Permission component implementation (Continued 3) (PostgreSQL)

Call dbpermission to determine permissions:

First, the program will call getdenyrule and getacceptrule of permission to obtain blocked or accepted rules.

Then, you can determine whether you have permissions one by one.

Currently, dbpermission does not contain denyrule, and acceptrule has only one ruleimpl.

The Judgment Rule of ruleimpl is to obtain the attribute corresponding to the same permission in the getpermissionprop attribute of the role for judgment,

If you do not have this attribute, you do not have the permission. if an attribute exists, you can determine whether the permissionitem (the permission item to be judged) of the permission matches the attribute corresponding to the role to determine whether the permission item can pass.

Of course, you can set the permissionprop of role in different ways during inheritance.

The permissionprop of the current dbrole is obtained from the tblpermissionrole table.

For example:

Tblrole table: ID name .................. 1 Finance

Tblpermission table ID permission subpermission property .....................

1 machine read Department; sex

2 measure null

Tblpermissionrole table ID role_id permission Properties

1 1 Machine: Read Department; 2; sex; 2

2 2 measure null

In the preceding example, role 1 has the machine: read permission when department is 2 and sex is 2,

Regardless of the parameter, you have the measure permission.