Permission System Design

1 Requirement

Currently, the permission requirements for this project can be summarized as follows:

1. Users are role-based. Each user belongs to and belongs to only one role.
2. At least one Super User exists in the system, and the user has all permissions. Only Super Users have user management permissions.
3. Super Users can define permissions for only one person.
4. There are two basic types of permission judgment:
   1. The parameter permission is not included. For example, whether a user can add or manage usersArticleCATEGORY permissions.
   2. Include parameter permissions. For example, whether a user has the document management permission for a certain category, a certain category here is a parameter.

Category 2

Where:

1. Userrole indicates the User Role and user indicates the user.
2. User contains a reference to userrole, indicating which role the user belongs.
3. Both userrole and user have the power permission, that is, they have a reference to power.
4. Power actually processes the judgment of permissions. The haspower methods of userrole and user are finally delegated to the haspower method of power.
5. Poweritem describes the permission items in the system.

3 call

The parameter-free permission is determined to be:

User user = getuser ();BoolIsuserhasarticleclassmanagepower = user. haspower (poweritem. articleclassmanage );

The parameter-included permission is determined

User user = getuser ();BoolIsuserhasarticlepower = user. haspower (poweritem. articlemanage, somearticleclassid );

Set the user and user group to have the following permissions:

User user = getuser (); userrole = getuserrole (); Power = user. Power;// Or power = userrole. Power;Power. setpower (poweritem. articleclassmanage); Power. setpower (poweritem. articlemanage, somearicleclassid );

Clear a user or user group with the following permissions:

User user = getuser (); userrole = getuserrole (); Power = user. Power;// Or power = userrole. Power;Power. clearpower (poweritem. articleclassmanage); Power. clearpower (poweritem. articlemanage, somearicleclassid );

4. Implementation

The haspower method of user is implemented as follows:

 
1:/// <Summary>
 

 
2:/// Determine whether a permission exists
 

 
3:/// </Summary>
 

 
4:/// <Param name = "powertype"> permission type </param>
 

 
5:/// <Param name = "Param"> determine the required parameter </param>
 

6:/// <Returns> whether the permission is granted </returns>
 

 
7:Public BoolHaspower (poweritem powertype,ObjectParam)
 

 
8:{
 

 
9:// The Super User has all Permissions
 

 
10:If(_ Issuper)Return True;
 

 
11: 
 

 
12:// If the user is a user-defined permission, use the user's own permission for judgment,
 

 
13:// Otherwise, use the permissions of the corresponding role for judgment
 

14:If(_ Iscustompower)
 

 
15:ReturnPower. haspower (powertype, Param );
 

 
16:Else
 

 
17:Return_ Userrole. entity. haspower (powertype, Param );
 

 
18:}
 

The haspower method of userrole is relatively simple. It is just the haspower method entrusted to its power members:

Public BoolHaspower (poweritem powertype,ObjectParam ){Return This. Power. haspower (powertype, Param );}

Power class is the core of permission judgment.

Its member powers saves all permissions in the form. The permission position in the sequence corresponds to the enumerated value of the permission item. For example, if the value of poweritem. articleclassmanage is 1, the second number of the series "," (The subscript starts from scratch) indicates whether it has the articleclassmanage permission.

Permission for parameters. For example, in poweritem. articlemanage, a member aritcleclasses stores all the true parameters. If the value of the member is "1, 2, 5", it indicates that the user or the role has the permission to manage the three articles with the ID of 1, 2, 5.

Its haspower method is:

 
1:Public BoolHaspower (poweritem powertype,ObjectParam)
 

 
2:{
 

 
3:If(! Haspower (powertype ))Return False;
 

 
4: 
 

 
5:// Judge based on parameters
 

6:Switch(Powertype)
 

 
7:{
 

 
8:CasePoweritem. articlemanage:
 

 
9:ReturnHaspower (_ aritcleclass, Param );
 

 
10:Default:
 

 
11:Return True;
 

 
12:}
 

 
13:}
 

For details about the private method, referCode.

5. Database

6. Sample Code

Click to download