Using ASP to implement hierarchical privilege control _ application technique

Implementing hierarchical privilege control with ASP
This article realizes is a billing management system classification Authority control, the program uses the ASP and the JavaScript to write, runs on the win NT Server which is equipped with IIS4.0, fast, easy to maintain.
The permission levels are divided as follows:
①, Dean and finance chief: Can not enter, unlimited inquiries, statistics;
②, Vice President: Can not be entered, inquiries, statistics of its departments in charge of the accounts;
③, department leaders: can not be entered, inquiries, statistics of the department's accounts;
④, Accounting: Can enter the accounts of various departments (an accounting sometimes to do several departments of the account), can only query, statistics of their own input accounts.
The databases and fields involved are as follows
①, Jk_user database and fields: ID (serial number), Bmid (department number), username (username), pwd (password), right (permission value);
②, BM Database and fields: ID (serial number), Bmid (department number);
③, Jzpz database and fields: ID (serial number), BM (department), ZGS (subsidiary), XMZ (project group), XM (Project), SR (income), ZC (expenditure), SZFX (revenue and expenditure direction), SZXS (income and expenditure),
RQ (date), JBR (operator), LRR (input), SZSM (Statement of income and expenditure);
④, Zgs database and fields: ID (serial number), ZGS (subsidiary) name (company name), Bmid (department number).
1. First, authenticate the legality of user identity
The user's user name and password submitted by the database Jk_user and control, to determine its legality, only legitimate users (System administrator for its open transfer) can enter, legitimate users have

Four permission levels, respectively, given "1", "2", "3", "4" Four kinds of permission values. (Cheng).
2. Voucher Accounting (Hierarchical rights Control)
Voucher Accounting function is designed for accountants, other people can not use, such as as a non-accounting personnel into the credentials entry interface, only the "Query Accounting vouchers" function button visible, other functions

button is not visible. Entry vouchers are stored in a temporary table, known as the "No Accounting voucher library", only after the "voucher accounting" feature has been run into the voucher library the vouchers in the "No Accounting voucher library" can

Modify. Some of the procedures are as follows:
' Non-accountants entry, no ' voucher accounting ' and ' save non-billing vouchers ' feature button
if (thispage.firstentered) then
If session ("Tright") <> "1" Then
Button1.hide
Button2.hide
End If
............
' Auto fill time and operator
Textbox7.value=year (date) & "-" & Month (date) & "-" & Day (date)
Textbox9.value =session ("username")
Set Cnn1=server. CreateObject ("Adodb.connection")
Set Rst1=server. CreateObject ("Adodb.recordset")
Cnn1. Cursorlocation=3
Cnn1. ConnectionTimeout =30
Cnn1. Open "Dsn=jky"
Rst1. Open "SELECT * from BM", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
RST1. MoveFirst
Id=rst1. Fields ("id")
Do as not rst1. Eof
Listbox3.additem Rst1. Fields ("Bmname"), CInt (Rst1. Fields ("id"))
"Response.Write Rst1. Fields ("Bmname") & Rst1. Fields ("id")
Rst1. MoveNext
Loop
End If
Rst1. Close
Rst1. Open "Select Zgsname from Zgs where bmid=" & Id,cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
Rst1. MoveFirst
Do as not rst1. Eof
Listbox4.additem CStr (Rst1. Fields ("Zgsname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Cnn1.close
Call Writerst
End If
End Function
..................
' Voucher accounting
Sub Button2_onclick
Dim s
S=listbox1.selectedindex
Response.Write S
End Sub
Sub Listbox3_onchange
Dim id,i
I=listbox4.getcount ()
Do While I>-1
Call Listbox4.removeitem (i)
I=i-1
Loop
Id=listbox3.getvalue (Listbox3.selectedindex)
Set Cnn2=server. CreateObject ("Adodb.connection")
Set Rst2=server. CreateObject ("Adodb.recordset")
Cnn2. Cursorlocation=3
Cnn2. ConnectionTimeout =30
Cnn2. Open "Dsn=jky"
Rst2. Open "Select Zgsname from Zgs where bmid=" & Id,cnn2,1,1,adcmdtext
If Rst2. RecordCount >0 Then
RST2. MoveFirst
Do as not rst2. Eof
Listbox4.additem CStr (rst2. Fields ("Zgsname"))
Rst2. MoveNext
Loop
End If
Rst2. Close
Cnn2. Close
End Sub
Sub Button2_onclick
Set Cnn5=server. CreateObject ("Adodb.connection")
Cnn5. Cursorlocation=3
Cnn5. ConnectionTimeout =30
Cnn5. Open "Dsn=jky"
Cnn5. Execute "INSERT into Jzpz (BM,ZGS,XMZ,XM,SR,ZC,SZFX,SZXS,RQ,JBR,LRR,SZSM) Select Bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq, JBR,

Lrr,szsm from Wjzpz where lrr= "" & Session ("username") & ""
Cnn5. Execute ' Delete from Wjzpz where lrr= ' & Session ("username") & ""
End Sub
3. Data query (Hierarchical rights Control)
The field of the voucher for the query, the selection of conditions before the box to play "√", where "department" conditions must be selected (program automatically plus), the Department of the program according to the user's permissions automatically

Call the corresponding value from the database, the branch content according to the subordinate department automatically adjusts, some procedures are as follows:
...............
' Enter the corresponding query interface according to the permission value
...............
function Thispage_onenter ()
Set Cnn1=server. CreateObject ("Adodb.connection")
Set Rst1=server. CreateObject ("Adodb.recordset")
Cnn1. Cursorlocation=3
Cnn1. ConnectionTimeout =30
Cnn1. Open "Dsn=jky"
Select Case session ("Tright")
Case "3" "Vice Dean
Rst1. Open Select Bm.bmname from Jk_user, BM where jk_user.bmid=bm.id and Jk_user.username = "" & Session ("Usernam E ")

& "" ", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
RST1. MoveFirst
Do as not rst1. Eof
ListBox1.AddItem CStr (Rst1. Fields ("Bmname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Rst1. Open "Select Zgsname from Zgs", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
Rst1. MoveFirst
Do as not rst1. Eof
Listbox2.additem CStr (Rst1. Fields ("Zgsname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Cnn1.close
Checkbox1.setchecked (True)
Case "2" "Department manager"
ListBox1.AddItem session ("BM")
Rst1. Open ' Select Zgsname from Zgs where Bmid= ' & Session ("Bmid"), Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
Rst1. MoveFirst
Do as not rst1. Eof
Listbox2.additem CStr (Rst1. Fields ("Zgsname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Cnn1.close
Checkbox1.setchecked (True)
"Checkbox1.0
Case "1" "Accounting
Rst1. Open "Select Bmname from BM", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
RST1. MoveFirst
Do as not rst1. Eof
ListBox1.AddItem CStr (Rst1. Fields ("Bmname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Rst1. Open "Select Zgsname from Zgs", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
Rst1. MoveFirst
Do as not rst1. Eof
Listbox2.additem CStr (Rst1. Fields ("Zgsname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Cnn1.close
Case "4" "Dean"
Rst1. Open "Select Bmname from BM", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
RST1. MoveFirst
Do as not rst1. Eof
ListBox1.AddItem CStr (Rst1. Fields ("Bmname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Rst1. Open "Select Zgsname from Zgs", Cnn1,1,1,adcmdtext
If Rst1. RecordCount >0 Then
Rst1. MoveFirst
Do as not rst1. Eof
Listbox2.additem CStr (Rst1. Fields ("Zgsname"))
Rst1. MoveNext
Loop
End If
Rst1. Close
Cnn1.close
End Select
End If
............
End Function
' Query credentials according to permissions
Sub Button1_onclick
Dim rst2,cnn2,str,i
Dim bm (1), Zgs (1), XMZ (1), XM (1), SZFX (1), Szxs (1), RQ (2), JBR (1)
BM (0) =checkbox1.getchecked ()
If BM (0) Then
BM (1) =listbox1.gettext (Listbox1.selectedindex)
Str= "and bm=" "& BM (1) &" "
End If
Zgs (0) =checkbox2.getchecked ()
If Zgs (0) then
Zgs (1) =listbox2.gettext (Listbox2.selectedindex)
Str=str & "and Zgs =" "& Zgs (1) &" "
End If
XMZ (0) =checkbox3.getchecked ()
If XMZ (0) then
XMZ (1) =trim (txtxmz.value)
Str=str & "and xmz like"% "& Xmz (1) &"% "
End If
XM (0) =checkbox4.getchecked ()
If XM (0) then
XM (1) =trim (tztxm.value)
Str=str & "and XM like"% "& XM (1) &"% "
End If
SZFX (0) =checkbox5.getchecked ()
If SZFX (0) then
SZFX (1) =listbox3.gettext (Listbox3.selectedindex)
STR =str & "and Szfx =" "& Szfx (1) &" "
End If
Szxs (0) =checkbox6.getchecked ()
If Szxs (0) then
Szxs (1) =listbox4.gettext (Listbox4.selectedindex)
STR =str & "and Szxs =" "& Szxs (1) &" "
End If
JBR (0) =checkbox8.getchecked ()
If JBR (0) then
JBR (1) =trim (txtjbr.value)
STR =str & "and jbr like"% "& JBR (1) &"% "
End If
Set Cnn2=server. CreateObject ("Adodb.connection")
Set Rst2=server. CreateObject ("Adodb.recordset")
Cnn2. Cursorlocation=3
Cnn2. ConnectionTimeout =30
Cnn2. Open "Dsn=jky"
Response.Write "<table border=" 1 "cellpadding=0 cellspacing=0 width=" 650 "height=" ">"
Response.Write "<tr>"
Response.Write "<td width=" 100% "colspan=" "6" height= "align=" Middle "bgcolor=lightblue>"
Response.Write "<p align=" center "><b><font color=" #000084 "> Billing voucher List"
Response.Write "</font></b></p></td></tr>"
Response.Write "<tr>"
Response.Write "<td width=" 15% "bgcolor=lightsteelblue>"
Response.Write "Department </td>"
Response.Write "<td width=" 20% "bgcolor=lightsteelblue>"
Response.Write "Subsidiaries </td>"
Response.Write "<td width=" 15% "bgcolor=lightsteelblue>"
Response.Write "Project Team </td>"
Response.Write "<td width=" 15% "bgcolor=lightsteelblue>"
Response.Write "Project name/contract number </td>"
Response.Write "<td width=" 15% "bgcolor=lightsteelblue>"
Response.Write "Amount of revenue (million) </td>"
Response.Write "<td width=" 15% "bgcolor=lightsteelblue>"
Response.Write "expenditure amount (million) </td></tr>"
If session ("tright") = "1" Then
"Response.Write" Aaaaaaaa "
Rst2. Open ' select * from Jzpz where id>0 and Lrr= ' "& Session (" username ") &" "" & Str, Cnn2,1,1,a Dcmdtext
Else
"Response.Write" Fffffffffffff "
Rst2. Open "SELECT * from Jzpz where id>0" & str, Cnn2,1,1,adcmdtext
End If
If Rst2. RecordCount >0 Then
Rst2. MoveFirst
Rst2. PageSize =20
Rst2. AbsolutePage =1
I=0
Do as not rst2. EOF and i< Rst2. PageSize
Response.Write "<tr>"
Response.Write "<td width=" 15% "bgcolor=lightgrey>" & Rst2. Fields ("BM") & "</td>"
Response.Write "<td width=" 15% "bgcolor=lightgrey>" & Rst2. Fields ("Zgs") & "</td>"
Response.Write "<td width=" 15% "bgcolor=lightgrey>" & Rst2. Fields ("Xmz") & "</td>"
Response.Write "<td width=" 15% "Bgcolor=lightgrey><a href=" fmjz1.asp? Id= "& Rst2. Fields ("id") & ""

target= "_blank" > "& Rst2. Fields ("XM") & "</a></td>"
Response.Write "<td width=" 5% "bgcolor=lightgrey>" & Rst2. Fields ("SR") & "</td>"
Response.Write "<td width=" 5% "bgcolor=lightgrey>" & Rst2. Fields ("Zc") & "</td>"
Response.Write "</tr>"
I=i+1
Rst2. MoveNext
Loop
End If
Response.Write "</table>"
Response.Write "</div>"
J= Rst2. PageCount
Response.Write "<p align=center><b> Total number of pages:"
For I=1 to J
Response.Write "<a href=" fmjzpzck1.asp?id= "& I &" "target=" _blank ">" & I & "</a>" & ""
If J MoD 10= 0 Then
Response.Write "<br>"
End If
Next
Response.Write "</b></p>"
Rst2. Close
Cnn2. Close
............
End Sub
Application of the above procedures, according to the user's permissions, in accordance with the requirements of the user to implement customized inquiries, the system in win NT, IIS4.0 and Win98, PWS run through.