检查用户是否有访问权限
如何实现用户是否有访问页面的权限,我们可以在asp.net的Page_Load中,取得当前网页名称与当前用户,来检查到用户是否有对此页访问权。
可以通过检索[UsersRole]表和[UsersModule]表,是否有相关记录,如果有即有访问权限,反之,即是拒绝访问。
存储过程:
代码
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dbo].[usp_CheckAuthorizationForAccessPages]
(
@UsersId int,
@PagesId int
)
AS
DECLARE @UsersRoleCount int,@UsersModuleCount int, @Result bit
--检索用户所属角色
SELECT @UsersRoleCount =(SELECT COUNT(*) FROM [UsersRole] UR INNER JOIN [RolePages] RP ON UR.[RoleId] = RP.[RoleId] WHERE UR.[IsEnable] = 1 AND RP.[IsEnable] = 1 AND UR.[UsersId] = @UsersId AND RP.[PagesId] = @PagesId )
--检索用户拥有访问的模块
SELECT @UsersModuleCount =(SELECT COUNT(*) FROM [UsersModule] UM INNER JOIN [ModulePages] MP ON UM.[ModuleId] = MP.[ModuleId] WHERE UM.[Purview] > 0 AND MP.[IsEnable] = 1 AND UM.[UsersId] = @UsersId AND MP.[PagesId] = @PagesId )
IF (@UsersRoleCount > 0 OR @UsersModuleCount > 0)
--拥有访问权
SET @Result = 1
ELSE
--访问拒绝
SET @Result = 0
RETURN @Result
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dbo].[usp_CheckAuthorizationForAccessPages]
(
@UsersId int,
@PagesId int
)
AS
DECLARE @UsersRoleCount int,@UsersModuleCount int, @Result bit
--检索用户所属角色
SELECT @UsersRoleCount =(SELECT COUNT(*) FROM [UsersRole] UR INNER JOIN [RolePages] RP ON UR.[RoleId] = RP.[RoleId] WHERE UR.[IsEnable] = 1 AND RP.[IsEnable] = 1 AND UR.[UsersId] = @UsersId AND RP.[PagesId] = @PagesId )
--检索用户拥有访问的模块
SELECT @UsersModuleCount =(SELECT COUNT(*) FROM [UsersModule] UM INNER JOIN [ModulePages] MP ON UM.[ModuleId] = MP.[ModuleId] WHERE UM.[Purview] > 0 AND MP.[IsEnable] = 1 AND UM.[UsersId] = @UsersId AND MP.[PagesId] = @PagesId )
IF (@UsersRoleCount > 0 OR @UsersModuleCount > 0)
--拥有访问权
SET @Result = 1
ELSE
--访问拒绝
SET @Result = 0
RETURN @Result
