DS7/DSWeb/Areas/RptMng/Controllers/MsRptTruckCheckController.cs

using System;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using DSWeb.Areas.CommMng.DAL;
using DSWeb.Areas.RptMng.Comm;
using DSWeb.TruckMng.Helper;
using System.Text;
using Microsoft.Practices.EnterpriseLibrary.Data;
using HcUtility.Comm;
using DSWeb.TruckMng.Comm.Cookie;
using DSWeb.Areas.CommMng.Models;
using DSWeb.EntityDA;
using DSWeb.SoftMng.Filter;

namespace DSWeb.Areas.RptMng.Controllers
{
    [JsonRequestBehavior]
    public class MsRptTruckCheckController : Controller
    {
        //
        // GET: /RptMng/MsRptTruckCheck
        public ActionResult Index()
        {
            return View();
        }

        //
        // GET：/RptMng/MsRptTruckCheck/QryData
        [SqlKeyWordsFilter(Type = "Action")]//sql 防注入过滤器
        public ContentResult QryData(int start, int limit, string condition, string sort)
        {
            var strDa = GetRangDAStr("index", Convert.ToString(Session["USERID"]), CookieConfig.GetCookie_UserCode(Request), CookieConfig.GetCookie_OrgCode(Request));

            if (!string.IsNullOrEmpty(strDa))
            {
                if (!string.IsNullOrEmpty(condition))
                {
                    condition = condition + " and " + strDa;
                }
                else
                {
                    condition = strDa;
                }
            }

            var strSql = new StringBuilder();
            strSql.Append("SELECT ");
            strSql.Append("ORGCODE, TRUCKNO, NSDQDATE, TRUNCCLASS, NATIVEADDR ");
            strSql.Append(" FROM TMSWLTRUCK ");

            if (!string.IsNullOrEmpty(condition))
            {
                strSql.Append(" where " + condition);
            }
            var sortstring = DatasetSort.Getsortstring(sort);
            if (!string.IsNullOrEmpty(sortstring))
            {
                strSql.Append(" order by " + sortstring);
            }


            var dbparams = new List<CustomDbParamter>();

            var paramps_sSQL = new CustomDbParamter();
            paramps_sSQL.ParameterName = "@sSQL";
            paramps_sSQL.DbType = DbType.String;
            paramps_sSQL.Direction = ParameterDirection.Input;
            paramps_sSQL.Value = strSql.ToString();
            dbparams.Add(paramps_sSQL);

            var dbRptResult = PubSysDAL.GetMsSqlPrcDataSet("sMsExesqlQry", dbparams, "Result_Set");
            var json = RptHelper.GetRptJsonResult(start, limit, dbRptResult, "Result_Set", true);
            return new ContentResult() { Content = json };
        }



        public static string GetRangDAStr(string tb, string userid, string usercode, string orgcode)
        {
            string str = "";
            var strSql = new StringBuilder();
            strSql.Append("SELECT ");
            strSql.Append(" VISIBLERANGE,OPERATERANGE ");
            strSql.Append("  from VW_User_Authority ");
            strSql.Append("  where [NAME]='modTruckCar' and USERID='" + userid + "' and ISDELETE=0");

            string visiblerange = "4";
            string operaterange = "4";

            Database db = DatabaseFactory.CreateDatabase();
            using (IDataReader reader = db.ExecuteReader(CommandType.Text, strSql.ToString()))
            {
                while (reader.Read())
                {
                    visiblerange = Convert.ToString(reader["VISIBLERANGE"]);
                    operaterange = Convert.ToString(reader["OPERATERANGE"]);
                    break;
                }
                reader.Close();
            }
            if (visiblerange == "4")
            {
                str = "1=2";
            }
            else if (visiblerange == "3")
            {

                str = " UPPER(ORGCODE)='" + orgcode + "'";

            }
            else if (visiblerange == "2")
            {
                str = " UPPER(ORGCODE)='" + orgcode + "'";

            }
            else if (visiblerange == "1")
            {
                str = " ORGCODE='" + orgcode + "'";
            }

            return str;
        }


        #region 参照部分

        #endregion

    }
}