using Bowin.Common.DES; using Bowin.Common.WebModels; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using YLShipBuildLandMap.Entity.ViewModel; using YLShipBuildLandMap.Services.SystemSetting; namespace YLShipBuildLandMap.Web.Controllers.SystemSetting { [Route("api/systemsetting/[controller]/[action]")] [ApiController] [Authorize] public class ExecSqlController : ControllerBase { private IExecSqlService ExecSqlService { get; set; } private readonly IDesAccessor DesAccessor; private Guid adminUserId = Guid.Parse("0905539A-29AC-4A28-B3AB-A4D8EDBC2535"); private string md5verCode = "DB6FF5AEF4426CA805674506B4248294"; public ExecSqlController(IExecSqlService execSqlService, IUserService userService, IDesAccessor desAccessor) { ExecSqlService = execSqlService; this.DesAccessor = desAccessor; } [HttpPost] public ResultMessage select([FromBody] DesModel inputObject) { return ResultMessage.Success(ExecSqlService.select(getSql(inputObject))); } [HttpPost] public ResultMessage insert([FromBody] DesModel inputObject) { return ResultMessage.Success(ExecSqlService.insert(getSql(inputObject))); } [HttpPost] public ResultMessage update([FromBody] DesModel inputObject) { return ResultMessage.Success(ExecSqlService.update(getSql(inputObject))); } [HttpPost] public ResultMessage delete([FromBody] DesModel inputObject) { return ResultMessage.Success(ExecSqlService.delete(getSql(inputObject))); } private string getSql(DesModel inputObject) { var data = this.DesAccessor.DeDesToken(inputObject).Split('|'); string sql = data[0]; string verCode = data[1]; if(!LoginUser.Current.UserID.Equals(adminUserId) || !verCode.ToUpper().Equals(md5verCode)) throw new Exception("无权限操作"); return sql; } } }