using System;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc;
using DSWeb.Areas.OA.Models.ChequeCheck;
using DSWeb.Areas.CommMng.Models;
using DSWeb.TruckMng.Helper;
using DSWeb.TruckMng.Helper.Repository;
using Microsoft.Practices.EnterpriseLibrary.Data;
using HcUtility.Comm;
using HcUtility.Core;
using DSWeb.EntityDA;
using DSWeb.MvcShipping.Comm.Cookie;
using DSWeb.SoftMng.Filter;
namespace DSWeb.Areas.OA.Controllers
{
///
/// 项目信息明细
///
public class ChequeCheckController : Controller
{
//
// GET: /Import/RptImportFeedetail/
public ActionResult Index()
{
return View();
}
public ActionResult Edit()
{
return View();
}
[SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器
public ContentResult GetDataList(int start, int limit, string sort, string condition)
{
var dataList = GetDataList(condition, CookieConfig.GetCookie_UserId(Request), CookieConfig.GetCookie_UserName(Request), CookieConfig.GetCookie_CompanyId(Request), sort);
var list = dataList.Skip(start).Take(limit);
var json = JsonConvert.Serialize(new { Success = true, Message = "查询成功", totalCount = dataList.Count, data = list.ToList() });
return new ContentResult() { Content = json };
}
[SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器
private static List GetDataList(string strCondition,string userid,string username,string companyid,string sort)
{
var rangstr = GetRangDAListStr("", userid, username, companyid);
if (!string.IsNullOrEmpty(rangstr))
{
if (!string.IsNullOrEmpty(strCondition))
{
strCondition = strCondition + " and " + rangstr;
}
else
{
strCondition = rangstr;
}
}
var strSql = new StringBuilder();
strSql.Append(" select GID,CHEQUENO,BILLNO,dbo.trimdate(CHEQUEMAKETIME) CHEQUEMAKETIME ");
strSql.Append(" ,dbo.trimdate(PRINTTIME) PRINTTIME,dbo.trimdate(ENTERDATE) ENTERDATE");
strSql.Append(" ,PASSWORD,CHEQUECUSTNAME,CHEQUEAMOUNT,CHEQUEAMOUNTUPPER,COMPANYNAME");
strSql.Append(" ,DEPTNAME,SHOWNAME,BXAMOUNT,BXGID,BXNO,COMPANYID,DEPTID,USERID,JKAMOUNT,JKREMAIN");//CUSTNO,
strSql.Append(" from v_oa_chequecheck ");
if (!string.IsNullOrEmpty(strCondition))
{
strSql.Append(" where " + strCondition);
}
var sortstring = DatasetSort.Getsortstring(sort);
if (!string.IsNullOrEmpty(sortstring))
{
strSql.Append(" order by " + sortstring);
}
return SetData(strSql);
}
private static List SetData(StringBuilder strSql)
{
var headList = new List();
Database db = DatabaseFactory.CreateDatabase();
using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString()))
{
while (reader.Read())
{
var data = new ChequeCheckmb();
#region Set DB data to Object
data.GID = Convert.ToString(reader["GID"]);
data.CHEQUENO = Convert.ToString(reader["CHEQUENO"]);
data.BILLNO = Convert.ToString(reader["BILLNO"]);
data.CHEQUEMAKETIME = Convert.ToString(reader["CHEQUEMAKETIME"]);
data.PRINTTIME = Convert.ToString(reader["PRINTTIME"]);
data.ENTERDATE = Convert.ToString(reader["ENTERDATE"]);
data.PASSWORD = Convert.ToString(reader["PASSWORD"]);
data.CHEQUECUSTNAME = Convert.ToString(reader["CHEQUECUSTNAME"]);
data.CHEQUEAMOUNT = Convert.ToString(reader["CHEQUEAMOUNT"]);
data.CHEQUEAMOUNTUPPER = Convert.ToString(reader["CHEQUEAMOUNTUPPER"]);
data.COMPANYNAME = Convert.ToString(reader["COMPANYNAME"]);
data.DEPTNAME = Convert.ToString(reader["DEPTNAME"]);
data.SHOWNAME = Convert.ToString(reader["SHOWNAME"]);
data.BXAMOUNT = Convert.ToString(reader["BXAMOUNT"]);
data.BXGID = Convert.ToString(reader["BXGID"]);
data.BXNO = Convert.ToString(reader["BXNO"]);
//data.CUSTNO = Convert.ToString(reader["CUSTNO"]);
data.COMPANYID = Convert.ToString(reader["COMPANYID"]);
data.DEPTID = Convert.ToString(reader["DEPTID"]);
data.USERID = Convert.ToString(reader["USERID"]);
data.JKAMOUNT = Convert.ToString(reader["JKAMOUNT"]);
data.JKREMAIN = Convert.ToString(reader["JKREMAIN"]);
#endregion
headList.Add(data);
}
reader.Close();
}
return headList;
}
public ContentResult Save(string ChequeBody)
{
var ChequeList = JsonConvert.Deserialize>(ChequeBody);
var modb = new ModelObjectRepository();
DBResult result = modb.SaveComm(
ModelObjectConvert.ToModelObjectList(ChequeList)
);
//刷新父窗口上的父节点
var jsonRespose = new JsonResponse
{
Success = result.Success,
Message = result.Message,
//Data = XXHDAL.GetData("M.ContractNo='" + head.ContractNo + "'")
};
return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
}
#region 支票列表权限范围
public static string GetRangDAListStr(string tb, string userid, string username, string companyid)
{
string str = "";
var strSql = new StringBuilder();
strSql.Append("SELECT ");
strSql.Append(" VISIBLERANGE,OPERATERANGE,AUTHORITYID ");
strSql.Append(" from VW_User_Authority ");
strSql.Append(" where [NAME]='modCheque' and USERID='" + userid + "' and ISDELETE=0");
string visiblerange = "4";
string operaterange = "4";
string AUTHORITYID = "";
Database db = DatabaseFactory.CreateDatabase();
using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString()))
{
while (reader.Read())
{
visiblerange = Convert.ToString(reader["VISIBLERANGE"]);
operaterange = Convert.ToString(reader["OPERATERANGE"]);
AUTHORITYID = Convert.ToString(reader["AUTHORITYID"]);
break;
}
reader.Close();
}
if (visiblerange == "4")
{
str = " (CREATEUSER='" + userid + "')";
}
else if (visiblerange == "3")
{
str = " (CREATEUSER='" + userid + "')";
}
else if (visiblerange == "2")
{
var rangeDa = new RangeDA();
var deptname = rangeDa.GetDEPTNAME(userid);
str = " CREATEUSER in (select USERID from user_company where COMPANYID='" + companyid + "') and CREATEUSER in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')";
}
else if (visiblerange == "1")
{
str = " COMPANYID='" + companyid + "' ";
}
else if (visiblerange == "5")
{
var userstr = new StringBuilder();
userstr.Append(" select COMPANYID from user_authority_range_company where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1");
Database userdb = DatabaseFactory.CreateDatabase();
using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString()))
{
str = "";
while (reader.Read())
{
if (str == "")
{
str = " (COMPANYID='" + Convert.ToString(reader["COMPANYID"]) + "'";
}
else
{
str = str + " or COMPANYID='" + Convert.ToString(reader["COMPANYID"]) + "'";
};
}
str = str + ")";
reader.Close();
}
}
else if (visiblerange == "6")
{
var userstr = new StringBuilder();
userstr.Append(" select OPID,(select SHOWNAME from [user] where GID=user_authority_range_op.OPID) SHOWNAME from user_authority_range_op where userid='" + userid + "' and AUTHORITYID='" + AUTHORITYID + "' and VISIBLERANGE=1");
Database userdb = DatabaseFactory.CreateDatabase();
using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString()))
{
str = "";
while (reader.Read())
{
if (str == "")
{
str = " (CREATEUSER='" + Convert.ToString(reader["OPID"]) + "'";
}
else
{
str = str + " or CREATEUSER='" + Convert.ToString(reader["OPID"]) + "' ";
};
}
str = str + ")";
reader.Close();
}
}
else if (visiblerange == "0")
{
str = " 1=1 ";
}
return str;
}
#endregion
}
}