Using ASP to implement grading rights Control This article implements the control of the hierarchical permissions in an account management system, the program is written using ASP and JavaScript, running on the WIN NT server with IIS4.0, fast, easy to maintain. The authority level is divided into the following: 1, Dean and Finance Code: You can't enter, you can have no restrictions, statistics; 2, Vice President: Cannot input, can query, statistically the account of the department; 3, department leaders: cannot Enter, you can query, statistics of this department's accounting; 4, accounting: Enter the account of each department (a account sometimes to do a few departments), only query, statistics to the account you entered. The database and fields involved are as follows 1. JK_User Database and Field: ID (Serial Number), BMID (Department Number), UserName (User Name), PWD (Password), Right (Permissions); 2, BM Database and Field: ID (Serial number), BMID (department number); 3, JZPZ database and field: ID (serial number), BM (department), ZGS (subsidiary), XMZ (project group), XM (project), SR (income) , ZC (expenditure), SZFX (Breated Direction), SZXS (Revenue, Date), JBR (Manicure), LRR (Retrieved), SZSM (Report); 4, ZGS Database and Field: ID (serial number), ZGS (subsidiary) Name (company name), BMID (department number). 1. First, user identity legality verify that the username and password submitted by the user are compared to the fields in the database JK_USER, to determine their legitimacy, only legal users (system administrators have opened their own transfer) can enter, legal users have
Four privilege levels respectively give "1", "2", "3", "4" four permissions. (Slightly). 2. Document accounting (grading permission control) Voucher billing function is designed for accounting personnel, others cannot be used, if you enter the voucher entry interface with non-accounting personnel, only the "Query Account Visual Document" function button can be seen, others Features
The button is not visible. The recorded certificate is stored in a temporary table, called "Not Accounting Credential Library", only after running the "Credent Account" function, enter the credentials in the "Not Accounting Document Library"
modify.
Some procedures are as follows: 'Non-accounting people enter, do not display "Voucher Accounting" and "Save Not Accounting Credential" Function Button IF ("TRIGHT") <> "1" Then Button1.hideButton2 .hidend if ......... 'Automatic fill in time and operator TextBox7.Value = Year (Date) & "-" & month (date) & "-" & day (date) textBox9.Value = session ("username") set cnn1 = server.CreateObject ( "adodb.connection") set rst1 = server.CreateObject ( "adodb.recordset") cnn1.CursorLocation = 3cnn1.ConnectionTimeout = 30cnn1.Open "DSN = jky" rst1.Open "select * from bm ", CNN1, 1, 1, AdcmdTextif Rst1.RecordCount> 0 ThenRST1.Movefirst ID = RST1.Fields (" ID ") Do WHILE NOTDIT1.EOFLISTBOX3.ADDITEM RST1.FIELDS (" Bmname "), CINT (Rst1.fields "ID")) "Response.write Rst1.fields (" bmname ") & rst1.fields (" id ") RST1.MOVENEXT LOOPEND IFRST1.CLOSERST1.Open" Select Zgsname from Zgs Where Bmid = "& ID, CNN1, 1 , 1, adcmdtextif rst1.RecordCount> 0 thenrst1.MoveFirst do while not rst1.EOFListbox4.addItem cstr (rst1.Fields ( "zgsname")) rst1.MoveNext loopend ifrst1.Closecnn1.closecall writerstend ifend f unction .................. 'credentials billing sub button2_onclickdim ss = Listbox1.selectedIndexResponse.Write send subsub listbox3_onchangedim id, ii = Listbox4.getCount () do while i> -1call Listbox4.removeItem (i) i = i-1loopid = listbox3.getValue (listbox3.selectedIndex) set cnn2 = server.CreateObject ( "adodb.connection") set rst2 = server.CreateObject ( "adodb.recordset") cnn2.CursorLocation = 3cnn2.ConnectionTimeout = 30cnn2.Open "DSN = jky" Rst2.open "SELECT ZGSNAME from Zgs Where BMID ="
& Id, cnn2,1,1, adcmdtextif rst2.RecordCount> 0 thenRST2.MoveFirst do while not rst2.EOFListbox4.addItem cstr (rst2.Fields ( "zgsName")) rst2.MoveNext loopend ifrst2.Closecnn2.Closeend subsub button2_onclickset cnn5 = Server.createObject ("adodb.connection") cnn5.cursorlocation = 3cnn5.connectionTIMEOUT = 30cn5.open "DSN = jky" cnn5.execute "Insert Into Jzpz (BM, ZGS, XMZ, XM, SR, ZC, SZFX, SZXS, RQ, JBR, LRR, SZSM) SELECT BM, ZGS, XMZ, XM, SR, ZC, SZFX, SZXS, RQ, JBR, LRR, SZSM from wjzpz where lr = "" & session ("UserName") & "" " CNN5.Execute "delete from wjzpz where lr =" "& session (" username ") &" "" End Sub3. Data query (hierarchical permission control) queries with credentials for queries, there is a box before the optional condition Force "√", "Department" condition must be selected (the program is automatically added), the department content is automatically based on the user's permissions
From the database, the part programs are automatically adjusted according to the department belongs, and some programs are as follows: ............. 'Enter the corresponding query interface according to the permission value ............. Function thispage_onenter () set cnn1 = server.createObject ( "adoDb.connection") SET RST1 = Server.createObject ("AdoDb.Recordset") CNN1.CursorLocation = 3cnn1.ConnectionTimeout = 30cnn1.open "DSN = JKY" Select Case Session ("Tright") Case "3" " Long Rst1.open "SELECT BM.BMNAME FROM JK_USER, BM Where JK_USER.BMID = BM.ID and JK_USER.USERNAME =" "& session (" UserName ")
& "" ", Cnn1,1,1, adcmdtextif rst1.RecordCount> 0 thenRST1.MoveFirst do while not rst1.EOFListbox1.addItem cstr (rst1.Fields (" bmName ")) rst1.MoveNext loopend ifrst1.Closerst1.Open" select zgsname from zgs ", cnn1,1,1, adcmdtextif rst1.RecordCount> 0 thenrst1.MoveFirst do while not rst1.EOFListbox2.addItem cstr (rst1.Fields (" zgsname ")) rst1.MoveNext loopend ifrst1.Closecnn1.closeCheckbox1.setChecked (TRUE) Case "2" Sector Manager ListBox1.Additem Session ("BM") Rst1.open "Select Zgsname from Zgs Where Bmid =" & session ("BMID"), CNN1, 1, 1, AdcmdTextif Rst1.Recordcount> 0 thenrst1.MoveFirst do while not rst1.EOFListbox2.addItem cstr (rst1.Fields ( "zgsname")) rst1.MoveNext loopend ifrst1.Closecnn1.closeCheckbox1.setChecked (true) "Checkbox1.0 case" 1 "" accounting rst1.Open "select bmName from bm", cnn1,1,1, adcmdtextif rst1.RecordCount> 0 thenRST1.MoveFirst do while not rst1.EOFListbox1.addItem cstr (rst1.Fields ( "bmName")) rst1.MoveNext loopend ifrst1.Closerst1.Open"Select zgsname from zgs", cnn1,1,1, adcmdtextif rst1.RecordCount> 0 thenrst1.MoveFirst do while not rst1.EOFListbox2.addItem cstr (rst1.Fields ( "zgsname")) rst1.MoveNext loopend ifrst1.Closecnn1.closecase "4" "Dean Rst1.open" Select Bmname from BM ", CNN1, 1, 1, AdcmdTextif Rst1.RecordCount> 0 Thenrst1.Movefirst Do While Not Rst1.eoflistBox1.addItem CSTR (Rst1.fields (" Bmname ")) Rst1.movenext LoopEND IFRST1.CLOSERST1.Open "Select Zgsname from Zgs", CNN1, 1, 1, AdcmdTextif Rst1.Recordcount>
0 thenrst1.MoveFirst do while not rst1.EOFListbox2.addItem cstr (rst1.Fields ( "zgsname")) rst1.MoveNext loopend ifrst1.Closecnn1.closeend select end if ............ end function 'in accordance with permission to query the credentials sub button1_onclickdim rst2, CNN2, STR, IDIM BM (1), Zgs (1), XMZ (1), XM (1), SZFX (1), SZXS (1), RQ (2), JBR (1) BM (0) = CHECKBOX1 .getChecked () IF BM (0) THENBM (1) = listbox1.gettext (listbox1.selected "Str =" and bm = "& bm (1) &" "" end ifzgs (0) = checkbox2.getChecked () IF zgs (0) THENZGS (1) = ListBox2.gettext (listbox2.selectedIndIndex) Str = str & "and zgs =" & zgs (1) & "" "EndnessMz (0) = checkbox3.getChecked () if xmz (0) THENXMZ (1) = trim (txtxmz.value) str = str & "and xmz like"% "& xmz (1) &"% "" end ifxm (0) = checkbox4.getChecked () if xm (0 )1ENXM (1) = trim (tztxm.value) Str = str & "and xm like"% "& xm (1) &"% "" end ifszfx (0) = checkbox5.getchecked () if SZFX (0) THENSZFX (1) = ListBox3.Gettext (listbox3.selectedindex) str = str & "and szfx =" "& SZFX (1) &" "end ifszxs (0) = Checkbox6.Getc HECked () if szxs (0) Tenszxs (1) = listbox4.gettext (listbox4.selectedIndIndex) Str = str & "and szxs =" "& szxs (1) &" "" end ifjbr (0) = checkbox8.getChecked IF JBR (0) THENJBR (1) = TRIM (TXTJBR.VALUE) STR = Str & "And Jbr Like"% "& JBR (1) &"% "" end ifset CNN2 = Server.createObject ("AdoDb.Connection ") SET RST2 = Server.createObject (" AdoDb.Recordset ") CNN2.CursorLocation = 3cnn2.connectionTIMEOUT =
30cn2.open "DSN = JKY" response.write "
| " response.write "department " response.write " | " Response.write "subsidiary " Response.write " | " response.write "project group " response.write " | " Response.write "project name / contract No. "response.write" | "response.write" income amount (10,000 yuan) "response.write" | "response.write" expenditure (10,000 yuan) "i") = "1" THEN "response.write" aaaaaaa "rst2.open" Select * from FROM JZP Z where id> 0 and lr = "" "& session (" username "&" "& str, cnn2, 1, 1, adcmdtextelse" response.write "fffffffffff" Rst2.open "Select * from jzpz where id> 0 "& STR, CNN2, 1, 1, Adcmdtextend IFIF RST2.Recordcount>
0 thenrst2.MoveFirstrst2.PageSize = 20rst2.AbsolutePage = 1i = 0do while not rst2.EOF and i |
