上一篇:安全存放web项目数据库连接字符串 >>
分享:Project级别的权限控制
在项目中常常要定义不同的Project级别的用户和权限,仿照windows的Role/User/Access Right的控制,我的实现如下:
1、在数据库中建立5个表:tSvRole, tSvUser, tSvObject, tSvRoleUser和tSvRoleObject,分别存储Role、User、Object、Role-User对应关系以及Role-Object对应关系。建表的tsql如下:
if exists (select * from dbo.sysobjects where id = object_id(N@#[dbo].[tSvObject]@#) and OBJECTPROPERTY(id, N@#IsUserTable@#) = 1)
drop table [dbo].[tSvObject]
GO
if exists (select * from dbo.sysobjects where id = object_id(N@#[dbo].[tSvRole]@#) and OBJECTPROPERTY(id, N@#IsUserTable@#) = 1)
drop table [dbo].[tSvRole]
GO
if exists (select * from dbo.sysobjects where id = object_id(N@#[dbo].[tSvRoleObject]@#) and OBJECTPROPERTY(id, N@#IsUserTable@#) = 1)
drop table [dbo].[tSvRoleObject]
GO
if exists (select * from dbo.sysobjects where id = object_id(N@#[dbo].[tSvRoleUser]@#) and OBJECTPROPERTY(id, N@#IsUserTable@#) = 1)
drop table [dbo].[tSvRoleUser]
GO
if exists (select * from dbo.sysobjects where id = object_id(N@#[dbo].[tSvUser]@#) and OBJECTPROPERTY(id, N@#IsUserTable@#) = 1)
drop table [dbo].[tSvUser]
GO
CREATE TABLE [dbo].[tSvObject] (
[fObjectId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fObjectName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvRole] (
[fRoleId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fRoleName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvRoleObject] (
[fRoleId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fObjectId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fVisible] [bit] NOT NULL ,
[fEnable] [bit] NOT NULL ,
[fExecutable] [bit] NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvRoleUser] (
[fRoleId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO
CREATE TABLE [dbo].[tSvUser] (
[fUserId] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserPwd] [nvarchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[fUserEmail] [varchar] (30) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvObject] WITH NOCHECK ADD
CONSTRAINT [PK_tSvObject] PRIMARY KEY CLUSTERED
(
[fObjectId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvRole] WITH NOCHECK ADD
CONSTRAINT [PK_tSvPrjRole] PRIMARY KEY CLUSTERED
(
[fRoleId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvRoleObject] WITH NOCHECK ADD
CONSTRAINT [DF_tSvRoleObject_fVisible] DEFAULT (0) FOR [fVisible],
CONSTRAINT [DF_tSvRoleObject_fEnabled] DEFAULT (0) FOR [fEnable],
CONSTRAINT [DF_tSvRoleObject_fExecutable] DEFAULT (0) FOR [fExecutable],
CONSTRAINT [PK_tSvRoleObject] PRIMARY KEY CLUSTERED
(
[fRoleId],
[fObjectId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvRoleUser] WITH NOCHECK ADD
CONSTRAINT [PK_tSvRoleUser] PRIMARY KEY CLUSTERED
(
[fRoleId],
[fUserId]
) ON [PRIMARY]
GO
ALTER TABLE [dbo].[tSvUser] WITH NOCHECK ADD
CONSTRAINT [PK_tSvPrjUser] PRIMARY KEY CLUSTERED
(
[fUserId]
) ON [PRIMARY]
GO
2、在程序中读取数据,函数是:
static public DataSet GetAdminData(String strDatabaseConnectionString)
{
DataSet ds;
SqlConnection sqlConnection = new SqlConnection();
SqlCommand sqlCommand = new SqlCommand();
sqlConnection.ConnectionString = strDatabaseConnectionString;
sqlCommand.CommandText = "[spSvAdminData]";
sqlCommand.CommandType = System.Data.CommandType.StoredProcedure;
sqlCommand.Connection = sqlConnection;
ds = new DataSet();
sqlConnection.Open();
SqlDataAdapter adap = new SqlDataAdapter(sqlCommand);
adap.Fill(ds);
sqlConnection.Close();
ds.Tables[0].TableName = "tRole";
ds.Tables[1].TableName = "tUser";
ds.Tables[2].TableName = "tObject";
ds.Tables[3].TableName = "tRoleUser";
ds.Tables[4].TableName = "tRoleObject";
return ds;
}
其中调用的stored procedure是:
if exists (select * from dbo.sysobjects where id = object_id(N@#[dbo].[spSvAdminData]@#) and OBJECTPROPERTY(id, N@#IsProcedure@#) = 1)
drop procedure [dbo].[spSvAdminData]
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_NULLS OFF
GO
CREATE PROCEDURE dbo.spSvAdminData AS
SELECT fRoleId, fRoleName
FROM tSvRole
ORDER BY fRoleId
SELECT fUserId, fUserName, fUserEmail
FROM tSvUser
ORDER BY fUserId
SELECT fObjectId, fObjectName
FROM tSvObject
ORDER BY fObjectId
SELECT fRoleId, fUserId
FROM tSvRoleUser
ORDER BY fRoleId, fUserId
SELECT fRoleId, fObjectId, fVisible, fEnable, fExecutable
FROM tSvRoleObject
ORDER BY fRoleId, fObjectId
GO
SET QUOTED_IDENTIFIER OFF
GO
SET ANSI_NULLS ON
GO
3、读取权限,判断某User是否可以访问某Object的函数是:
static public bool GetAccessRight(DataSet dsAdmin,
String tablenameRole, String tablenameUser, String tablenameObject,
String tablenameRoleUser, String tablenameRoleObject,
String fieldnameRole, String fieldnameUser, String fieldnameObject, String fieldnameAccessRight,
String strUserId, String strObjectId)
{
int i;
DataRow[] datarowObjectRoleList;
datarowObjectRoleList = dsAdmin.Tables[tablenameRoleObject].Select(fieldnameObject+"=@#"+strObjectId+"@#");
if(datarowObjectRoleList.GetLength(0) == 0)
return true;
for(i=0;i<datarowObjectRoleList.GetLength(0);i++)
{
DataRow datarowObjectRole;
datarowObjectRole = datarowObjectRoleList[i];
bool boolObjectRoleAccessRight = Convert.ToBoolean(datarowObjectRole[fieldnameAccessRight].ToString());
if(boolObjectRoleAccessRight == true)
{
String strRoleId = datarowObjectRole[fieldnameRole].ToString();
DataRow[] datarowObjectRoleUa;
datarowObjectRoleUa = dsAdmin.Tables[tablenameRoleUser].Select(fieldnameRole + "=@#" + strRoleId + "@# AND " + fieldnameUser + "=@#" + strUserId + "@#");
if(datarowObjectRoleUa.GetLength(0)>0)
return true;
}
}
return false;
}
这里的规则是:
A、如果此Object没有在Role-Object表中注册,则返回允许;
B、如果此User的任意一个Role在Role-Object表中注册了可访问此Object,则此User可访问此Object
C、否则禁止。
4、使用举例
在User管理页面,使用DataGrid列出User,使用DataGrid的Footer行作为添加User的地方,程序设定只有有“添加User权限”的人才会看到Footer行。如下:
UserGrid.ShowFooter = clsCommon.GetAccessRight(
dsAdmin, "tRole", "tUser", "tObject", "tRoleUser", "tRoleObject",
"fRoleId", "fUserId", "fObjectId", "fVisible",
Session["UserId"].ToString().Trim(), "ObjUserGridFooter");
小结:本方法使用Database与程序结合的方式,实现了Project级别User/Object访问权限的控制。
本文原发表于http://community.csdn.net/Expert/topic/3143/3143459.xml
下一篇:Solidworks二次开发—06—在装配体中添加配合 >>
相关文章:
- · solidworks二次开发-02-用来访问特征的两个API
- · solidworks二次开发-01-录制一个宏
- · 有关于web播放器的列表播放问题
- · Microsoft User Interface Process Application Block 研究(3)
- · ASP.NET中使用IFRAME建立类Modal窗口
- · 挤压造型Extrusion的节点说明和应用实例
- · .net 里面 protected private 的变量也可以访问
- · 怎样得到一个系统盘的全名,不是字符,是全名,如:本地磁盘(C:)?
- · ASP.NET中新的代码编译功能(三)
- · ASP.NET中新的代码编译功能(二)
- · ASP.NET中新的代码编译功能(一)
- · asp.net里,一个小的自定义错误显示
- · ASP.NET编程中的十大技巧
- · 在ASP.NET中面向对象的编程思想
- · 有史以来最牛B的.NET程序集加密方法?
- · 在ASP.NET中实现多文件上传
- · (论坛答疑点滴)怎么给Table动态添加控件并且得到控件的值?
- · (论坛答疑点滴)有的时候DataGrid取值取不到?
- · (论坛答疑点滴)联合主键的情况怎么在DataGrid中利用DataKeys定位记录?
- · (论坛答疑点滴)__doPostBack()无效?
- · ASP.net生成文字图片
- · 自定义类(ASP.NET_VB)
- · 小技术(ASP.NET)
- · ASP.NET控制EXCEL,完全结束进程
- · ASP.NET导出数据到Excel
- · Asp.net中Treeview终极解决方案!
- · 实现一个Asp.net自定义Back控件
- · 在asp.net中长内容自动分页的实现
- · asp.net利用多线程执行长时间的任务,客户端显示出任务的执行进度的示例(二)
- · asp.net利用多线程执行长时间的任务,客户端显示出任务的执行进度的示例(一)
- · 在ASP.NET中使用Global.asax文件
- · 解决ASP.NET上传文件大小限制
- · ASP.NET如何在窗体和窗体之间传送数据
- · 令你心动的Asp.net 开发中的MessageBox控件
- · asp.net三种重定向方法的总结
- · asp.net datagrid实现多层表头
- · 一个在ASP.NET中打印的问题
- · 使用ASP.NET Web服务代理的URL行为属性