using System;using System.Data;using System.Data.SqlClient;using System.Configuration;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;
/// <summary>
/// 用户权限的设计/// 可以对用户添加角色,也可以对用户单独设置权限,互不影响;最后把角色的权限和用户单独的权限结合到一块成为用户的权限;/// 最后返回用户功能时会有重复,使用时可以创建一个视图,对重复数据使用“distinct”过滤即可,往useraction表中添加“拒绝功能”时必须删除已经存在的这个功能
/// </summary>public class ActionOperate{
internal readonly string connstring = "server=.;database=stoa;uid=sa;pwd=;"; internal SqlConnection scn; internal SqlCommand scm; public ActionOperate()
{
// // TODO: 在此处添加构造函数逻辑 // scn = new SqlConnection(this.connstring); scm = new SqlCommand(); scm.Connection = scn;
} // /// <summary> /// sql通用操作 /// </summary> /// <param name="sqlCommandText"></param> public void DbOperate(string sqlCommandText) { try { scm.CommandText = sqlCommandText; scn.Open(); scm.ExecuteNonQuery(); } catch (Exception ex) { HttpContext.Current.Response.Write(ex.Message); } finally { scn.Close(); } } public DataSet DbDataSet(string sqlCommandText) { DataSet ds = new DataSet(); scm.CommandText = sqlCommandText; SqlDataAdapter sda = new SqlDataAdapter(scm); sda.Fill(ds); return ds; } // /// <summary> /// 添加一个角色 /// </summary> /// <param name="roleName"></param> public void AddRole(string roleName) { DbOperate("insert into roles(role_name) values ('" + roleName + "')"); } // /// <summary> /// 删除一个角色 /// </summary> /// <param name="roleId"></param> public void DeleteRole(string roleId) { this.DbOperate("delete from roles where role_id = " + roleId); } // /// <summary> /// 修改角色 /// </summary> /// <param name="roleId"></param> /// <param name="roleNameNew"></param> public void UpdateRole(string roleId, string roleNameNew) { this.DbOperate("update roles set role_name='" + roleNameNew + "' where role_id = " + roleId); } // /// <summary> /// 返回角色dataset /// </summary> /// <returns></returns> public DataSet RoleDataSet() { DataSet ds = DbDataSet("select * from roles "); return ds; } // /// <summary> /// 添加功能 /// </summary> /// <param name="ActionName"></param> public void AddAction(string ActionName) { DbOperate("insert into Action(Action_name) values ('" + ActionName + "')"); } // /// <summary> /// 删除功能 /// </summary> /// <param name="ActionId"></param> public void DeleteAction(string ActionId) { this.DbOperate("delete from Action where Action_id = " + ActionId); } // /// <summary> /// 修改功能 /// </summary> /// <param name="ActionId"></param> /// <param name="ActionNameNew"></param> public void UpdateAction(string ActionId, string ActionNameNew) { this.DbOperate("update Actions set Action_name='" + ActionNameNew + "' where Action_id = " + ActionId); } // /// <summary> /// 添加角色功能 /// </summary> /// <param name="roleId"></param> /// <param name="actionId"></param> public void AddRoleAction(string roleId, string actionId) { DbOperate("insert into roles_action(role_id,action_id) values (" + roleId + "," + actionId + ")"); } // /// <summary> /// 删除角色功能 /// </summary> /// <param name="roleId"></param> /// <param name="actionId"></param> public void DeleteRoleAction(string roleId, string actionId) { this.DbOperate("delete from roles_action where role_id=" + roleId + " and action_id = " + actionId); } // /// <summary> /// 添加或拒绝用户使用某个功能 /// </summary> /// <param name="userId"></param> /// <param name="actionId"></param> /// <param name="refsevalue_0_or_1">0表示用户拥有这个功能,1表示被拒绝的权限</param> public void AddUserAction(string userId, string actionId, string refsevalue_0_or_1) { DeleteUserAction(userId, actionId); DbOperate("insert into user_action(user_id,action_id,refuse) values (" + userId + "," + actionId + "," + refsevalue_0_or_1 + ")"); } /// <summary> /// 删除用户功能 /// </summary> /// <param name="userId"></param> /// <param name="actionId"></param> /// <param name="refsevalue_0_or_1">0表示用户拥有这个功能,1表示被拒绝的权限</param> public void DeleteUserAction(string userId, string actionId, string refsevalue_0_or_1) { this.DbOperate("delete from user_action where refuse=" + refsevalue_0_or_1 + " and user_id=" + userId + " and action_id = " + actionId); } public void DeleteUserAction(string userId, string actionId) { this.DbOperate("delete from user_action where user_id=" + userId + " and action_id = " + actionId); } // /// <summary> /// 添加用户角色 /// </summary> /// <param name="userId"></param> /// <param name="roleId"></param> public void AddUserRole(string userId, string roleId) { DbOperate("insert into user_role(user_id,role_id) values (" + userId + "," + roleId + ")"); } // /// <summary> /// 删除用户角色 /// </summary> /// <param name="userId"></param> /// <param name="roleId"></param> public void DeleteUserRole(string userId, string roleId) { this.DbOperate("delete from user_role where user_id=" + userId + " and role_id = " + roleId); } // /// <summary> /// 返回用户是否有某个功能 /// </summary> /// <param name="userId"></param> /// <param name="actionId"></param> /// <returns></returns> public bool HasAction(string userId, string actionId) { return UserActionDs(userId).Tables[0].Select("action_id=" + actionId).Length > 0; } /// <summary> /// 返回某个用户的所有功能 /// </summary> /// <param name="userId"></param> /// <returns></returns> public DataSet UserActionDs(string userId) { string sqlcommand = " select action_id from user_action where refuse=0 and user_id=" + userId + " union " +" select role_action.action_id from role_action,user_role where user_role.role_id=role_action.role_id and user_role.user_id=" + userId +" and role_action.action_id not in (select action_id from user_action where user_id="+userId+" and refuse=1)"; DataSet ds = DbDataSet(sqlcommand); return ds; }}