using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Collections;
using HtgtBossDataAccess;
/// <summary>
///ModuleDemo 的摘要说明
/// </summary>
namespace HtgtBossWeb
{
    /// <summary>
    /// 检查用户是否登陆Module
    /// </summary>
    public class ModuleDemo : IHttpModule
    {
        HttpApplication application;
        string url = "";
        string Vitual = "";
        ArrayList arr;
        public ModuleDemo()
        {
               arr = new ArrayList();
    //在集合中添加公共页面
            string path = HttpContext.Current.Request.ApplicationPath;
            arr.Add(path + "/Pact/AddCustPactInfo.aspx");
            arr.Add(path + "/Cust/AddCustInfo.aspx");
            arr.Add(path + "/Cust/EditCustInfo.aspx");
            arr.Add(path + "/UserRole/AddOrgInfo.aspx");
            arr.Add(path + "/UserRole/EditOrgInfo.aspx");
            arr.Add(path + "/UserRole/AddUserInfo.aspx");
            arr.Add(path + "/UserRole/EditUserInfo.aspx");
            arr.Add(path + "/UserRole/ApplicationInfo.aspx");
            arr.Add(path + "/UserRole/CustInfo.aspx");
            arr.Add(path + "/UserRole/AddRoleInfo.aspx");
            arr.Add(path + "/UserRole/EditRoleInfo.aspx");
            arr.Add(path + "/UserRole/AddFunctionItemInfo.aspx");
            arr.Add(path + "/UserRole/EditFunctionItemInfo.aspx");
            //政策管理
            arr.Add(path + "/Policy/AddSpecialCode.aspx");
            arr.Add(path + "/Policy/AddSpecialRequire.aspx");
            arr.Add(path + "/Policy/AppSpecialCode.aspx");
            arr.Add(path + "/Policy/AppSpecialRequire.aspx");
            arr.Add(path + "/Policy/AddSpecialPact.aspx");
            arr.Add(path + "/Policy/AppSpecialPact.aspx");
            arr.Add(path + "/Policy/AddSpecialPolicy.aspx");
            arr.Add(path + "/Policy/AppSpecialPolicy.aspx");
            arr.Add(path + "/Policy/AddAgentPolicy.aspx");
            arr.Add(path + "/Policy/AddFlow.aspx");
            arr.Add(path + "/ErrorPage.aspx");
            arr.Add(path + "/login.aspx");
            arr.Add(path + "/Main.aspx");
            
        }
        public void Init(HttpApplication context)
        {
            context.AcquireRequestState += new EventHandler(context_AcquireRequestState);
        }
        void context_AcquireRequestState(object sender, EventArgs e)
        {
            #region 获取 每个访问请求的URL的路径,以便于和数据库比较取出相应的功能点ID
            application = (HttpApplication)sender;
            url = application.Context.Request.FilePath;
            Vitual = application.Context.Request.ApplicationPath;
            url = url.Replace(Vitual, "");
  
            string requestUrl = application.Request.Url.ToString();
            string requestPage = requestUrl.Substring(requestUrl.LastIndexOf('/') + 1);
            #endregion
            //下面几个页面不需要走权限验证
            if (arr.IndexOf(application.Context.Request.Path) >= 0 || application.Context.Request.Path.IndexOf(".ashx") >= 0 || application.Context.Request.Path.IndexOf(".html") >= 0)
            {
                if (application.Context.Session["User"] == null)
                {
                    if (requestPage != "Login.aspx")
                        application.Server.Transfer(Vitual + "/Login.aspx");
                }
                else
                {
                    return;
                }
            }
            else
            {
                if (url.ToLower().EndsWith(".aspx") || url.ToLower().EndsWith(".htm"))
                {
                    //Session
                    if (application.Context.Session["User"] == null)
                    {
                        if (requestPage != "Login.aspx")
                            application.Server.Transfer(Vitual + "/Login.aspx");
                    }
                    // 将所有页面在客户端不缓存,以实现数据的实时呈现性.
                    //也就是说,如果没有这个设置,当一些依靠session判断的是否能访问的页面,当session 超时,应该 不能访问了,但是由于IE缓存的存在,还是可以看到的. 
                    else
                    {
                        string userName = application.Context.Session["User"].ToString();
                        //查询当前请求的页面能否访问
                        LoginIn user = new LoginIn();
                        if (!user.CanUseModule(userName, url))
                        {
                            ();
                            application.Response.Write(string.Format("对不起!{0},您无权访问此模块!", userName));
                        }
   
                    }
                    application.Context.Response.Expires = 0;
                }
            }
        }
        public void Dispose()
        {
        }
    }
}