using System; using System.Collections.Generic; using System.Data; using System.Linq; using System.Text; using System.Web; using System.Web.Mvc; using DSWeb.Areas.CommMng.DAL; using DSWeb.Areas.TruckMng.DAL; using DSWeb.Areas.RptMng.Comm; using DSWeb.TruckMng.Helper; using HcUtility.Comm; using DSWeb.Areas.CommMng.Models; using Microsoft.Practices.EnterpriseLibrary.Data; using DSWeb.TruckMng.Comm.Cookie; using DSWeb.EntityDA; using DSWeb.SoftMng.Filter; namespace DSWeb.Areas.TruckMng.Controllers { /// /// 路单查询 /// [JsonRequestBehavior] public class MsRptPcHeadOperateController : Controller { // // GET: /RptMng/MsRptPcHeadQry public ActionResult Index() { return View(); } // // GET:/RptMng/MsRptPcHeadQry/QryData //显示无所属托单的路单 用于烟台爱德林项目 [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器 public ContentResult QryData_ADL ( int start, int limit, string condition, string sort ) { var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), CookieConfig.GetCookie_UserCode(Request), CookieConfig.GetCookie_OrgCode(Request)); if (!string.IsNullOrEmpty(strDa)) { if (!string.IsNullOrEmpty(condition)) { condition = condition + " and " + strDa; } else { condition = strDa; } } var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append("A.BillNo,A.GId,A.LrDate,A.JzDate,A.UserCode,A.UserName,A.OrgCode,A.OrgName,A.TruckNo,"); strSql.Append("(SELECT TRUCKNO FROM TMSWLTRUCK WHERE TRUCKNO=A.TRUCKNO) AS TruckNo_Ref,DrvName,"); strSql.Append("(SELECT DRVNAME FROM TMSWLDRIVER WHERE DRVCODE=A.DRVNAME) AS DRVNAME_REF,A.Mobile,dbo.trimdate(A.ExpDate) ExpDate,A.ContainerType,"); strSql.Append("(SELECT CtnName FROM VMSTRUCKCTN WHERE CTNCODE=A.CONTAINERTYPE) AS ContainerType_Ref,A.ContainerQty,A.VoyVeg, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKVOYINFO WHERE VOYCODE=A.VOYVEG) AS VoyVeg_Ref,A.EtDate,A.EndPortDate,A.MblNo,A.YardCode,"); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.YARDCODE) AS YardCode_Ref,A.YardName,A.RtnYardCode, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.RTNYARDCODE) AS RtnYardCode_Ref,A.RtnYardName,A.BSTYPE,"); strSql.Append("(SELECT ENUMVALUENAME FROM TSYSENUMVALUE WHERE LANGID=0 AND ENUMTYPEID=99025 AND ENUMVALUEID=A.BSTYPE) AS BSTYPE_REF,A.DstArea,A.DetiNation,A.FactoryAddr,A.LinkTel,A.LinkMan,A.RATEDMIL,A.RATEDFUEL "); strSql.Append(",A.FUELQTY,A.REALMIL,A.REALFUEL,A.NOLOADMIL,A.OVERLOADMIL,A.TON,A.AROUNDTON,A.LOADCOUNT,A.ARRIVEDATE,A.DDCODE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKUSER WHERE USERCODE=A.DDCODE) AS DDCODE_REF,A.DDNAME,A.RETURNDATE,A.REFBILLNO,A.REMARK,A.ISDOUBLE,A.REFBILLNOSE,A.CONTAINERTYPESE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCTN WHERE CTNCODE=A.CONTAINERTYPESE) AS CONTAINERTYPESE_REF,A.CONTAINERQTYSE,A.MBLNOSE,A.VOYVEGSE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKVOYINFO WHERE VOYCODE=A.VOYVEGSE) AS VOYVEGSE_REF,A.ETDATESE,A.ENDPORTDATESE,A.YARDCODESE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.YARDCODESE) AS YARDCODESE_REF,A.YARDNAMESE,A.DSTAREASE,A.FACTORYADDRSE,A.DETINATIONSE,A.LINKMANSE,A.LINKTELSE,A.RTNYARDCODESE, "); strSql.Append("(SELECT CODEANDNAME FROM VMSTRUCKCLIENT WHERE CUSTCODE=A.RTNYARDCODESE) AS RTNYARDCODESE_REF,A.RTNYARDNAMESE,A.BILLSTATUS, "); strSql.Append("(SELECT ENUMVALUENAME FROM TSYSENUMVALUE WHERE LANGID=0 AND ENUMTYPEID=99026 AND ENUMVALUEID=A.BILLSTATUS) AS BILLSTATUS_REF,A.FEESTATUS, "); strSql.Append("(SELECT ENUMVALUENAME FROM TSYSENUMVALUE WHERE LANGID=0 AND ENUMTYPEID=99027 AND ENUMVALUEID=A.FEESTATUS) AS FEESTATUS_REF,A.GID,A.TOTALMIL,A.LOADPLACE,A.LOADFUEL,A.NOLOADFUEL "); strSql.Append(",A.ARRIVETIME,A.RETURNTIME,A.CUSTLIKEMANCODE,A.CUSTLIKEMANNAME,A.CUSTTEL,A.DRVCODE,A.REFBILLNO"); strSql.Append(",A.CustomerName CUSTNAME,A.CustomerName ,A.F_CustomerName,A.CutoffTime,A.isEnd ,A.DETINATION,A.ContainerNo,A.SealNo "); strSql.Append(" ,(select description from info_client where shortname=tMsWlPcHead.CustomerName) CustomerNameFull "); strSql.Append(",case when TruckNo='' then '接单' else case when isnull(isend,0)=0 then '派车' else '完成' end end PCSTATUSREF "); strSql.Append(" from tMsWlPcHead A where 1=1 ");//and A.PcBillType='0'(表示叉车等类型派车) if (!string.IsNullOrEmpty(condition)) { strSql.Append(" and " + condition); } var sortstring = DatasetSort.Getsortstring(sort); if (!string.IsNullOrEmpty(sortstring)) { strSql.Append(" order by " + sortstring); } else { strSql.Append(" order by A.LRDATE DESC"); } var dbparams = new List(); var paramps_sSQL = new CustomDbParamter(); paramps_sSQL.ParameterName = "@sSQL"; paramps_sSQL.DbType = DbType.String; paramps_sSQL.Direction = ParameterDirection.Input; paramps_sSQL.Value = strSql.ToString(); dbparams.Add(paramps_sSQL); var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set"); var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true); return new ContentResult() { Content = json }; } public static string GetRangDAStr ( string tb, string userid, string usercode, string orgcode ) { string str = ""; var strSql = new StringBuilder(); strSql.Append("SELECT "); strSql.Append(" VISIBLERANGE,OPERATERANGE "); strSql.Append(" from VW_User_Authority "); strSql.Append(" where [NAME]='modTruckBs' and USERID='" + userid + "' and ISDELETE=0"); string visiblerange = "4"; string operaterange = "4"; Database db = DatabaseFactory.CreateDatabase(); DataSet ds = new DataSet(); using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString())) { while (reader.Read()) { visiblerange = Convert.ToString(reader["VISIBLERANGE"]); operaterange = Convert.ToString(reader["OPERATERANGE"]); break; } reader.Close(); } if (visiblerange == "4") { str = "1=2"; } else if (visiblerange == "3") { if (tb == "index") { str = " A.UserCode='" + usercode + "'"; } else { str = " UPPER(A.OrgCode)='" + orgcode + "'"; } } else if (visiblerange == "2") { if (tb == "index") { var rangeDa = new RangeDA(); var companyid = rangeDa.GetCORPID(userid); var deptname = rangeDa.GetDEPTNAME(userid); var userstr = new StringBuilder(); userstr.Append(" select codename from [user] where GID in (select USERID from user_company where COMPANYID='" + companyid + "') and GID in (select userid from user_baseinfo where DEPTNAME='" + deptname + "')"); Database userdb = DatabaseFactory.CreateDatabase(); using (IDataReader reader = userdb.ExecuteReader(CommandType.Text, userstr.ToString())) { str = ""; while (reader.Read()) { if (str == "") { str = "(A.usercode='" + Convert.ToString(reader["codename"]) + "'"; } else { str = str + " or A.usercode='" + Convert.ToString(reader["codename"]) + "'"; }; } str = str + ")"; reader.Close(); } } else { str = " UPPER(A.OrgCode)='" + orgcode + "'"; } } else if (visiblerange == "1") { str = " UPPER(A.OrgCode)='" + orgcode + "'"; } return str; } #region 参照部分 #endregion } }