最近做一个项目涉及到权限问题,本来一个简单的问题就变得很麻烦。想了很久,完善了权限管理的方法。写于此,以便以后查询。
由于权限涉及人的身份 和 权限。 在事物中,权利和身份是非常明确而且客观存在的。
所以应当把权限管理分成3个部分:权利,身份和其之间的关系。
例如最近设计的程序:
这样做有个好处就是,无论以后怎么改变都不会影响其它的模块。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Xml;
using System.Web.UI;
/// <summary>
///RightsManagement 的摘要说明
/// </summary>
public class RightsManagement
{
public RightsManagement()
{
//
//TODO: 在此处添加构造函数逻辑
//
}
const string path = "./xml/Authorization.xml";
public enum rights
{
newProgram,
checkCost,
AdminManagement,
ShipInfo,
revert,
factoryCheck
}
private XmlDocument Xml(string path)
{
XmlDocument xml = new XmlDocument();
xml.Load(System.Web.HttpContext.Current.Server.MapPath(path));
return xml;
}
//判断是否有输入权限
private void validatingRightOfNewProgram(string userId, List<rights> rightList)
{
string rightsItem = "/Authoriztion/NewProgram";
string userIds = getUserForRightsItem(rightsItem);
rights right = rights.newProgram;
AddRight(userId, userIds, right, rightList);
}
//判断是否有查看费用权限
private void validatingRightOfCheckCost(string userId, List<rights> rightList)
{
string rightsItem = "/Authoriztion/checkCost";
string userIds = getUserForRightsItem(rightsItem);
rights right = rights.checkCost;
AddRight(userId, userIds, right, rightList);
}
//权限管理
private void validatingRightOfAdminManagement(string userId, List<rights> rightList)
{
string rightsItem = "/Authoriztion/AdminMangagement";
string userIds = getUserForRightsItem(rightsItem);
rights right = rights.AdminManagement;
AddRight(userId, userIds, right, rightList);
}
//填写船信息的权限
private void validatingRightOfShipInfo(string userId, List<rights> rightList)
{
string rightsItem = "/Authoriztion/ShipInfo";
string userIds = getUserForRightsItem(rightsItem);
rights right = rights.ShipInfo;
AddRight(userId, userIds, right, rightList);
}
//拥有所有项目的回复权限
private void validatingRightOfRevert(string userId, List<rights> rightList)
{
string rightsItem = "/Authoriztion/Revert";
string userIds = getUserForRightsItem(rightsItem);
rights right = rights.revert;
AddRight(userId, userIds, right, rightList);
}
//设置拥有填写厂商权限
private void validatingRightOfFactoryCheck(string userId, List<rights> rightList)
{
string rightsItem = "/Authoriztion/FactoryCheck";
string userIds = getUserForRightsItem(rightsItem);
rights right = rights.factoryCheck;
AddRight(userId, userIds, right, rightList);
}
private string getUserForRightsItem(string rightItem)
{
XmlDocument xml = Xml(path);
XmlNode node = xml.SelectSingleNode(rightItem);
return node.InnerText.Trim();
}
private void AddRight(string userId, string usersOfRightItem, rights right, List<rights> rightList)
{
if (usersOfRightItem.ToLower().IndexOf(userId.Trim().ToLower()) > -1)
{
rightList.Add(right);
}
}
public bool whetherHaveRight(string userId, rights right, Page page)
{
List<rights> rightList = new List<rights>();
RightListForPersonal(userId, rightList, page);
if (rightList.IndexOf(right) > -1)
{
return true;
}
else
{
return false;
}
}
private void RightListForPersonal(string userId,List<rights> rightList,Page page)
{
if (page.Session["Right"] == null)
{
validatingRightOfNewProgram(userId, rightList);
validatingRightOfCheckCost(userId, rightList);
validatingRightOfAdminManagement(userId, rightList);
validatingRightOfShipInfo(userId, rightList);
validatingRightOfRevert(userId, rightList);
validatingRightOfFactoryCheck(userId, rightList);
page.Session["Right"] = rightList;
}
else
{
rightList = (List< rights >) page.Session["Right"];
}
}
2、在管理软件的流程上,不应该是每一个步骤需要一个审核人,这样做流程就会卡在某个人那里,如果他没有审核就永远挂在那里。这种设计的方法是不对的。
应该是给予一个讨论空间,最后由多方共同确立关闭。这样就不会卡在某个流程中走不出来。如果不确定关闭也不会影响工作进度。