There is a saying called "toss to toss, toss back to the origin of" That's right, they should be sent back to the origin is the last word.
1. The user table (which of several users)
2. role table (of which there are several roles)
3. The user role association table (users who belong to those roles)
4. permission table (and which of the required permissions assigned)
5. permissions storage table (which the user has permissions, roles have which permissions can also be separately and together)
Determining a permission to function e.g.
checkPermission (userID String, String permissionCode)
IsAuthorization (userID String, String permissionCode)
substantially meet the requirements.
Usually needs analysis
by operating on the columns of each operation on 1 page.
CheckPermission (userID, "PageA.BtnAdd") there have operating rights to the Add button? Such as adding permissions.
CheckPermission (userID, "PageA.BtnDelete") there have operating rights to the Add button? Such as adding permissions.
CheckPermission (userID, "PageA.TableB.ColumnC") have permission to view the no column C.
2. For data tables, access control and other fields
CheckPermission (userID, "TableA") does not have permission to access the table.
CheckPermission (userID, "TableA.Access")
checkPermission (userID, "TableA.Delete")
checkPermission (userID, "TableA.ColumnB") access to the column.
CheckPermission (userID, "TableA.ColumnB.Access") access to the column.
CheckPermission (userID, "TableA.ColumnB.Delete") access to the column.
. . . . . . How on how you want to come on, I think how imagination to imagine how, simple easy to use is the last word.
Or you look at the function package
CheckColumnPermission (userID String, String Table, column String)
{
return checkPermission (userID, "table.column.Access")
}
To put it plainly, permissionCode where you can write and consequently, can judge, but naming your rational planning on it,
no need to do too much too responsible toss, really a simple truth, can make a very complex thing to , not to complicate the simple question,
it is the last word simplify complex issues, not discuss the data set permissions problem, that is, data filtering permission to exceed that this post discussion
on the range.
Early very early, what I have seen 0,1 authority representatives, it is really not easy to use, unless permission rarely.
Also very early, I watched a representative of what authority, what authority on behalf of 2, 4 represents what authority, what authority they represent 8,
1 + 2 + 4 + 8, to present, there are those permissions, felt very magical now think about all gab eggs.
Just because I study every day, ah Han authority, and falling behind the times, there is a need for this stuff, but nothing Dayong,
or business-focused, or in the core network applications and work on e-commerce is the last word, to network earn money
is the last word, times have changed, a friend said, wake up, now is the e-commerce era, right ah, I listen up.
Reproduced in: https: //my.oschina.net/iwenr/blog/227767