- 1PS提示:因為圖層已鎖定,無法編輯圖層的處理方法
- 2Adobe Illustrator CS5 序列號大全
- 3picacg蘋果版怎么找不到|picacg ios版是不是下架了介紹
- 4ACDsee注冊碼免費分享(含ACDsee18、ACDsee10等版本)
- 5蘋果iphone自動時間不準確的多種校正方法
- 6PDF瀏覽器能看3D文件嗎?PDF瀏覽器看3D文件圖文詳細教程
- 7Potato(馬鈴薯聊天)怎么注冊不了|Potato不能注冊處理方法介紹
- 8Potato(土豆聊天)怎么換頭像|Potato app更改頭像方法介紹
- 9ipad版office如何激活? office365激活的圖文說明教程
- 10最新的Adobe Illustrator CS4序列號大全
- 11Mac怎么通過設置VPN來登錄youtube等國外網站
- 12qq郵件是否已讀怎么看 QQ郵箱已經發出去的郵件怎么知道對方是否已經查看
[摘要]在項目中常常要定義不同的Project級別的用戶和權限,仿照windows的Role/User/Access Right的控制,我的實現如下:1、在數據庫中建立5個表:tSvRole, tSvUser, tSvObject, tSvRoleUser和tSvRoleObject,分別存儲Role、U...
在項目中常常要定義不同的Project級別的用戶和權限,仿照windows的Role/User/Access Right的控制,我的實現如下:
1、在數據庫中建立5個表:tSvRole, tSvUser, tSvObject, tSvRoleUser和tSvRoleObject,分別存儲Role、User、Object、Role-User對應關系以及Role-Object對應關系。建表的tsql如下:
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tSvObject]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tSvObject]
GO
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tSvRole]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tSvRole]
GO
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tSvRoleObject]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tSvRoleObject]
GO
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tSvRoleUser]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tSvRoleUser]
GO
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tSvUser]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tSvUser]
GO
CREATE TABLE [dbo].[tSvObject] (
[fObjectId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fObjectName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvRole] (
[fRoleId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fRoleName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvRoleObject] (
[fRoleId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fObjectId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fVisible] [bit] NOT NULL ,
[fEnable] [bit] NOT NULL ,
[fExecutable] [bit] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvRoleUser] (
[fRoleId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvUser] (
[fUserId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserPwd] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserEmail] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvObject] WITH NOCHECK ADD
CONSTRAINT [PK_tSvObject] PRIMARY KEY CLUSTERED
(
[fObjectId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvRole] WITH NOCHECK ADD
CONSTRAINT [PK_tSvPrjRole] PRIMARY KEY CLUSTERED
(
[fRoleId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvRoleObject] WITH NOCHECK ADD
CONSTRAINT [DF_tSvRoleObject_fVisible] DEFAULT (0) FOR [fVisible],
CONSTRAINT [DF_tSvRoleObject_fEnabled] DEFAULT (0) FOR [fEnable],
CONSTRAINT [DF_tSvRoleObject_fExecutable] DEFAULT (0) FOR [fExecutable],
CONSTRAINT [PK_tSvRoleObject] PRIMARY KEY CLUSTERED
(
[fRoleId],
[fObjectId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvRoleUser] WITH NOCHECK ADD
CONSTRAINT [PK_tSvRoleUser] PRIMARY KEY CLUSTERED
(
[fRoleId],
[fUserId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvUser] WITH NOCHECK ADD
CONSTRAINT [PK_tSvPrjUser] PRIMARY KEY CLUSTERED
(
[fUserId]
) ON [PRIMARY]
GO
2、在程序中讀取數據,函數是:
static public DataSet GetAdminData(String strDatabaseConnectionString)
{
DataSet ds;
SqlConnection sqlConnection = new SqlConnection();
SqlCommand sqlCommand = new SqlCommand();
sqlConnection.ConnectionString = strDatabaseConnectionString;
sqlCommand.CommandText = "[spSvAdminData]";
sqlCommand.CommandType = System.Data.CommandType.StoredProcedure;
sqlCommand.Connection = sqlConnection;
ds = new DataSet();
sqlConnection.Open();
SqlDataAdapter adap = new SqlDataAdapter(sqlCommand);
adap.Fill(ds);
sqlConnection.Close();
ds.Tables[0].TableName = "tRole";
ds.Tables[1].TableName = "tUser";
ds.Tables[2].TableName = "tObject";
ds.Tables[3].TableName = "tRoleUser";
ds.Tables[4].TableName = "tRoleObject";
return ds;
}
其中調用的stored procedure是:
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[spSvAdminData]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
drop procedure [dbo].[spSvAdminData]
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_NULLS OFF
GO
CREATE PROCEDURE dbo.spSvAdminData AS
SELECT fRoleId, fRoleName
FROM tSvRole
ORDER BY fRoleId
SELECT fUserId, fUserName, fUserEmail
FROM tSvUser
ORDER BY fUserId
SELECT fObjectId, fObjectName
FROM tSvObject
ORDER BY fObjectId
SELECT fRoleId, fUserId
FROM tSvRoleUser
ORDER BY fRoleId, fUserId
SELECT fRoleId, fObjectId, fVisible, fEnable, fExecutable
FROM tSvRoleObject
ORDER BY fRoleId, fObjectId
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
3、讀取權限,判斷某User是否可以訪問某Object的函數是:
static public bool GetAccessRight(DataSet dsAdmin,
String tablenameRole, String tablenameUser, String tablenameObject,
String tablenameRoleUser, String tablenameRoleObject,
String fieldnameRole, String fieldnameUser, String fieldnameObject, String fieldnameAccessRight,
String strUserId, String strObjectId)
{
int i;
DataRow[] datarowObjectRoleList;
datarowObjectRoleList = dsAdmin.Tables[tablenameRoleObject].Select(fieldnameObject+"='"+strObjectId+"'");
if(datarowObjectRoleList.GetLength(0) == 0)
return true;
for(i=0;i<datarowObjectRoleList.GetLength(0);i++)
{
DataRow datarowObjectRole;
datarowObjectRole = datarowObjectRoleList[i];
bool boolObjectRoleAccessRight = Convert.ToBoolean(datarowObjectRole[fieldnameAccessRight].ToString());
if(boolObjectRoleAccessRight == true)
{
String strRoleId = datarowObjectRole[fieldnameRole].ToString();
DataRow[] datarowObjectRoleUa;
datarowObjectRoleUa = dsAdmin.Tables[tablenameRoleUser].Select(fieldnameRole + "='" + strRoleId + "' AND " + fieldnameUser + "='" + strUserId + "'");
if(datarowObjectRoleUa.GetLength(0)>0)
return true;
}
}
return false;
}
這里的規則是:
A、如果此Object沒有在Role-Object表中注冊,則返回允許;
B、如果此User的任意一個Role在Role-Object表中注冊了可訪問此Object,則此User可訪問此Object
C、否則禁止。
4、使用舉例
在User管理頁面,使用DataGrid列出User,使用DataGrid的Footer行作為添加User的地方,程序設定只有有“添加User權限”的人才會看到Footer行。如下:
UserGrid.ShowFooter = clsCommon.GetAccessRight(
dsAdmin, "tRole", "tUser", "tObject", "tRoleUser", "tRoleObject",
"fRoleId", "fUserId", "fObjectId", "fVisible",
Session["UserId"].ToString().Trim(), "ObjUserGridFooter");
小結:本方法使用Database與程序結合的方式,實現了Project級別User/Object訪問權限的控制。
推薦資訊 總人氣榜
最新教程 本月人氣
- 1Php調用Unix/Linux命令舉例
- 2從VB中調入Outlook的高級電子郵件與文件夾技巧
- 3對于在ORACLE下開發JAVA的幾個問題
- 4對于ASP源碼暴露的補丁 (MS,補丁)
- 5JUnit使用經驗(1) -- 轉自PMT雜志
- 6VB.NET中的變量范圍差異
- 7C++編程人員容易犯的10個C#錯
- 8PHP完成文件下載
- 9動網論壇上傳文件漏洞的原理以及攻擊的代碼完成
- 10PHP4實際應用經驗篇
- 11用C#寫vs插件中的一些Tip
- 12在ASP中取得服務器網卡的MAC地址、DNS地址等網絡信息
- 1htc one max真機開箱試玩視頻
- 2斗魚tv直播yy多少 斗魚tv直播yy頻道
- 3lumia920 Amber更新新增技巧演示視頻
- 43星s5電信版支持4g嗎?3星galaxy s5電信版支持4g網絡嗎?
- 5錘子手機支持4g網絡?錘子手機是否支持4g?
- 6劍靈玩的酷管家靠得住活動網址 啟用管家鎖得好禮
- 7劍靈進擊的海盜活動網址 神兵圖錄之進擊的海盜獎勵領取地址
- 8魅族mx4設置如何?魅族mx4設置參數評測
- 9魅族mx4指紋識別如何用?魅族mx4指紋識別使用圖文說明教程
- 10魅族mx4哪一個版本好?魅族mx4版本區別比較
- 11京東通信官網 京東通信網上營業廳網址
- 12小米3 art模式如何開?小米3打開art模式圖文說明教程
