1. Data Structure
Mad_Popedom is the permission table, Control record controller name, Action record Action name.
Mad_Role is the role table.
2. Permission control implementation
Here, we use the simple AOP method and MVC Filter implementation. The Code is as follows:
Copy codeThe Code is as follows:
Using System. Collections. Generic;
Using System. Web. Mvc;
Using Madnet. Model. MadAdmin;
Using Madnet. BLL. MadAdmin;
Namespace Madnet. Controllers. MadAdmin
{
Public class SupportFilterAttribute: ActionFilterAttribute
{
Private bool _ IsLogin = true;
/// <Summary>
/// Logon required
/// </Summary>
Public bool IsLogin
{
Set
{
_ IsLogin = value;
}
Get
{
If (System. Configuration. ConfigurationManager. receivettings ["IsLogin"]! = Null)
{
Bool. TryParse (System. Configuration. ConfigurationManager. receivettings ["IsLogin"]. ToString (), out _ IsLogin );
}
Return _ IsLogin;
}
}
Public override void OnActionExecuting (ActionExecutingContext filterContext)
{
String controllerName = (string) filterContext. RouteData. Values ["controller"];
String actionName = (string) filterContext. RouteData. Values ["action"];
If (IsLogin & filterContext. HttpContext. Session ["Login_User"] = null)
{
FilterContext. HttpContext. Response. Redirect (new UrlHelper (filterContext. RequestContext). Action ("Login", "Default "));
FilterContext. Result = new EmptyResult ();
}
Else if (IsLogin & filterContext. HttpContext. Session ["Login_User"]! = Null)
{
Mad_User user = filterContext. HttpContext. Session ["Login_User"] as Mad_User;
If (! User. is_super)
{
If (! GetPopedom (user). Exists (p => p. Controller_Name = controllerName. ToLower () & p. Action_Name = actionName. ToLower ()))
{
FilterContext. HttpContext. Response. Write ("no permission ");
FilterContext. Result = new EmptyResult ();
}
}
}
}
/// <Summary>
/// Obtain all actions that the current user has the permission to perform
/// </Summary>
/// <Returns> </returns>
Public List <Atmodel> GetPopedom (Mad_User user)
{
List <Atmodel> ats = new List <Atmodel> ();
List <Mad_Popedom> pops = mad_popedow.l.getpopedombyuser (user. user_id );
Foreach (Mad_Popedom pop in pops)
{
Ats. Add (new AtModel () {Controller_Name = pop. Control, Action_Name = pop. Action });
}
Return ats;
}
}
}
The above code first obtains the Controller-Action that can be run by the login user before execution, and then compares it with the Controller-Action to be executed, otherwise, execution is not permitted.
3. add permissions for actions
For the sake of simplicity, for the Controller layer I come out of a class library independently, the advantage is that when we add permissions to the role, we don't need to manually input it, as long as the dll is reflected.
For a function that requires permission control, you only need to add the [SupportFilter] feature. Of course, this method can only be controlled at the Action level.
4. Add permissions for the role
This is relatively simple. You only need to associate the role with the permission. Here I use the reflection Controller layer dll.
Web. config
Global. asax. cs
Madnet. Controllers. Test Is the Controller layer dll.
Test Is the Controller name, index is the Action name, select the Action that can be accessed by role2, and submit it to the database. This figure shows that role2 has the access permission of Test1Controller, but does not have the access permission of Test2Controller and Test3Controller.
5. End
The above four steps have completed basic permission control. You can add user groups, users, menus, and other management functions to achieve a free combination of "user-role-permission". This is probably the case for a simple general background.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
