Functional permissions for general permission system design

The permission design of the online management system seems to be based on relational databases. This time, our functional permissions no longer use relational databases and directly use object databases, experience the use of object-oriented databases in permission system design, so there is no traditional database design.

View the class chart directly

This is all you need

User user=new User("E0001");if(user.hasPermissioin("R001001001")){　　//执行R001001001所代表的功能操作，例如“添加工单”的操作}

Generally, you only need user <-> role <-> resource. Here, a resourcelist is added to make the system more flexible and separate system development and implementation. Resource management by developers and rescourcelist creation by system implementers. The role is managed by the user's permission administrator and rescourcelist is assigned to the role. This is almost necessary when the system has thousands of resources.

This is the solution! But there is another question: how to manage resources that require permission verification? Do I use if (user. haspermissioin ("r001001001 "))? You can do this. Write if (user. haspermissioin ("r001001001") on the programs to be controlled during development, and then configure the following in the resources. xml file. When going online, the implementer also obtains the original resources from resources. XML to form a permission list resourcelist. Resources. XML can be very simple

<resources>    <resource id="R001001001" name="添加工单"/>    <resource id="R001001002" name="修改工单"/>    ...</resources>

It seems that there is no problem in doing so, and it is not too troublesome, but a large number of programs exist in if (user. haspermissioin ("r001001001"), and in resources. fill in the Resource Name in XML, and an error may occur when an operation is added, and fill in resources. XML seems to be a dummies, and computers are suitable for dealing with dummies.

Annotations (called features in C #) are similar to XML as configuration files. You do not need to modify configurations frequently (only modified by developers) annotations are more suitable than the XML file configuration. XML will artificially separate the configuration from the code. It is inconvenient to view the source code to understand the ing relationship. The permission design here is exactly like this. Adding resources to a program will inevitably lead to resources. XML modification, resources. the modification of XML certainly also indicates that the program has been modified, that is, this configuration must be modified by developers, and the annotation/feature is very suitable.

[Resource(Name="工单模块")]class WorkOrder{
    [Resource(Name="创建工单")]    public Create(){    }    [Resource(Name="修改工单")]    public Modify(){    }}

What resources need to be managed in the system? Directly reflect the classes and methods with features. The resource ID can be directly indicated by class name + method name. Whether the current user has the permission to access this operation resource can be directly filtered in the Resource feature. In this way, program development is a very happy thing. To include the class or method of permission management, add [Resource (name = "")] above.

If the system is very large and contains several independent subsystems, XML-like configuration files may still need to be used flexibly.

Functional permissions for general permission system design