First, the term description:
1. User and role:
The user and role is the basic unit of use of permissions, and the role is a set of users with the same limit.
There is no mutual community relationship between users and users, which can only belong to a role, and the role can be affiliated with other roles and can be a multi-subject relationship.
2. Application module
The application module usually refers to a page (in the web) such as the statistics report page, the user information page, and more.
3. Operation
That is, it means whether to have access to a function in the application module. If the user information page changes, delete functions, etc.
4. Authorize
Refers to whether a user role can have an execution license. The license performed here is the three states of authorization: grant, refuse, inherit.
Grant: User role has execution power to an operation of the application module.
Reject: User role does not have execution power on an operation of the application module.
Inheritance: Whether the user role to the application module has execute power depends on whether its parent role is performing power to the specified operation of the application module.
Second, the use of E-R map
Third, let's write a class to get the user's ability to perform capacity on the application module or an action.
Roles CreateRole class name to create a new role DeleteRole remove a role AddUserToRole add users to the role RemoveUserFromRole the user to remove the user from the role IsUserInRole determine whether the role RoleExists determine whether there is a role to get permission GetPowerForRole role IsRoleInPower determine whether the specified role There is corresponding permissions ...
IF (Roles.IsRoleinPower ("User", "Application Modules or Actions"))
{
Alert ("You can do this module or action");
}
Else
{
Alert ("No right to perform the application module or operation");
}
