Hierarchical permission Control Using ASP

Hierarchical permission Control Using ASP
This article implements hierarchical permission control in an accounting management system. The program is written using ASP and avasloud and runs on the win NT Server with IIS4.0, which is fast and easy to maintain.
The permission levels are as follows:
(1) President and Chief Financial Officer: no input is allowed, and unlimited query and statistics are allowed;
(2) Vice President: you cannot enter the account. You can query and count the accounts of the departments in charge of the account;
③ Department leader: You can query and count the account of the department if you cannot enter the account;
④ Accounting: You can enter the account of each department (an accountant sometimes has to make accounts for several departments). You can only query and count the accounts you have entered.
The databases and fields involved are as follows:
①. JK_USER database and fields: id (serial number), bmid (Department number), username (user name), pwd (password), right (permission value );
②. BM database and field: id (serial number) and bmid (Department number );
③ JZPZ database and fields: id (serial number), bm (department), zgs (subsidiary), xmz (Project Team), xm (Project), sr (revenue ), zc (expenditure), szfx (Income and Expenditure direction), szxs (Income and Expenditure form ),
Rq (date), jbr (operator), lrr (entry person), szsm (Income and Expenditure description );
4. ZGS database and field: id (serial number), zgs (subsidiary) name (company name), and bmid (Department number ).
1. verify the validity of the user identity first
Compare the user name and password submitted by the user with the fields in the database JK_USER to determine its validity. Only valid users (who have transferred their ownership) can access the account. Valid users have

Four permission levels: 1, 2, 3, and 4. (Program omitted ).
2. credential accounting (hierarchical permission Control)
The Credential accounting function is designed for accountants and cannot be used by others. For example, when you enter the credential entry interface as a non-accountant, only the "query accounting credential" button is available. Other functions

The button is invisible. The entered creden are first stored in a temporary table, which is called the "unrecorded credential library ", only after the "credential accounting" function is run can you enter the credential in the "credential library" in the "unrecorded credential library"

Modify. Some programs are as follows:
'Non-accounting personnel enter. The "credential accounting" and "Save non-accounting creden”" buttons are not displayed
If (thisPage. firstEntered) then
If session ("tright") <> "1" then
Button1.hide
Button2.hide
End if
............
'Automatically enter the time and operator
Textbox7.value = year (date) & "-" & month (date) & "-" & day (date)
Textbox9.value = session ("username ")
Set cnn1 = server. CreateObject ("adodb. connection ")
Set rst1 = server. CreateObject ("adodb. recordset ")
Cnn1.CursorLocation = 3
Cnn1.ConnectionTimeout = 30
Cnn1.Open "DSN = jky"
Rst1.Open "select * from bm", cnn1, 1,1, ad1_text
If rst1.RecordCount> 0 then
RST1.MoveFirst
Id = rst1.Fields ("id ")
Do while not rst1.EOF
Listbox3.addItem rst1.Fields ("bmName"), cint (rst1.Fields ("id "))
"Response. Write rst1.Fields (" bmname ") & rst1.Fields (" id ")
Rst1.MoveNext
Loop
End if
Rst1.Close
Rst1.Open "select zgsname from zgs where bmid =" & id, cnn1, 1,1, ad1_text
If rst1.RecordCount> 0 then
Rst1.MoveFirst
Do while not rst1.EOF
Listbox4.addItem cstr (rst1.Fields ("zgsname "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Cnn1.close
Call writerst
End if
End function
..................
'Credential Accounting
Sub button2_onclick
Dim s
S = Listbox1.selectedIndex
Response. Write s
End sub
Sub listbox3_onchange
Dim id, I
I = Listbox4.getCount ()
Do while I>-1
Call Listbox4.removeItem (I)
I = I-1
Loop
Id = listbox3.getValue (listbox3.selectedIndex)
Set cnn2 = server. CreateObject ("adodb. connection ")
Set rst2 = server. CreateObject ("adodb. recordset ")
Cnn2.CursorLocation = 3
Cnn2.ConnectionTimeout = 30
Cnn2.Open "DSN = jky"
Rst2.Open "select zgsName from zgs where bmid =" & id, cnn2, 1, 1, ad1_text
If rst2.RecordCount> 0 then
RST2.MoveFirst
Do while not rst2.EOF
Listbox4.addItem cstr (rst2.Fields ("zgsName "))
Rst2.MoveNext
Loop
End if
Rst2.Close
Cnn2.Close
End sub
Sub button2_onclick
Set cnn5 = server. CreateObject ("adodb. connection ")
Cnn5.CursorLocation = 3
Cnn5.ConnectionTimeout = 30
Cnn5.Open "DSN = jky"
Cnn5.Execute "insert into jzpz (bm, zgs, xmz, xm, sr, zc, szfx, szxs, rq, jbr, lrr, szsm) select bm, zgs, xmz, xm, sr, zc, szfx, szxs, rq, jbr,

Lrr, szsm from wjzpz where lrr = "" & session ("username") &"
Cnn5.Execute "delete from wjzpz where lrr =" "& session (" username ") &""
End sub
3. Data Query (hierarchical permission Control)
Query with the credential field as the condition. There is a box before the selection condition for "√", where the "department" condition is required (automatically added by the Program ), the Department content is automatically set by the program based on the user's permissions.

Call the corresponding value from the database. The branch content is automatically adjusted according to the Department. Some programs are as follows:
...............
'Enter the corresponding query interface based on the permission value.
...............
Function thisPage_onenter ()
Set cnn1 = server. CreateObject ("adodb. connection ")
Set rst1 = server. CreateObject ("adodb. recordset ")
Cnn1.CursorLocation = 3
Cnn1.ConnectionTimeout = 30
Cnn1.Open "dsn = jky"
Select case session ("Tright ")
Case "3" "Associate Dean
Rst1.Open "select bm. bmName from jk_user, bm where JK_user.bmid = bm. id and jk_user.username =" "& session (" username ")

& "", Cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
RST1.MoveFirst
Do while not rst1.EOF
Listbox1.addItem cstr (rst1.Fields ("bmName "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Rst1.Open "select zgsname from zgs", cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
Rst1.MoveFirst
Do while not rst1.EOF
Listbox2.addItem cstr (rst1.Fields ("zgsname "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Cnn1.close
Checkbox1.setChecked (true)
Case "2" "department manager
Listbox1.addItem session ("bm ")
Rst1.Open "select zgsname from zgs where bmid =" & session ("bmid"), cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
Rst1.MoveFirst
Do while not rst1.EOF
Listbox2.addItem cstr (rst1.Fields ("zgsname "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Cnn1.close
Checkbox1.setChecked (true)
"Checkbox1.0
Case "1" "Accounting
Rst1.Open "select bmName from bm", cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
RST1.MoveFirst
Do while not rst1.EOF
Listbox1.addItem cstr (rst1.Fields ("bmName "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Rst1.Open "select zgsname from zgs", cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
Rst1.MoveFirst
Do while not rst1.EOF
Listbox2.addItem cstr (rst1.Fields ("zgsname "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Cnn1.close
Case "4" "President
Rst1.Open "select bmName from bm", cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
RST1.MoveFirst
Do while not rst1.EOF
Listbox1.addItem cstr (rst1.Fields ("bmName "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Rst1.Open "select zgsname from zgs", cnn1, 1, 1, ad1_text
If rst1.RecordCount> 0 then
Rst1.MoveFirst
Do while not rst1.EOF
Listbox2.addItem cstr (rst1.Fields ("zgsname "))
Rst1.MoveNext
Loop
End if
Rst1.Close
Cnn1.close
End select
End if
............
End function
'Query creden' by permission
Sub button1_onclick
Dim rst2, cnn2, str, I
Dim bm (1), zgs (1), xmz (1), xm (1), szfx (1), szxs (1), rq (2), jbr (1)
Bm (0) = Checkbox1.getChecked ()
If bm (0) then
Bm (1) = Listbox1.getText (Listbox1.selectedIndex)
Str = "and bm =" "& bm (1) &""
End if
Zgs (0) = Checkbox2.getChecked ()
If zgs (0) then
Zgs (1) = Listbox2.getText (Listbox2.selectedIndex)
Str = str & "and zgs =" "& zgs (1) &""
End if
Xmz (0) = Checkbox3.getChecked ()
If xmz (0) then
Xmz (1) = trim (txtxmz. value)
Str = str & "and xmz like" % "& xmz (1) &" % ""
End if
Xm (0) = Checkbox4.getChecked ()
If xm (0) then
Xm (1) = trim (tztxm. value)
Str = str & "and xm like" % "& xm (1) &" % ""
End if
Szfx (0) = Checkbox5.getChecked ()
If szfx (0) then
Szfx (1) = Listbox3.getText (Listbox3.selectedIndex)
Str = str & "and szfx =" "& szfx (1) &""
End if
Szxs (0) = Checkbox6.getChecked ()
If szxs (0) then
Szxs (1) = Listbox4.getText (Listbox4.selectedIndex)
Str = str & "and szxs =" "& szxs (1) &""
End if
Jbr (0) = Checkbox8.getChecked ()
If jbr (0) then
Jbr (1) = trim (txtjbr. value)
Str = str & "and jbr like" % "& jbr (1) &" % ""
End if
Set cnn2 = server. CreateObject ("adodb. connection ")
Set rst2 = server. CreateObject ("adodb. recordset ")
Cnn2.CursorLocation = 3
Cnn2.ConnectionTimeout = 30
Cnn2.Open "dsn = jky"
Response. Write "<table border =" 1 "cellPadding = 0 cellSpacing = 0 width =" 650 "height =" 33 ">"
Response. Write "<tr>"
Response. Write "<td width =" 100% "colspan =" 6 "height =" 44 "align =" middle "bgcolor = lightblue>"
Response. Write "<p align =" center "> <B> <font color =" #000084 "> credit card column table"
Response. Write "</font> </B> </p> </td> </tr>"
Response. Write "<tr>"
Response. Write "<td width =" 15% "bgcolor = lightsteelblue>"
Response. Write "department </td>"
Response. Write "<td width =" 20% "bgcolor = lightsteelblue>"
Response. Write "subsidiary </td>"
Response. Write "<td width =" 15% "bgcolor = lightsteelblue>"
Response. Write "Project Team </td>"
Response. Write "<td width =" 15% "bgcolor = lightsteelblue>"
Response. Write "project name/Contract No. </td>"
Response. Write "<td width =" 15% "bgcolor = lightsteelblue>"
Response. Write "revenue (RMB) </td>"
Response. Write "<td width =" 15% "bgcolor = lightsteelblue>"
Response. Write "expenditure amount (RMB) </td> </tr>"
If session ("Tright") = "1" then
"Response. Write" AAAAAAAA"
Rst2.Open "select * from jzpz where id> 0 and lrr =" "& session (" username ") &" "& str, cnn2, 1, 1, ad1_text
Else
"Response. Write" FFFFFFFFFFFFF"
Rst2.Open "select * from jzpz where id> 0" & str, cnn2, 1,1, ad1_text
End if
If rst2.RecordCount> 0 then
Rst2.MoveFirst
Rst2.PageSize = 20
Rst2.AbsolutePage = 1
I = 0
Do while not rst2.EOF and I <rst2.PageSize
Response. Write "<tr>"
Response. Write "<td width =" 15% "bgcolor = lightgrey>" & rst2.Fields ("bm") & "</td>"
Response. Write "<td width =" 15% "bgcolor = lightgrey>" & rst2.Fields ("zgs") & "</td>"
Response. Write "<td width =" 15% "bgcolor = lightgrey>" & rst2.Fields ("xmz") & "</td>"
Response. Write "<td width =" 15% "bgcolor = lightgrey> <a href =" FMjz1.asp? Id = "& rst2.Fields (" id ") &""

Target = "_ blank"> "& rst2.Fields (" xm ") &" </a> </td>"
Response. Write "<td width =" 5% "bgcolor = lightgrey>" & rst2.Fields ("sr") & "</td>"
Response. Write "<td width =" 5% "bgcolor = lightgrey>" & rst2.Fields ("zc") & "</td>"
Response. Write "</tr>"
I = I + 1
Rst2.MoveNext
Loop
End if
Response. Write "</table>"
Response. Write "</div>"
J = rst2.PageCount
Response. Write "<P align = center> <B> total pages :"
For I = 1 to j
Response. Write "<a href =" Fmjzpzck1.asp? ID = "& I &" "target =" _ blank ">" & I & "</a> "&""
If j mod 10 = 0 then
Response. Write "<br>"
End if
Next
Response. Write "</B> </p>"
Rst2.Close
Cnn2.Close
............
End sub
The application can perform custom queries based on the user's permissions according to the user's requirements. The system runs on win NT, IIS4.0, win98, and PWS.