Recently, I have made a day-to-day office management project that I think is successful. All procedures are written with ASP. Considering the previous permissions control is not very successful, this time redesigned the privilege control section, all permission control verification roles The associated function, the initialization role is placed in a page popedom.asp.
Since the user's permissions role are stored in the database user permission table, you can perceive the contents of the permissions: User -> Roles, now, my solution is to store user-> roles in Dictionary and as global variables (here The global variable means Page Level, if the global variables of the Application level should be better, but if excessive use will have a negative effect, this will reduce the performance of the web server).
Here you use a practical user, the role explains:
Jane is a member belonging to multiple project groups: project A, project B, project C
John belongs to projects B and C
Emily belongs to project a
==========================
1. Separate the user role and role verification separation:
With the Recordset query, all users and roles are stored in the DIC, and their correspondence is user -> roles. If you want to verify the role of one or more users, you only need to operate the DIC, this separation is not : Help the readability and maintenance of the code.
2. Avoid multiple queries and verification: You want to know if John is a member of the project B, OK! You query John permissions in the RecordSet permission table, in another place, you want to know if Jane and Emily are members of the project A, you have queried a permission table with Recordset, there is a problem! Who will do this? Multiple operation of Recordset query privilege is clearly unmused, saving all users and roles in DIC, and when you need to query a person's role, you only need to get from the DIC.
Briefly illustrate these two points, just a little understanding in actual development, please communicate with me: Yjgx@sina.com
