如何实现用户是否有访问页面的权限,我们可以在asp.net的Page_Load中,取得当前网页名称与当前用户,来检查到用户是否有对此页访问权。
可以通过检索[UsersRole]表和[UsersModule]表,是否有相关记录,如果有即有访问权限,反之,即是拒绝访问。
存储过程:
![](https://images.cnblogs.com/OutliningIndicators/ContractedBlock.gif)
![ExpandedBlockStart.gif](https://images.cnblogs.com/OutliningIndicators/ExpandedBlockStart.gif)
SET
ANSI_NULLS
ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [ dbo ] . [ usp_CheckAuthorizationForAccessPages ]
(
@UsersId int ,
@PagesId int
)
AS
DECLARE @UsersRoleCount int , @UsersModuleCount int , @Result bit
-- 检索用户所属角色
SELECT @UsersRoleCount = ( SELECT COUNT ( * ) FROM [ UsersRole ] UR INNER JOIN [ RolePages ] RP ON UR. [ RoleId ] = RP. [ RoleId ] WHERE UR. [ IsEnable ] = 1 AND RP. [ IsEnable ] = 1 AND UR. [ UsersId ] = @UsersId AND RP. [ PagesId ] = @PagesId )
-- 检索用户拥有访问的模块
SELECT @UsersModuleCount = ( SELECT COUNT ( * ) FROM [ UsersModule ] UM INNER JOIN [ ModulePages ] MP ON UM. [ ModuleId ] = MP. [ ModuleId ] WHERE UM. [ Purview ] > 0 AND MP. [ IsEnable ] = 1 AND UM. [ UsersId ] = @UsersId AND MP. [ PagesId ] = @PagesId )
IF ( @UsersRoleCount > 0 OR @UsersModuleCount > 0 )
-- 拥有访问权
SET @Result = 1
ELSE
-- 访问拒绝
SET @Result = 0
RETURN @Result
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [ dbo ] . [ usp_CheckAuthorizationForAccessPages ]
(
@UsersId int ,
@PagesId int
)
AS
DECLARE @UsersRoleCount int , @UsersModuleCount int , @Result bit
-- 检索用户所属角色
SELECT @UsersRoleCount = ( SELECT COUNT ( * ) FROM [ UsersRole ] UR INNER JOIN [ RolePages ] RP ON UR. [ RoleId ] = RP. [ RoleId ] WHERE UR. [ IsEnable ] = 1 AND RP. [ IsEnable ] = 1 AND UR. [ UsersId ] = @UsersId AND RP. [ PagesId ] = @PagesId )
-- 检索用户拥有访问的模块
SELECT @UsersModuleCount = ( SELECT COUNT ( * ) FROM [ UsersModule ] UM INNER JOIN [ ModulePages ] MP ON UM. [ ModuleId ] = MP. [ ModuleId ] WHERE UM. [ Purview ] > 0 AND MP. [ IsEnable ] = 1 AND UM. [ UsersId ] = @UsersId AND MP. [ PagesId ] = @PagesId )
IF ( @UsersRoleCount > 0 OR @UsersModuleCount > 0 )
-- 拥有访问权
SET @Result = 1
ELSE
-- 访问拒绝
SET @Result = 0
RETURN @Result