First, the term description:
1. User and role:
The user and role is the basic unit of use of permissions, and the role is a set of users with the same limit.
There is no mutual community relationship between users and users, which can only belong to a role, and the role can be affiliated with other roles and can be a multi-subject relationship.
2. Application module
The application module usually refers to a page (in the web) such as the statistics report page, the user information page, and more.
3. Operation
That is, it means whether to have access to a function in the application module. If the user information page changes, delete functions, etc.
4. Authorize
Refers to whether a user role can have an execution license. The license performed here is the three states of authorization: grant, refuse, inherit.
Grant: User role has execution power to an operation of the application module.
Reject: User role does not have execution power on an operation of the application module.
Inheritance: Whether the user role to the application module has execute power depends on whether its parent role is performing power to the specified operation of the application module.
Second, the use of E-R map
Third, let's write a class to get the user's ability to perform capacity on the application module or an action.
Class name
Roles
Createrole
Create a new role
Deleterole
Delete role
AddUsertorole
Add users to the role
RemoveUserFromrole
Remove the user from the role
ISuserinrole
Judging whether the user is in the role
Roleexists
Judging whether the role exists
GetPowerForrole
Get the license of the role
IsroleinPower
Determine whether the specified role has the corresponding permissions
...
IF (Roles.IsRoleinPower ("User", "Application Modules or Actions"))
{
Alert ("You can do this module or action");
}
Else
{
Alert ("No right to perform the application module or operation");
}
Original address:
Http://www.cnblogs.com/helimin19/archive/2005/03/18/121061.html
