using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
/**//// <summary>
/// 用户权限的设计
/// 可以对用户添加角色,也可以对用户单独设置权限,互不影响;最后把角色的权限和用户单独的权限结合到一块成为用户的权限;
/// 最后返回用户功能时会有重复,使用时可以创建一个视图,对重复数据使用“distinct”过滤即可,往useraction表中添加“拒绝功能”时必须删除已经存在的这个功能
/// </summary>
public class ActionOperate
{
internal readonly string connstring = "server=.;database=stoa;uid=sa;pwd=;";
internal SqlConnection scn;
internal SqlCommand scm;
public ActionOperate()
{
//
// TODO: 在此处添加构造函数逻辑
//
scn = new SqlConnection(this.connstring);
scm = new SqlCommand();
scm.Connection = scn;
}
//
/**//// <summary>
/// sql通用操作
/// </summary>
/// <param name="sqlCommandText"></param>
public void DbOperate(string sqlCommandText)
{
try
{
scm.CommandText = sqlCommandText;
scn.Open();
scm.ExecuteNonQuery();
}
catch (Exception ex)
{
HttpContext.Current.Response.Write(ex.Message);
}
finally
{
scn.Close();
}
}
public DataSet DbDataSet(string sqlCommandText)
{
DataSet ds = new DataSet();
scm.CommandText = sqlCommandText;
SqlDataAdapter sda = new SqlDataAdapter(scm);
sda.Fill(ds);
return ds;
}
//
/**//// <summary>
/// 添加一个角色
/// </summary>
/// <param name="roleName"></param>
public void AddRole(string roleName)
{
DbOperate("insert into roles(role_name) values ('" + roleName + "')");
}
//
/**//// <summary>
/// 删除一个角色
/// </summary>
/// <param name="roleId"></param>
public void DeleteRole(string roleId)
{
this.DbOperate("delete from roles where role_id = " + roleId);
}
//
/**//// <summary>
/// 修改角色
/// </summary>
/// <param name="roleId"></param>
/// <param name="roleNameNew"></param>
public void UpdateRole(string roleId, string roleNameNew)
{
this.DbOperate("update roles set role_name='" + roleNameNew + "' where role_id = " + roleId);
}
//
/**//// <summary>
/// 返回角色dataset
/// </summary>
/// <returns></returns>
public DataSet RoleDataSet()
{
DataSet ds = DbDataSet("select * from roles ");
return ds;
}
//
/**//// <summary>
/// 添加功能
/// </summary>
/// <param name="ActionName"></param>
public void AddAction(string ActionName)
{
DbOperate("insert into Action(Action_name) values ('" + ActionName + "')");
}
//
/**//// <summary>
/// 删除功能
/// </summary>
/// <param name="ActionId"></param>
public void DeleteAction(string ActionId)
{
this.DbOperate("delete from Action where Action_id = " + ActionId);
}
//
/**//// <summary>
/// 修改功能
/// </summary>
/// <param name="ActionId"></param>
/// <param name="ActionNameNew"></param>
public void UpdateAction(string ActionId, string ActionNameNew)
{
this.DbOperate("update Actions set Action_name='" + ActionNameNew + "' where Action_id = " + ActionId);
}
//
/**//// <summary>
/// 添加角色功能
/// </summary>
/// <param name="roleId"></param>
/// <param name="actionId"></param>
public void AddRoleAction(string roleId, string actionId)
{
DbOperate("insert into roles_action(role_id,action_id) values (" + roleId + "," + actionId + ")");
}
//
/**//// <summary>
/// 删除角色功能
/// </summary>
/// <param name="roleId"></param>
/// <param name="actionId"></param>
public void DeleteRoleAction(string roleId, string actionId)
{
this.DbOperate("delete from roles_action where role_id=" + roleId + " and action_id = " + actionId);
}
//
/**//// <summary>
/// 添加或拒绝用户使用某个功能
/// </summary>
/// <param name="userId"></param>
/// <param name="actionId"></param>
/// <param name="refsevalue_0_or_1">0表示用户拥有这个功能,1表示被拒绝的权限</param>
public void AddUserAction(string userId, string actionId, string refsevalue_0_or_1)
{
DeleteUserAction(userId, actionId);
DbOperate("insert into user_action(user_id,action_id,refuse) values (" + userId + "," + actionId + "," + refsevalue_0_or_1 + ")");
}
/**//// <summary>
/// 删除用户功能
/// </summary>
/// <param name="userId"></param>
/// <param name="actionId"></param>
/// <param name="refsevalue_0_or_1">0表示用户拥有这个功能,1表示被拒绝的权限</param>
public void DeleteUserAction(string userId, string actionId, string refsevalue_0_or_1)
{
this.DbOperate("delete from user_action where refuse=" + refsevalue_0_or_1 + " and user_id=" + userId + " and action_id = " + actionId);
}
public void DeleteUserAction(string userId, string actionId)
{
this.DbOperate("delete from user_action where user_id=" + userId + " and action_id = " + actionId);
}
//
/**//// <summary>
/// 添加用户角色
/// </summary>
/// <param name="userId"></param>
/// <param name="roleId"></param>
public void AddUserRole(string userId, string roleId)
{
DbOperate("insert into user_role(user_id,role_id) values (" + userId + "," + roleId + ")");
}
//
/**//// <summary>
/// 删除用户角色
/// </summary>
/// <param name="userId"></param>
/// <param name="roleId"></param>
public void DeleteUserRole(string userId, string roleId)
{
this.DbOperate("delete from user_role where user_id=" + userId + " and role_id = " + roleId);
}
//
/**//// <summary>
/// 返回用户是否有某个功能
/// </summary>
/// <param name="userId"></param>
/// <param name="actionId"></param>
/// <returns></returns>
public bool HasAction(string userId, string actionId)
{
return UserActionDs(userId).Tables[0].Select("action_id=" + actionId).Length > 0;
}
/**//// <summary>
/// 返回某个用户的所有功能
/// </summary>
/// <param name="userId"></param>
/// <returns></returns>
public DataSet UserActionDs(string userId)
{
string sqlcommand = " select action_id from user_action where refuse=0 and user_id=" + userId +
" union " +
" select role_action.action_id from role_action,user_role where user_role.role_id=role_action.role_id and user_role.user_id=" + userId +
" and role_action.action_id not in (select action_id from user_action where user_id="+userId+" and refuse=1)";
DataSet ds = DbDataSet(sqlcommand);
return ds;
}
}
数据库
posted on
2007-08-30 16:12
GO-NET
阅读(
406)
评论()
编辑
收藏
举报
