Special statement:
The source code provided already contains all the sources of Appboxpro, and after opening the project with VS2012, the direct ctrl+f5 can be run (the default is to use the VS own LocalDB database).
Fineuipro is a commercial process, only contains the v1.7.0 beta version of the DLL, of course, you can also switch Fineuipro to Fineui (open source version), open source version.
Appboxpro is a general rights management framework based on the Fineuipro and Entity framework, including user management, title management, departmental management, role management, role rights management and other modules.
I have previously written articles about Appbox, but mainly focus on the use of EntityFramework:
- appbox_v2.0 full version free download, and appbox_v3.0 official release!
- Appbox upgrade-Embrace the Entity Framework's Code First development model
- Appbox upgrade in progress-flat permissions Design
- Appbox Upgrade-Entity framework additions and deletions
- Appbox When an upgrade is in progress-how to pass string parameters to the by-way (Entity Framework)
- Appbox Upgrade on-association table Query and update (Entity Framework)
- Appbox Upgrade in progress-attach trap (Entity Framework)
- Appbox When an upgrade is in progress-the use of any and all (Entity Framework)
Today, in addition to the latest source code for public Appboxpro, I mainly introduce the following if you do not control the permissions to the table inline button.
1. Appbox Architecture Analysis
Rights Management in Appbox involves several concepts: roles, users, permissions, pages
- Roles: Used to group users, and permissions are actually corresponding to roles
- User: One user can belong to more than one role
- Permissions: A list of top-level permissions, such as "Coredeptview" means the Department browse permission, in order to facilitate the management of rights, we also give permission a simple grouping
- Page: User operation of the carrier, a page can have multiple permissions, this control is in the page code, the initiative in the page
Use a graph to outline this architecture:
2. Permissions and page, role relationship
2.1 Permissions and Pages: before we mentioned what permissions the page has, this definition is in the page code, not in the database.
This provides the flexibility of a larger program, which is equivalent to each page being able to select the permissions it needs from the entire site's set of permissions.
For example, the Department list page (dept.aspx), we need to apply "department Browse permission", this code is defined in the Dept.aspx.cs:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Publicpartialclassdept:pagebase {//<summary>////This page has an empty string indicating that this page is not under rights control///</summary> Publicoverridestringviewpower {get {return ' Coredeptview '; } } |
Because "Browse permissions" can be used on every page, we put the code that handles the "Browse permission" in the base class PageBase.cs:
1 2 3 4 5 6 7 8 9 10 11 12 |
publicclassPageBase:System.Web.UI.Page {protectedoverridevoidoninit (EventArgs e) {base. OnInit (e); Whether this user has permission to access this page if (! Checkpowerview ()) {checkpowerfailwithpage (); Return } |
In Checkpowerview, you need to get the role that the current logged-on user belongs to, and then find out if this role has the definition of "coredeptview" permission:
1 2 3 4 5 6 7 8 9-All of the ten-to-one (+) |
//<summary>///Check whether the current user has browse permissions for the current page//the page needs to define the Viewpower property to determine the corresponding relationship between the page and a browse permission///</summary>//< Returns></returns> Protectedboolcheckpowerview () { returncheckpower (ViewPower);} //<summary>//Check whether the current user has a permission//</summary>//<param name= "Powertype" ></param>/// Lt;returns></returns> Protectedboolcheckpower (stringpowername) { //If the permission name is NULL, release if (String.IsNullOrEmpty (powername)) { returntrue; } //permission list for the currently logged on user List<string> Rolepowernames = Getrolepowernames (); if (Rolepowernames.contains (powername)) { returntrue; } returnfalse; } |
One more thing to note: Two pages may require the same permission
And the logic that this permission appears on the page is different, such as "Coredeptedit" permissions (editorial Department):
On the dept.aspx page, use to control the enabled disabled state of the buttons in the table row:
1 2 3 4 5 6 |
Protectedvoidgrid1_predatabound (Objectsender, EventArgs e) {///data binding prior to the permission check Checkpowerwithwindowfield ("Coredepte Dit ", Grid1," EditField "); Checkpowerwithlinkbuttonfield ("Coredeptdelete", Grid1, "DeleteField"); } |
On the dept_edit.aspx page, you control the browsing permissions on this page:
1 2 3 4 5 6 7 8 9 |
Publicpartialclassdept_edit:pagebase {publicoverridestringviewpower {get {return} Coredeptedit "; } } |
2.2 Permissions and roles: This correspondence is defined in the database, and the corresponding page operator interface is shown below.
3. Control the permissions to the table inline button
Through the above introduction, we have a general understanding of the permissions control in Appbox.
Below, we use a small case to show how to control the permissions to the table row buttons, or "Coredeptedit" this permission as an example.
3.1. First admin (Admin) Login
3.2. Create a new role (Test role)
3.3. A user belonging to this role (TestUser)
3.4. Add testuser to the test role
3.5. Set permissions for the test role (note that the Edit Department permission is not selected)
3.6. Login with the newly created user testuser
3.7. New user testuser does not have permission to edit the department
Key Code (more detailed implementation, please download all the source code yourself):
In the Dept.aspx.cs:
1 2 3 4 5 6 7 |
publicpartialclassdept:pagebase {protectedvoidgrid1_predatabound (Objectsender, EventArgs e) {//Before data binding , perform permission check Checkpowerwithwindowfield ("Coredeptedit", Grid1, "EditField"); |
In the PageBase.cs:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
publicclassPageBase:System.Web.UI.Page {Protectedvoidcheckpowerwithwindowfield (stringpowername, Fineuipro.grid Grid,stringcolumnid) {if (! Checkpower (Powername)) {Checkpowerfailwithwindowfield (grid, ColumnID); }} Protectedvoidcheckpowerfailwithwindowfield (Fineuipro.grid grid,stringcolumnid) {FineUIPro.Windo Wfield btn = grid. Findcolumn (ColumnID) Asfineuipro.windowfield; Btn. Enabled =false; Btn. ToolTip = Check_power_fail_action_message; } |
Summary
Appbox's permissions control is very flexible and simple, and provides fine granularity to every corner of the page, not just page browsing, editing, deletion, new, or even a specific button to enable the disabled, the display of a Div hidden, a panel of the folding expansion, in fact, control is in your hands.
All source code Download
Http://yun.baidu.com/s/1gdAEOPd
Appboxpro-fine-grained universal Rights management framework (controllable table inline button) source Code provides download