C # permission management and design

In this article, I would like to share with you my views on permission management and design, as well as my personal views on software development.

When talking about 'permission management and design ', you may first think of jizara in this garden, in this regard, he can be regarded as a 'scale' or an expert-his 'General permission management system, look at his blog and you will know about it (it seems that I am promoting it to him, huh, huh ..., but in fact, is not). For the moment, I dare not say that at least we can see that his research is more in-depth and enthusiastic, and his system has a certain degree of 'maturity ', in his words, he is trying to do his best. He is working on a general permission management system. What is "general '? My personal understanding is as follows:

A. (mainstream) General databases-that is, the use of factory and other modes can be easily adapted to different (type) databases to ensure the portability of software. This focuses on database design!

B. permission management and judgment are common. The same solution or implementation method or idea can be used in different development languages and project types (big aspects such as B/s and c/s, for example, the permission system of Jiri, which is common in this aspect, can be applied to web and WinForm programs developed in C. -- I personally think that the (Implementation) idea (or solution) is more important, just like a good shopping cart implementation idea or solution, it can be well used in projects developed in php, jsp, C #, and other languages. [The solution to the problem is basically irrelevant to the programming language. The difference is the implementation ].

I think and learn about permission management and design. My main goal is to use my own ideas or (develop) in future project development) similar to the 'permission Management System 'of the auspicious brother, the permission management part in the software can be quickly and effectively implemented (the personal permission management part is still quite tricky ). I am not limited to my own (empty) ideas, but I also want to learn and study some project cases that I feel can improve my ideas and learn from, such: auspicious day's permission system (general permission management system) framework=src, MemberShip, phpcms, ecshop and so on-but due to the time relationship, only a rough look at the first two. [Thinking and learning, or researching, the method I suggest is: first determine or figure out the general idea, learn from and reference other project cases in the same direction as your research (preferably large-scale projects with a certain degree of maturity) to improve your own ideas (for reference Projects) yang, so that your research can stand at a high starting point (it can be called 'standing on the shoulders of giants ', huh, huh), and the research results will not be 'too failed '; because your idea is even better and more unique, and you cannot fully consider it. Maybe you think of a good idea, you can only consider one aspect of the problem, and there is no comparability with the excellent one. For example, if someone asks me to develop a CMS system for him, I suggest him: the CMS system is a huge project if he wants to do a good job that cannot be done by himself. If he really wants to develop it on his own, it is best to use phpcms and other popular CMS systems for reference. Otherwise, no matter whether it is functional or easy to use, it may be less than half of others. If you do project or research, you can't do it blindly. You need to learn more about excellent projects. Otherwise, your project or research will die in development !].Copy codeThe Code is as follows: // <summary>
/// Obtain user permissions and operation Permissions
/// </Summary>
Private void GetPermission ()
{
This. DbHelper. Open ();

// User operation Permissions
This. btnUserAdd. Enabled = this. IsAuthorized ("User. Add ");
This. btnUserDelete. Enabled = this. IsAuthorized ("User. Delete ");
This. btnUserExport. Enabled = this. IsAuthorized ("User. Export ");
This. btnUserImport. Enabled = this. IsAuthorized ("User. Import ");
This. btnUserPrint. Enabled = this. IsAuthorized ("User. Print ");
This. btnUserUpdate. Enabled = this. IsAuthorized ("User. Update ");
// Role operation Permissions
This. btnRoleAdd. Enabled = this. IsAuthorized ("Role. Add ");
This. btnRoleDelete. Enabled = this. IsAuthorized ("Role. Delete ");
This. btnRoleExport. Enabled = this. IsAuthorized ("Role. Export ");
This. btnRoleImport. Enabled = this. IsAuthorized ("Role. Import ");
This. btnRolePrint. Enabled = this. IsAuthorized ("Role. Print ");
This. btnRoleUpdate. Enabled = this. IsAuthorized ("Role. Update ");

This. DbHelper. Close ();
}

The above is a piece of code in the Permission project of the Permission system of Jiri. You can see it at a Glance-based on the permissions of the current Login User, determine whether the buttons on the page are available, it is because I personally feel that this code is not concise and effective. We recommend that you use a set to process and determine permissions. [This is also a simple and feasible method I have considered, the specific ideas should be further considered and discussed with you.]

When looking at the Framework framework SRC System (general permission management system), I also felt that the process of permission judgment was cumbersome. More importantly, I found a bug-it may be in many software, easy to neglect-Permission judgment is not thorough enough. The result of a good permission management should be to ensure that the software is secure enough (from the root) to prohibit the user from "doing what he cannot do ". This bug is: After I log on to the system as user A, this user does not have the permission to add members, but I want to test whether the permission control is thorough, access the Add member page directly in the Url. Who knows? I went in. However, the prompt "no permission for this operation" is displayed when I click "OK, please check whether permission management in your software is safe and thorough. Operation buttons are invisible or unavailable, and do not control 'users' operations from the root cause. You must add permission judgment to the submitted method or processing. It is like submitting js verification on login or registration pages. No matter how perfect or powerful the writing is, you must add necessary judgments in the background code!

Now, I want to write it here for the time being. (I find it takes time to write a blog with my heart.) I hope my friends who are doing this research will give me more comments!