Detailed analysis of ASP. NET role permission Module

Context: Generally, the system has different user roles, such as system administrator admin, Super User manager, and general user worker.
Previously, a session was used to reserve a value, for example, session ["userType.
Features: convenient, but after all, different roles have different attribute quantities and types. For example, in an Intermediary management system:
Admin:
ChannelID; intermediary institution
LoginID; Login id
RealName; real name

Manager and worker
ChannelID; intermediary institution
LoginID; Login id
RealName; real name
GroupID; Team
Level (manager, work)
Level2; Additional Permissions

More different attributes may be added later.
Potential problem: there will be issues with session reference.
For admin login. Admin does not have the groupID variable. However, session ["groupID"] is incorrect in the program.
Even if session ["groupid"] is assigned a blank value, there are many potential bugs.


First reflected Solution
Instead of directly using the session, we can use the attributes of three classes of worker, manager, and admin. (An object is retained in the session, which is an instance of these three classes)
Class obtains the role level based on session ["userType.
For example, if ("1" = session ["userType"]) {worker me = new worker ()}
Solved the problem of variable of different roles and users.
The problem is that you can directly obtain the User Login id through session ["loginID. Currently, it cannot be used directly. You need to get different classes first and then get them straight.
Getinfo ()
{
String loginid = "";
If ("1" = session ["userType"]) {worker me = new worker (); loginid = me. loginid ;}
Else
{....}
}


Then we will naturally think of defining the base class and inheritance.

One solution
Of course we are familiar with class inheritance. We all know that inheritance is not needed.
Parent class: baseuser
Subclass: worker, admin, manager


Public class baseUser
{
Public readonly int channelID;
Public readonly string loginID;
Public readonly string realName;
Public readonly webenum. userType level;

Public baseUser (int channelid, string loginid, string realname, webenum. userType levela)
{
ChannelID = channelid;
LoginID = loginid;
RealName = realname;
Level = levela;
}
}

Public class worker: baseUser
{
Public readonly string level2;
Public readonly int groupID;

Public worker (int channelid, string loginid, string realname, string level2a, int groupid): base (channelid, loginid, realname, webenum. userType. worker)
{
Level2 = level2a;
GroupID = groupid;
}
}

Public class manager: baseUser
{
Public readonly string level2;
Public readonly int groupID;

Public manager (int channelid, string loginid, string realname, string level2a, int groupid)
: Base (channelid, loginid, realname, webenum. userType. groupmanage)
{
Level2 = level2a;
GroupID = groupid;
}
}

Public class admin: baseUser
{
Public admin (int channelid, string loginid, string realname)
: Base (channelid, loginid, realname, webenum. userType. admin)
{}
}


Let's see how we initialize it.
If ("0" = type)
{
Zjpx. BLL. zj_worker bllworker = new zjpx. BLL. zj_worker ();
Zjpx. Model. zj_worker me = bllworker. loginCheck (loginname, psw );
If (me! = Null)
{
If (me. w_level = (int) WebUtility. webenum. userType. groupmanage)
{
WebUtility. baseUser userInfo = new channelpx. WebUtility. manager (me. w_zj, me. w_name, me. w_rname, me. w_level2, me. w_tuandui );
Session ["userinfo"] = userInfo;
}
Else if (me. w_level = (int) WebUtility. webenum. userType. worker)
{
WebUtility. baseUser userInfo = new channelpx. WebUtility. worker (me. w_zj, me. w_name, me. w_rname, me. w_level2, me. w_tuandui );
Session ["userinfo"] = userInfo;
}
}
}
// Administrator
Else
{
// Zjpx. Model. zj_worker me = bllworker. loginCheck (loginname, psw );
If (true)
{
WebUtility. baseUser userInfo = new channelpx. WebUtility. admin (6, loginname ,"");
Session ["userinfo"] = userInfo;
}
}

The first problem is that the session is not directly used, and the session will not be referenced in time, or the session will be wrong.
The second problem: using the base class, you can directly use the common attributes.

Model. zj_worker me = bllworker. loginCheck (loginname, psw );
BaseUser userInfo = new worker (me. w_zj, me. w_name, me. w_rname, me. w_level, me. w_level2, me. w_tuandui, WebUtility. webenum. userType. groupmanage );
Session ["userinfo"] = userInfo;

Directly use session ["userinfo"].
You need to know which subclass it is.
Yes
Public static bool isgroupmanage ()
{
If (HttpContext. Current. Session ["userinfo"]! = Null & typeof (manager) = HttpContext. Current. Session ["userinfo"]. GetType ())
{
Return true;
}
Else
{
Return false;
}
}

Then it can be converted into a subclass.
Admin myadmin = (admin) me;

Ps:

1. You can write a class that inherits the custom page, such as adminpage: page.
Public class adminpage: basepage
{
Public new WebUtility. admin me;
Protected override void OnPreInit (EventArgs e)
{
Base. OnPreInit (e );
If (! WebUtility. userHelper. isadmin ())
{
HttpContext. Current. Response. Redirect ("/nolevel. aspx ");
}
Else
{
Me = (WebUtility. admin) base. me;
}
}
}

Defines a property public new WebUtility. admin me; (hides the me of the base class)
Then let the Administrator manage the page to inherit from the adminpage class. Then we can directly use the me class. You can also perform many basic operations in adminpage.

The general page of the Administrator and common login user can define the attribute baseuser (base class)

Public class basepage: Page
{
Public WebUtility. baseUser me;
Protected override void OnPreInit (EventArgs e)
{
If (! WebUtility. userHelper. checkLogin ())
{
Response. Redirect ("/login. aspx", true );
}
Else
{
Me = (WebUtility. baseUser) Session ["userinfo"];
}
Base. OnPreInit (e );
}
}

Different classes are inherited. The me we get is an instance of different classes.

2.
Since enumeration is provided, we still use enumeration to replace 1, 2, and 3 of a simple int to represent the user level.