我正在使用会话存储我的用户信息,我想知道如何让每个用户访问他的私人文件文件夹?
我希望每个用户都可以访问他唯一的一个文件夹,而经理则可以访问整个文件夹。这可以通过会话完成吗?
这是User.cs:
[Table("Users")]
public class Users
{
[Key]
public string UserId { get; set; }
public string FirstName { get; set; }
public string LastName { get; set; }
public string Email { get; set; }
public string Password { get; set; }
[NotMapped]
public string ConfirmPassword { get; set; }
public string Role { get; set; }
public Guid? ResetPasswordCode { get; set; }
public bool IsEmailVerified { get; set; }
public Guid ActivationCode { get; set; }
}
DbContext连接到Db:
public class DikanDbContext : DbContext {
public DikanDbContext() : base ("name=DikanNetDB")
{ }
protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
}
public DbSet<Users> Users { get; set; }
}
登录控制器:
[HttpGet]
public ActionResult Login()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Login(UserLogin loginuser)
{
ViewBag.Status = false;
if (ModelState.IsValid)
{
using (DikanDbContext ctx = new DikanDbContext())
{
var account = ctx.Users.Where(e => e.UserId == loginuser.UserId).FirstOrDefault();
if (account != null)
{
if (string.Compare(Crypto.Hash(loginuser.Password), account.Password) == 0)
{
int timeout = loginuser.RememberMe ? 525600 : 120; // one year or 1.5 hour
switch (account.Role) // checks the role of the account to direct to their controller
{
case "Student":
if (account.IsEmailVerified) // checks if the student has verify with email
{
HttpContext.Session.Add("Student", account);
Session.Timeout = timeout;
var student = ctx.Students.Where(s => s.StudentId == account.UserId).FirstOrDefault();
if (student != null) // if the account found in student table
return RedirectToAction("Index", "Student");
else // not found in student table-> go to fill basic info
{
ViewBag.Status = true;
return RedirectToAction("UpdateStudent","Student");
}
}
return View();
case "Admin":
HttpContext.Session.Add("admin",account);
Session.Timeout = timeout;
return RedirectToAction("Index","Admin");
default: break;
}
}
}
}
}
return View(loginuser);
}
}
更新-每个用户都可以上传自己的文件,这些文件将保存在文件系统中的UsersFiles-> UserId下 如果我在url中写入到其他UserId的路由,则可以访问他们的文件,因此,我想阻止此操作。
文件类:
public static string SaveFileInServer(HttpPostedFileBase pFile, string pFileName, string pId,string pOldFile)
{
int fileSize = pFile.ContentLength;
var fileExt = Path.GetExtension(pFile.FileName);
var serverpathsave = Path.Combine(HttpContext.Current.Server.MapPath("~/UsersFiles/") + pId);
if (!Directory.Exists(serverpathsave))
Directory.CreateDirectory(serverpathsave);
if (!string.IsNullOrEmpty(pOldFile))
File.Delete(Path.Combine(serverpathsave ,pOldFile));
pFile.SaveAs(Path.Combine(serverpathsave, pFileName + fileExt)); // save file to server
return pFileName+fileExt;
}
/* The function get a file name and id of student
* and delete the file from the server database
*/
public static bool Delete(string pFileName, string pId)
{
if (string.IsNullOrEmpty(pFileName) || string.IsNullOrEmpty(pId))
return false;
var serverpath = Path.Combine(HttpContext.Current.Server.MapPath("~/UsersFiles/") + pId);
if (!Directory.Exists(serverpath)) return false;
File.Delete(Path.Combine(serverpath, pFileName));
return true;
}
每个用户的文件系统图片都有一个带有用户ID的文件夹:
将文件添加到服务器的示例
public ActionResult UpdateStudent(Student UpdateStudent)
{
if(UpdateStudent.FileId != null)
UpdateStudent.PathId = Files.SaveFileInServer(UpdateStudent.FileId, "Id", UpdateStudent.StudentId,(dbStudent == null) ? null:dbStudent.PathId);
if (dbStudent == null) // after first login fill more info
ctx.Students.Add(UpdateStudent); // add student to data base
else
ctx.Entry(dbStudent).CurrentValues.SetValues(UpdateStudent);// update student
ctx.SaveChanges();
if (tempuser != null && tempuser.IsEmailVerified == false) // if the student change the email disconnect from system
return RedirectToAction("Disconnect", "Login");
return RedirectToAction("Index");
}
}