background:
1. C/S system architecture
2. Front-end Extjs
3. Background C#
4. Database SQL
The front end communicates with the background through ajAx requests.
The front-end application page uniformly inherits the entry class BasePage
application page
public partial class xxxxxxx :BasePage { //y business code...... }
BasePage
public class BasePage : System.Web.UI.Page { //Implement data permission check here }
need:
Complete the data operation permission verification and remind the front end
analyze:
Because all pages inherit BasePage, you can now add code to BasePage. The background function is realized, because the permission judgment is performed based on the current user ID and the requested page.
In order to improve efficiency, the judgment can be completed in the storage process and the result can be returned.
In addition, for the convenience of management and tracking, the log is recorded after the judgment is completed
stored procedure
-- =============================================== -- Author : Zhang Lihui -- Create date: 2023-3-24 -- Description: System access control AOP -- ============================== ================== create PROCEDURE [dbo].[Hztech_Aop] @userID as nvarchar(20), @URI as nvarchar(200), @result as nvarchar(20) output , @msg as nvarchar(200) output AS BEGIN declare @roleid as int --role ID declare @location as int-- the location of DataStore/ declare @moduleAndPage as nvarchar(200)--module/page and request parameters declare @module as nvarchar(50) --module declare @pageAndOptype as nvarchar(100)-- page declare @page as nvarchar(100)-- page declare @optype as nvarchar(50) --optype declare @Edit as bit declare @Del as bit declare @Close as bit declare @Lock as bit declare @Unop as bit declare @Export as bit declare @pageName as nvarchar(100) declare @pass nvarchar(20) set @pass=' refuse' set @pageName='query' --1 get role id by user id select @roleid=isnull(roleid,0) from [xxxx_UserRoles] where UserID=@userID if(@roleid is null or @roleid=0) begin set @pass='refuse' set @msg='You are not authorized to perform any operation. ' set @result= 0 goto logg end --2 Get menu permissions through url and role ID --2.1 Determine whether it is a datastore request set @location=charindex('xxxxxxxxxx/',@URI, if(@location<=0) begin set @msg='pass+log, non-xxxxxxxxxx operation. ' set @result= 1 goto logg end --2.2 contains DataStore/ set @moduleAndPage= SUBSTRING(@URI,@location+len('xxxxxxxxxxxx/'),len(@URI)-4) --parsing URL set @module =dbo.GetSplitOfIndex(@moduleAndPage,'/',1)--module set @pageAndOptype=dbo.GetSplitOfIndex(@moduleAndPage,'/',2)--@pageAndOptype set @page=dbo.GetSplitOfIndex(@pageAndOptype,' ?',1) --yyy.aspx?optype=xxxx set @optype=dbo.GetSplitOfIndex(@pageAndOptype,'?',2)-- optype=xxxx set @optype=dbo.GetSplitOfIndex(@optype,'=' , if(CHARINDEX('&',@optype,0)>0) -- contains multiple parameters begin set @optype=dbo.GetSplitOfIndex(@optype,'&',1) -- xxxx end --3 to determine whether it is needed Control permissions /* optype value range . . . . . . . */ --3.1 Query operation if(@optype='getPobillAndDetail' or @optype='showfile' or charindex('Select',@optype,0)>0 or @optype='WorkFlowApprovePobill' -- approval submission ) begin set @pass='log' set @msg='pass, non-modification operation. ' set @result= 1 goto logg end --3. where [Url] like '%/'+@module+'/%' and roleid=@roleid --4 Judging whether there is permission if (charindex('Submit',@optype,0)>0--dialog single form submission or @optype='savePOBill' --document saving if(@Edit=1)--editable begin set @result= 1 end else begin set @result=0 goto logg end end ---Other permission verification omitted ... ..... else set @result=0-- otherwise refuse refuse if(@result=1) set @pass='pass' --5 log logg : if(@result=0) set @msg='Unauthorized to perform the current operation'+@optype insert into sys_aoplog([code] ,[name] ,[uri] ,[verifyresult], module,[page],optype,remark) values (@userID,@ pageName,@URI,@pass,@module,@page,@optype,@msg) --6 return result return @result END
The front end calls the stored procedure for authentication
//判断权限 bool purCheck= dataOperate.ExeAopProc(aurl, currentUser.UserID.ToString(), out purMsg); if (!purCheck) { string jsonlist1 = Common.ExtAjaxRequest.GetOperateRet("0", purCheck, purMsg); Response.Write(jsonlist1); Response.End(); }
Effect:
background log
knock off.