Implementing hierarchical privilege control with ASP

This article realizes is a billing management system classification Authority control, the program uses the ASP and the JavaScript to write, runs on the win NT Server which is equipped with IIS4.0, fast, easy to maintain.

The permission levels are divided as follows:

①, Dean and finance chief: Can not enter, unlimited inquiries, statistics;

②, Vice President: Can not be entered, inquiries, statistics of its departments in charge of the accounts;

③, department leaders: can not be entered, inquiries, statistics of the department's accounts;

④, Accounting: Can enter the accounts of various departments (an accounting sometimes to do several departments of the account), can only query, statistics of their own input accounts.

The databases and fields involved are as follows

①, Jk_user database and fields: ID (serial number), Bmid (department number), username (username), pwd (password), right (permission value);

②, BM Database and fields: ID (serial number), Bmid (department number);

③, JZPZ databases and fields: ID (serial number), BM (department), ZGS (subsidiary), XMZ (Project team), XM (Project), SR (income), ZC (expenditure), SZFX (revenue direction), Szxs (Income form), RQ (date), JBR (operator), LRR (input person), SZSM (income statement);

④, Zgs database and fields: ID (serial number), ZGS (subsidiary) name (company name), Bmid (department number).

1. First, authenticate the legality of user identity

Compare user names and passwords submitted by users against fields in database Jk_user, to determine its legality, only legitimate users (the system administrator for its open transfer) can enter, the legitimate user has four kinds of permission levels, respectively, given "1", "2", "3", "4" four kinds of rights values. (Cheng).

2. Voucher Accounting (Hierarchical rights Control)

Voucher Accounting function is designed for accountants, other people can not use, such as as a non-accounting personnel into the credentials entry interface, only the "Query Accounting voucher" function button visible, other function buttons are not visible. Entry vouchers are stored in a temporary table, known as the "No Accounting voucher library", only after the "voucher accounting" feature has been run into the voucher library the vouchers in the "No Accounting voucher library" can be modified. Some of the procedures are as follows:

' Non-accountants entry, no ' voucher accounting ' and ' save non-billing vouchers ' feature button

if (thispage.firstentered) then
If session ("Tright") <> "1" Then
Button1.hide
Button2.hide
End If
............
' Auto fill time and operator
Textbox7.value=year (date) & "-" & Month (date) & "-" & Day (date)
Textbox9.value =session ("username")
Set Cnn1=server. CreateObject ("Adodb.connection")
Set Rst1=server. CreateObject ("Adodb.recordset")
Cnn1. Cursorlocation=3
Cnn1. ConnectionTimeout =30
Cnn1. Open "Dsn=jky"
Rst1. Open "SELECT * from BM", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
RST1. MoveFirst
Id=rst1. Fields ("id")
Do as not rst1. Eof
Listbox3.additem Rst1. Fields ("Bmname"), CInt (Rst1. Fields ("id"))
"Response.Write Rst1. Fields ("Bmname") & Rst1. Fields ("id")
Rst1. MoveNext
Loop
End If
Rst1. Close
Rst1. Open "Select Zgsname from Zgs where bmid=" & Id,cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
Rst1. MoveFirst
Do as not rst1. Eof
Listbox4.additem CStr (Rst1. Fields ("Zgsname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Cnn1.close
Call Writerst
End If
End Function
..................
' Voucher accounting
Sub Button2_onclick
Dim s
S=listbox1.selectedindex
Response.Write S
End Sub
Sub Listbox3_onchange
Dim id,i
I=listbox4.getcount ()
Do While I>-1
Call Listbox4.removeitem (i)
I=i-1
Loop
Id=listbox3.getvalue (Listbox3.selectedindex)
Set Cnn2=server. CreateObject ("Adodb.connection")
Set Rst2=server. CreateObject ("Adodb.recordset")
Cnn2. Cursorlocation=3
Cnn2. ConnectionTimeout =30
Cnn2. Open "Dsn=jky"
Rst2. Open "Select Zgsname from Zgs where bmid=" & Id,cnn2,1,1,adcmdtext
If Rst2. RecordCount >0 Then
RST2. MoveFirst
Do as not rst2. Eof
Listbox4.additem CStr (rst2. Fields ("Zgsname"))
Rst2. MoveNext
Loop
End If
Rst2. Close
Cnn2. Close
End Sub
Sub Button2_onclick
Set Cnn5=server. CreateObject ("Adodb.connection")
Cnn5. Cursorlocation=3
Cnn5. ConnectionTimeout =30
Cnn5. Open "Dsn=jky"
Cnn5. Execute "INSERT into Jzpz (BM,ZGS,XMZ,XM,SR,ZC,SZFX,SZXS,RQ,JBR,LRR,SZSM) Select Bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq, Jbr,lrr,szsm from Wjzpz where lrr= "" & Session ("username") & ""
Cnn5. Execute ' Delete from Wjzpz where lrr= ' & Session ("username") & ""
End Sub