权限:权限以角色为主(RBAC:基于角色的权限管理 )
设置权限在进行用户注册的时候把角色分配好
保证系统的安全,保证登录的合法,对数据进行保密
一个完整的系统分前台和后台,后台是针对管理的内部员工来使用的,注册的功能必须由后台的最高管理者来进行
权限一般分为四张表:
1、用户表:重点是角色ID
2、角色表(角色ID ,角色名)
3、权限表(权限ID、权限名、权限路径--/Home/Select)
4、角色权限关系表(主键ID,权限ID,角色ID)给角色划分权限
---创建数据库 CREATE DATABASE DbUserInfo ---使用数据库 USE DBUserInfo ---创建数据表用户表 CREATE TABLE T_User ( U_Id INT PRIMARY KEY IDENTITY, U_Name NVARCHAR(24), U_Password NVARCHAR(24), R_Id INT ) ---创建数据角色表 CREATE TABLE T_Role ( R_Id INT PRIMARY KEY IDENTITY, R_Name NVARCHAR(24) ) --创建权限表 CREATE TABLE T_Limits ( L_Id int PRIMARY KEY IDENTITY, L_Name NVARCHAR(24), L_Url NVARCHAR(48) ) ---创建权限角色关系表 CREATE TABLE T_RelLimitRole ( T_Id INT PRIMARY KEY IDENTITY, R_Id INT, L_Id INT )
dataReader登录返回:
/// <summary> /// 登录 /// </summary> /// <param name="name"></param> /// <param name="pwd"></param> /// <returns></returns> public Users UserLogin(string name, string pwd) { conn.Open(); string sql = "select U_Name,U_Password,R_Id from T_User where U_Name='"+name+"' and U_Password='"+pwd+"'"; SqlCommand com = new SqlCommand(sql, conn); var res = com.ExecuteReader(); Users use = new Users(); while (res.Read()) { use.U_Name = res["U_Name"].ToString(); use.U_Password = res["U_Password"].ToString(); use.R_Id = Convert.ToInt32(res["R_Id"]); } res.Close(); conn.Close(); return use; }
根据角色判断登录:
/// <summary> /// 登录操作 /// </summary> /// <param name="name"></param> /// <param name="pwd"></param> /// <returns></returns> [HttpPost] public JsonResult UserLogin(string name,string pwd) { var res = new BLL.UserBll().UserLogin(name, pwd); Session["rid"] = res.R_Id;//session保存需要的角色id if (res != null) { if (res.R_Id == 1) { return Json(new { code = 1, message = "校长登录成功" }); } else if (res.R_Id == 2) { return Json(new { code = 2, message = "主任登录成功" }); } else if (res.R_Id == 3) { return Json(new { code = 3, message = "讲师登录成功" }); } else if (res.R_Id == 4) { return Json(new { code = 4, message = "辅导员登录成功" }); } else { return Json(new { code = 5, message = "登录成功" }); } } else { return Json(new { code = 0, message = "登录失败" }); } }
显示权限:
/// <summary> /// 权限 /// </summary> /// <param name="lid"></param> /// <returns></returns> public List<Limite> GetLimit(int rid) { string sql = "SELECT * FROM T_Limits WHERE 1=1"; if (rid!=0) { sql += "and L_Id IN (SELECT L_Id FROM T_RelLimitRole WHERE R_Id = "+rid+")"; } SqlDataAdapter ada = new SqlDataAdapter(sql,conn); DataTable dt = new DataTable(); ada.Fill(dt); var res = JsonConvert.SerializeObject(dt); var list = JsonConvert.DeserializeObject<List<Limite>>(res); return list; }
/// <summary> /// 母版 /// </summary> /// <returns></returns> [HttpPost] public JsonResult NavLimit() { int rid = Convert.ToInt32(Session["rid"]); var res = new BLL.UserBll().GetLimit(rid); return Json(res); }
添加权限:
/// <summary> /// 删除权限 /// </summary> /// <param name="rid"></param> /// <returns></returns> public int DelRef(int rid) { conn.Open(); string sql = "delete T_RelLimitRole where R_Id="+rid; SqlCommand com = new SqlCommand(sql, conn); int res= com.ExecuteNonQuery(); conn.Close(); return res; } /// <summary> /// 添加权限 /// </summary> /// <param name="r"></param> /// <returns></returns> public int AddRef(List<RefRoleLimit> r) { conn.Open(); int res = 0; foreach (var item in r) { string sql = string.Format("insert into T_RelLimitRole values({0},{1})", item.R_Id, item.L_Id); SqlCommand com = new SqlCommand(sql, conn); res += com.ExecuteNonQuery(); } conn.Close(); return res; } /// <summary> /// 查询角色 /// </summary> /// <returns></returns> public List<Role> GetRole() { string sql = "select * from T_Role"; SqlDataAdapter ada = new SqlDataAdapter(sql, conn); DataTable dt = new DataTable(); ada.Fill(dt); var res = JsonConvert.SerializeObject(dt); var list = JsonConvert.DeserializeObject<List<Role>>(res); return list; }
/// <summary> /// 添加权限页面 /// </summary> /// <returns></returns> public ActionResult limit() { var res = new BLL.UserBll().GetRole(); ViewBag.list = new SelectList(res, "R_Id", "R_Name"); return View(); } /// <summary> /// 删除原有权限 /// </summary> /// <param name="rid"></param> /// <returns></returns> [HttpPost] public JsonResult Dellimit(int rid) { var res = new BLL.UserBll().DelRef(rid); if (res > 0) { return Json(new { code = 1 }); } else { return Json(new { code = 0 , message = "失败" }); } } /// <summary> /// 添加权限 /// </summary> /// <param name="res"></param> /// <returns></returns> [HttpPost] public JsonResult limit(string res) { res = res.TrimEnd('|'); string[] str = res.Split('|'); if (str == null || str.Length == 0) { return Json(new { code = 0, message = "失败" }); } else { List<RefRoleLimit> re = new List<RefRoleLimit>(); foreach (var item in str) { string[] s = item.Split(','); if (s == null || s.Length == 0) { break; } else { RefRoleLimit roel = new RefRoleLimit(); roel.R_Id = Convert.ToInt32( s[0]); roel.L_Id = Convert.ToInt32(s[1]); re.Add(roel); } } if (new BLL.UserBll().AddRef(re) > 0) { return Json(new { code = 1, message = "添加成功" }); } else { return Json(new { code = 0, message = "添加失败" }); } } }
<script src="~/Scripts/jquery-1.10.2.min.js"></script> <script> function Quan() { var rid = $("#R_Id").val(); $.ajax({ url: "/UserRole/Dellimit", type: "post", data: { rid: rid }, success: function (Data) { if (Data.code == 1) { var quan = "" $(".Checkbox1:checked").each(function () { var li = $(this).val(); quan += rid + "," + li + "|"; }) alert(quan); $.ajax({ url: "/UserRole/limit", type: "post", data: { res: quan }, success: function (Data) { if (Data.code == 1) { alert(Data.message); } else { alert(Data.message); } } }) } else { alert(Data.message); } } }) } </script> <h2>limit</h2> @Html.DropDownList("R_Id", ViewBag.list as SelectList)<br /> <input class="Checkbox1" type="checkbox" value="1"/>沟通记录导入管理<br /> <input class="Checkbox1" type="checkbox" value="2" />沟通记录查询管理<br /> <input class="Checkbox1" type="checkbox" value="3" />家长评分综合管理<br /> <input class="Checkbox1" type="checkbox" value="4" />家长投诉查询管理<br /> <input class="Checkbox1" type="checkbox" value="5" />家长投诉管理<br /> <input class="Checkbox1" type="checkbox" value="6" />公告管理<br /> <input class="Checkbox1" type="checkbox" value="7" />班级管理<br /> <input class="Checkbox1" type="checkbox" value="8" />角色管理<br /> <input id="Button1" type="button" value="角色权限" onclick="Quan()"/>
这样添加权限就会把原有的权限删除,再重新添加权限
添加权限用到了批量添加