), CookieConfig.GetCookie_CompanyId(Request), sort); var list = dataList.Skip(start).Take(limit); var json = JsonConvert.Serialize(new { Success = true, Message = "查询成功", totalCount = dataList.Count, data = list.ToList() }); return new ContentResult() { Content = json }; } [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 private static List GetDataList(string strCondition,string userid,string username,string companyid,string sort) { var rangstr = GetRangDAListStr("", userid, username, companyid); if (!string.IsNullOrEmpty(rangstr)) { if (!string.IsNullOrEmpty(strCondition)) { strCondition = strCondition + " and " + rangstr; } else { strCondition = rangstr; } } var strSql = new StringBuilder(); strSql.Append(" select GID,CHEQUENO,BILLNO,dbo.trimdate(CHEQUEMAKETIME) CHEQUEMAKETIME "); strSql.Append(" ,dbo.trimdate(PRINTTIME) PRINTTIME,dbo.trimdate(ENTERDATE) ENTERDATE"); strSql.Append(" ,PASSWORD,CHEQUECUSTNAME,CHEQUEAMOUNT,CHEQUEAMOUNTUPPER,COMPANYNAME"); strSql.Append(" ,DEPTNAME,SHOWNAME,BXAMOUNT,BXGID,BXNO,COMPANYID,DEPTID,USERID,JKAMOUNT,JKREMAIN");//CUSTNO, strSql.Append(" from v_oa_chequecheck "); if (!string.IsNullOrEmpty(strCondition)) { strSql.Append(" where " + strCondition); } var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } return SetData(strSql); } private static List SetData(StringBuilder strSql) { var headList = new List(); Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { var data = new ChequeCheckmb(); #region Set DB data to Object data.GID = Convert.ToString(reader["GID"]); data.CHEQUENO = Convert.ToString(reader["CHEQUENO"]); data.BILLNO = Convert.ToString(reader["BILLNO"]); data.CHEQUEMAKETIME = Convert.ToString(reader["CHEQUEMAKETIME"]); data.PRINTTIME = Convert.ToString(reader["PRINTTIME"]); data.ENTERDATE = Convert.ToString(reader["ENTERDATE"]); data.PASSWORD = Convert.ToString(reader["PASSWORD"]); data.CHEQUECUSTNAME = Convert.ToString(reader["CHEQUECUSTNAME"]); data.CHEQUEAMOUNT = Convert.ToString(reader["CHEQUEAMOUNT"]); data.CHEQUEAMOUNTUPPER = Convert.ToString(reader["CHEQUEAMOUNTUPPER"]); data.COMPANYNAME = Convert.ToString(reader["COMPANYNAME"]); data.DEPTNAME = Convert.ToString(reader["DEPTNAME"]); data.SHOWNAME = Convert.ToString(reader["SHOWNAME"]); data.BXAMOUNT = Convert.ToString(reader["BXAMOUNT"]); data.BXGID = Convert.ToString(reader["BXGID"]); data.BXNO = Convert.ToString(reader["BXNO"]); //data.CUSTNO = Convert.ToString(reader["CUSTNO"]); data.COMPANYID = Convert.ToString(reader["COMPANYID"]); data.DEPTID = Convert.ToString(reader["DEPTID"]); data.USERID = Convert.ToString(reader["USERID"]); data.JKAMOUNT = Convert.ToString(reader["JKAMOUNT"]); data.JKREMAIN = Convert.ToString(reader["JKREMAIN"]); #endregion headList.Add(data); } reader.Close(); } return headList; } public ContentResult Save(string ChequeBody) { var ChequeList = JsonConvert.Deserialize>(ChequeBody); var modb = new ModelObjectRepository(); DBResult result = modb.SaveComm( ModelObjectConvert.ToModelObjectList(ChequeList) ); //刷新父窗口上的父节点 var jsonRespose = new JsonResponse { Success = result.Success, Message = result.Message, //Data = XXHDAL.GetData("M.ContractNo='" + head.ContractNo + "'") }; return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) }; } #region 支票列表权限范围 public static string GetRangDAListStr(string tb, string userid, string username, string companyid) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE,AUTHORITYID "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modCheque' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; string AUTHORITYID = ""; Database db = DatabaseFactory.CreateDatabase(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]); break; } reader.Close(); } if (visiblerange == "4") { str = " (CREATEUSER='" + userid + "')"; } else if (visiblerange == "3") { str = " (CREATEUSER='" + userid + "')"; } else if (visiblerange == "2") { var rangeDa = new RangeDA(); var deptname = rangeDa.GetDEPTNAME(userid); str = " CREATEUSER in (select USERID from user_company where COMPANYID='" + companyid + "') and CREATEUSER in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')"; } else if (visiblerange == "1") { str = " COMPANYID='" + companyid + "' "; } else if (visiblerange == "5") { var userstr = new StringBuilder(); userstr.Append(" select COMPANYID from user_authority_range_company where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (COMPANYID='" + Convert.ToString(reader["COMPANYID"]) + "'"; } else { str = str + " or COMPANYID='" + Convert.ToString(reader["COMPANYID"]) + "'"; }; } str = str + ")"; reader.Close(); } } else if (visiblerange == "6") { var userstr = new StringBuilder(); userstr.Append(" select OPID,(select SHOWNAME from [user] where GID=user_authority_range_op.OPID) SHOWNAME from user_authority_range_op where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = " (CREATEUSER='" + Convert.ToString(reader["OPID"]) + "'"; } else { str = str + " or CREATEUSER='" + Convert.ToString(reader["OPID"]) + "' "; }; } str = str + ")"; reader.Close(); } } else if (visiblerange == "0") { str = " 1=1 "; } return str; } #endregion } }