Permission storage and Verification

Address: http://www.cnblogs.com/Fenrir/archive/2008/08/23/1274876.html

 

Most applications involve user permissions. What method is used to store and verify required permissions is a common problem.

There are several common methods:

 

Method 1:

Set each permission number, such as 10001,10002, 10003 ...... in the program, you can create an enumeration or multiple constants to correspond to these numbers. In the database structure, use the nchar field to splice the user's permission numbers and store them in this field. Only one string field is required in the object class for storage. To verify the permission, you only need to call the IndexOf function of the permission field to determine whether the permission contains a specific number.

 

Advantages:

1. The storage structure is simple and only one field is needed.

2. Permission verification is also easy.

 

Disadvantages:

1. When there are many permissions, the length of the field needs to be set very large.

2. You cannot verify Multiple permissions at a time.

3. The insert and delete permissions are complex.

 

 

 

Method 2:

A user permission table is used to store user permissions.

For example:

UserPower: user permission table

Id	Label column
PowerId	Permission Id
UserId	User ID

The program can use an enumeration to correspond to the permission Id, and the object class can be stored using arrays or sets. The array needs to be traversed for comparison, you can use the Contains function of the set to query whether the set has specific permissions.

 

Advantages:

1. Easy to insert and delete permissions.

2. Can accommodate any permission.

 

Disadvantages:

1. Difficult to edit.

2. Verification is also very difficult to traverse, and the performance is not high.

 

 

 

Method 3:

Create a Flags type enumeration in the program.

For example:

 

[Flags]
Public enum Power: long
{
None = 0x00000000, // No permission
User_Add = 0x00000001, // Add a user
User_Edit = 0x00000002, // edit user
User_Delete = 0x00000004, // delete a user
User_ALL = 0x00000007, // add, edit, and delete users
News_Add = 0x00000008, // Add news
News_Edit = 0x00000010, // edit news
News_Delete = 0x00000020, // Delete news
News_ALL = 0x00000038, // add, edit, and delete news
Admin_Add = 0x00000040, // Add an administrator
Admin_Edit = 0x00000080, // edit the Administrator
Admin_Delete = 0x00000100, // Delete the Administrator
Admin_ALL = 0x000001C0 // add, edit, and delete Administrators
}

 

The database only needs a bigint field for storage, and the entity class can be represented by a Power attribute. The verification method is very simple to use bitwise operators & for verification, such:

 

1. Verify a single permission

 

Power power1 = Power. Admin_Delete;

User. Power & power1 = power1

 

2. Verify Multiple permissions

 

// Method 1:
Power power1 = Power. Admin_Delete;

Power power2 = Power. News_Edit;

User. Power & (power1 | power2) = (power1 | power2 );

// Method 2:
Power power1 = Power. Admin_Delete | Power. News_Edit;

User. Power & power1 = power1;

 

If the result is true, this permission is granted.

 

 

You can set the permission by using the | in the bitwise operator, for example:

 

User. Power = Power. User_ALL | Power. News_ALL | Power. Admin_Add;

 

You can set three permissions for User_ALL, News_ALL, and Admin_Add. User_ALL includes User_Add, User_Edit, and User_Delete. News_ALL includes News_Add, News_Edit, and News_Delete.

 

If you have any questions, refer to the introduction to Flags enumeration in MSDN.

 

Advantage: The storage structure is simple, and the database uses numeric fields for search, and the storage space is small. It is easy to verify. Multiple permissions can be verified at the same time. The verification speed is very fast and the performance is low.

Disadvantage: the number of permissions that can be stored is limited, and only 64 permissions can be stored (long is 64 digits, each digit represents one permission ).

 

I personally prefer to use the third method. Although the number of permissions is limited, the 64 permissions in general development are sufficient and convenient enough to make up for this defect. Even if the number of permissions exceeds the limit, you can group the permissions, different enumeration types exist in different fields.