Home > Others

Sharing: Project-level permission control

Source: Internet
Author: User
Tags bool
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Control
In a project, you often define different project-level users and permissions, and, following the control of Windows role/user/access right, my implementation is as follows:

1, in the database to establish 5 tables: Tsvrole, Tsvuser, Tsvobject, Tsvroleuser and Tsvroleobject, respectively, storage role, User, Object, Role-user Correspondence Relation and Role-object correspondence relation. The TSQL of the table is as follows:

if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ Tsvobject] and OBJECTPROPERTY (ID, N ' isusertable ') = 1)
drop table [dbo]. [Tsvobject]
Go

if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ Tsvrole] and OBJECTPROPERTY (ID, N ' isusertable ') = 1)
drop table [dbo]. [Tsvrole]
Go

if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ Tsvroleobject] and OBJECTPROPERTY (ID, N ' isusertable ') = 1)
drop table [dbo]. [Tsvroleobject]
Go

if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ Tsvroleuser] and OBJECTPROPERTY (ID, N ' isusertable ') = 1)
drop table [dbo]. [Tsvroleuser]
Go

if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ Tsvuser] and OBJECTPROPERTY (ID, N ' isusertable ') = 1)
drop table [dbo]. [Tsvuser]
Go

CREATE TABLE [dbo]. [Tsvobject] (
[Fobjectid] [varchar] () COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Fobjectname] [varchar] (m) COLLATE SQL_Latin1_General_CP1_CI_AS not NULL
) on [PRIMARY]
Go

CREATE TABLE [dbo]. [Tsvrole] (
[Froleid] [varchar] () COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Frolename] [varchar] (m) COLLATE SQL_Latin1_General_CP1_CI_AS not NULL
) on [PRIMARY]
Go

CREATE TABLE [dbo]. [Tsvroleobject] (
[Froleid] [varchar] () COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Fobjectid] [varchar] () COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Fvisible] [Bit] Not NULL,
[Fenable] [Bit] Not NULL,
[Fexecutable] [Bit] Not NULL
) on [PRIMARY]
Go

CREATE TABLE [dbo]. [Tsvroleuser] (
[Froleid] [varchar] () COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Fuserid] [varchar] () COLLATE SQL_Latin1_General_CP1_CI_AS not NULL
) on [PRIMARY]
Go

CREATE TABLE [dbo]. [Tsvuser] (
[Fuserid] [varchar] () COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Fusername] [varchar] (m) COLLATE sql_latin1_general_cp1_ci_as not NULL,
[Fuserpwd] [nvarchar] (COLLATE) SQL_Latin1_General_CP1_CI_AS not NULL,
[Fuseremail] [varchar] () COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) on [PRIMARY]
Go

ALTER TABLE [dbo]. [Tsvobject] With NOCHECK ADD
CONSTRAINT [Pk_tsvobject] PRIMARY KEY CLUSTERED
(
[Fobjectid]
) on [PRIMARY]
Go

ALTER TABLE [dbo]. [Tsvrole] With NOCHECK ADD
CONSTRAINT [Pk_tsvprjrole] PRIMARY KEY CLUSTERED
(
[Froleid]
) on [PRIMARY]
Go

ALTER TABLE [dbo]. [Tsvroleobject] With NOCHECK ADD
CONSTRAINT [df_tsvroleobject_fvisible] DEFAULT (0) for [fvisible],
CONSTRAINT [df_tsvroleobject_fenabled] DEFAULT (0) for [fenable],
CONSTRAINT [df_tsvroleobject_fexecutable] DEFAULT (0) for [fexecutable],
CONSTRAINT [Pk_tsvroleobject] PRIMARY KEY CLUSTERED
(
[Froleid],
[Fobjectid]
) on [PRIMARY]
Go

ALTER TABLE [dbo]. [Tsvroleuser] With NOCHECK ADD
CONSTRAINT [Pk_tsvroleuser] PRIMARY KEY CLUSTERED
(
[Froleid],
[Fuserid]
) on [PRIMARY]
Go

ALTER TABLE [dbo]. [Tsvuser] With NOCHECK ADD
CONSTRAINT [Pk_tsvprjuser] PRIMARY KEY CLUSTERED
(
[Fuserid]
) on [PRIMARY]
Go

2, read the data in the program, the function is:

static public DataSet Getadmindata (String strdatabaseconnectionstring)
{
DataSet ds;

SqlConnection SqlConnection = New SqlConnection ();
SqlCommand SqlCommand = new SqlCommand ();

sqlconnection.connectionstring = strdatabaseconnectionstring;
Sqlcommand.commandtext = "[Spsvadmindata]";
Sqlcommand.commandtype = System.Data.CommandType.StoredProcedure;
Sqlcommand.connection = SqlConnection;
ds = new DataSet ();

Sqlconnection.open ();
SqlDataAdapter adap = new SqlDataAdapter (SqlCommand);

Adap. Fill (DS);
Sqlconnection.close ();

Ds. Tables[0]. TableName = "Trole";
Ds. TABLES[1]. TableName = "TUser";
Ds. TABLES[2]. TableName = "TObject";
Ds. TABLES[3]. TableName = "Troleuser";
Ds. TABLES[4]. TableName = "Troleobject";

return DS;
}

The stored procedure that is invoked is:
if exists (SELECT * from dbo.sysobjects WHERE id = object_id (N ' [dbo].[ Spsvadmindata] and OBJECTPROPERTY (ID, N ' isprocedure ') = 1)
drop procedure [dbo]. [Spsvadmindata]
Go

SET QUOTED_IDENTIFIER ON
Go
SET ansi_nulls off
Go

CREATE PROCEDURE Dbo.spsvadmindata as

SELECT Froleid, Frolename
From Tsvrole
ORDER BY Froleid

SELECT Fuserid, Fusername, Fuseremail
From Tsvuser
ORDER BY Fuserid

SELECT Fobjectid, Fobjectname
From Tsvobject
ORDER BY Fobjectid

SELECT Froleid, Fuserid
From Tsvroleuser
Order by Froleid, Fuserid

SELECT Froleid, Fobjectid, fvisible, fenable, fexecutable
From Tsvroleobject
Order by Froleid, Fobjectid
Go
SET QUOTED_IDENTIFIER OFF
Go
SET ANSI_NULLS on
Go

3, Read permission to determine whether a user can access an object function is:

static public bool Getaccessright (DataSet dsAdmin,
String Tablenamerole, String Tablenameuser, String tablenameobject,
String Tablenameroleuser, String tablenameroleobject,
String Fieldnamerole, String Fieldnameuser, String fieldnameobject, String fieldnameaccessright,
String strUserID, String strobjectid)
{
int i;
Datarow[] datarowobjectrolelist;
Datarowobjectrolelist = Dsadmin.tables[tablenameroleobject]. Select (fieldnameobject+ "=" "+strobjectid+");
if (datarowobjectrolelist.getlength (0) = = 0)
return true;
For (i=0;i<datarowobjectrolelist.getlength (0); i++)
{
DataRow Datarowobjectrole;
Datarowobjectrole = Datarowobjectrolelist[i];
BOOL Boolobjectroleaccessright = Convert.toboolean (Datarowobjectrole[fieldnameaccessright]. ToString ());
if (Boolobjectroleaccessright = = True)
{
String Strroleid = Datarowobjectrole[fieldnamerole]. ToString ();
Datarow[] Datarowobjectroleua;
Datarowobjectroleua = Dsadmin.tables[tablenameroleuser]. Select (fieldnamerole + "= '" + Strroleid + "' and" + fieldnameuser + "= '" + strUserID + "");
if (datarowobjectroleua.getlength (0) >0)
return true;
}
}
return false;
}


The rules here are:
A, if this object is not registered in the Role-object table, return allow;
B, if any role of this user is registered in the Role-object table to access this object, then this user can access this object
C, otherwise prohibited.

4, the use of examples
On the User admin page, use the DataGrid to list the user, and use the footer line of the DataGrid as the place to add user, and the program set only people with "Add user permissions" to see Footer rows. As follows:

Usergrid.showfooter = Clscommon.getaccessright (
DsAdmin, "Trole", "TUser", "TObject", "Troleuser", "Troleobject",
"Froleid", "Fuserid", "Fobjectid", "fvisible",
session["UserId"]. ToString (). Trim (), "Objusergridfooter");

Summary: This method implements the control of project level User/object access rights using the database and program combination.

This article was originally published in Http://community.csdn.net/Expert/topic/3143/3143459.xml


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
entry level project coordinator apache permission permission mode read permission trustedinstaller permission sharing debugger control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More