从数据库获取用户权限-概念问题

发布于 2024-11-26 12:57:48 字数 993 浏览 3 评论 0原文

我有一个表 users

ID    status
1     5
2     50
3     60
4     999
5     5

表中的每个用户都有其状态。状态意味着：

5 = normal user
50 = article writer
60 = blog writer
999 = administrator

在我拥有正常的状态值上升线性系统之前，一切都很好。如果页面只能由管理员访问，我会进行状态 999 的会话检查，如果页面可由最小状态用户访问，我会检查状态是否> > 2等...它无需访问数据库即可工作（我在会话变量中获取状态，因此仅当会话超时和第一次访问时才会查询mysql）。

现在我对文章作者和博客管理员有一个问题......有一个概念问题。我只能应用 = 或 >状态，因此仅允许其中一种状态或任何更高的状态。管理员可以看到所有内容，因此它的编号最高。

现在我希望用户 2 也能够成为博客作者，因此实际上有 2 个确切的角色。他需要同时拥有50和60的状态。 60 并不是更高，因为我不希望每个博客作者都能够看到文章管理。现在该怎么办？

我当然可以放入状态列 50,60，然后解析出正确的列，但我会丢失数字列，并且我认为滥用列字段获取多个值是一种不好的做法。

合乎逻辑的方法是制作一个状态表，例如

IDuser     status
2          50
2          60
3          60
1          5
5          5
4          999

因此，当我在博客页面上时，我可以查询所需的确切状态，并且一个用户可以拥有多个角色...

但是...正如我所写，我在会话中有状态使用经典 ASP 的变量不必在每个页面上查询数据库。如果我制作另一个状态表，我将需要在每个页面上查询状态表以查看是否包含该用户的角色。我想以某种方式记住这些信息，但我不知道如何。

或者也许还有其他方法？

原文

I have a table users

ID    status
1     5
2     50
3     60
4     999
5     5

Each user in table has it's status. Status means like:

5 = normal user
50 = article writer
60 = blog writer
999 = administrator

Until I had normal linear system of ascending status values everything was Ok. If page was accessible only for admins I did a session check for status 999, if the page was accessible by minimal status user I did a check if status > 2 etc... It works without accessing the database (I have statuses fetched in session variables so the mysql is queried only when session is timed out and on first visit).

Now I have a problem with article writers and blog administrators... There is a concept problem. I can only apply the = or > to statuses, so allow only one of the statuses or any status that is higher. Admin can see everything so it has highest number.

Now I want that user 2 would also be able to be a blog writer, so in fact to have 2 exact roles. He needs to have status 50 and 60 at the same time. And 60 is not HIGHER because I don't want every blog writer to be able to see article administration also. What to do now?

I can of course put in status columns 50,60 and then parse the right one out, but I would loose the number column and I think this is bad practice to misuse the column field for more than one value.

Logical way would be to make a status table like

IDuser     status
2          50
2          60
3          60
1          5
5          5
4          999

So when I am on a blog page I can query the exact needed status and one user could have more than one role...

BUT... As I wrote, I have status in session variable using classic ASP not to query the database on every page. If I make another status table I will need to query status table on every page to see if the role for that user is included. I'd like to have this info in memory somehow, but I am not sure how.

Or maybe there is some other way?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

゛时过境迁 2024-12-03 12:57:48

保持数据库表和代码可读的哈希图解决方案可以是：

在 header.inc 上

'add new tasks  here  (and in perfiles table) '
mask_order = "write_article,read_article,write_blog,read_blog"

' this function can be coded 2 ways: checking bad parameters or   '
' not checking bad parameters (best perfomance, but unpredictible problems on wrong calls), i coded this way here '
function can_user(what)
    x = split(" " & mask_order, what)    ' the extra space is needed here '
    x = ubound(split(x(0), ","))+1
    can_user = (session("mask") and 2^x)<>0
end function

重新启动会话

sql="select users.usuario, perfiles.* from users inner join perfiles on users.perfil=perfiles.perfil" _
 & " where usuario = '" & limpia(quien) & "' and pass ' = '" & limpia(password) & "';"
r.open sql, c
ok = not r.eof
if ok then 
    mask = 0: i = 0
    for each campo in split(mask_order, ",")
      i = i +1
      if r(campo) then mask = mask or 2^i
    next
    session("mask") = mask

、在 login.asp 上或在每个所需文件上

if can_user("read_article") then ....

a hashmap solution that keeps db tables and code readable can be:

on header.inc

'add new tasks  here  (and in perfiles table) '
mask_order = "write_article,read_article,write_blog,read_blog"

' this function can be coded 2 ways: checking bad parameters or   '
' not checking bad parameters (best perfomance, but unpredictible problems on wrong calls), i coded this way here '
function can_user(what)
    x = split(" " & mask_order, what)    ' the extra space is needed here '
    x = ubound(split(x(0), ","))+1
    can_user = (session("mask") and 2^x)<>0
end function

on login.asp or session restart

sql="select users.usuario, perfiles.* from users inner join perfiles on users.perfil=perfiles.perfil" _
 & " where usuario = '" & limpia(quien) & "' and pass ' = '" & limpia(password) & "';"
r.open sql, c
ok = not r.eof
if ok then 
    mask = 0: i = 0
    for each campo in split(mask_order, ",")
      i = i +1
      if r(campo) then mask = mask or 2^i
    next
    session("mask") = mask

on each file required

if can_user("read_article") then ....

回复收藏 0 原文

痴者 2024-12-03 12:57:48

使用各种“状态”值的哈希图，并将您的用户与他们请求的任何权限进行“或”操作。

回复收藏 0 原文

不必了 2024-12-03 12:57:48

您仍然可以在会话变量中存储多个状态，我建议使用逗号分隔列表：

Session.Contents("Status") = "50,60"

然后您可以将列表作为数组获取，即

Dim Status
'Check if there is a comma in the list
If (InStr(Session.Contents("Status"), ",")) Then
   Status = Split(Session.Contents("Status"), ",")
Else
   Status Array(Session.Contents("Status"))
End If

'Use a for loop to check if the user has access
i = 0
For i = LBound(Status) To UBound(Status)
   'Do your check here
Next

You can still store multiple statuses in a session variable, I would recommend a comma delimited list:

Session.Contents("Status") = "50,60"

You can then get the list as an Array ie

Dim Status
'Check if there is a comma in the list
If (InStr(Session.Contents("Status"), ",")) Then
   Status = Split(Session.Contents("Status"), ",")
Else
   Status Array(Session.Contents("Status"))
End If

'Use a for loop to check if the user has access
i = 0
For i = LBound(Status) To UBound(Status)
   'Do your check here
Next

回复收藏 0 原文

淡忘如思 2024-12-03 12:57:48

我用两张桌子做：
“用户”具有关联的“个人资料”并且
“个人资料”关联了“允许的操作”
您可以根据“状态”维持“提升状态的正常线性系统”，并且可以开始迁移到这个新模型
这是我的 login.aps 的简化部分（经典）我还在会话上维护“允许的操作”
也许（我不确定，如果它作为长期解决方案很好）您可以使用“status”字段作为用户和 alowed_actions_by_profile 表之间的连接，

sql="select users.usuario, perfiles.* from users inner join perfiles on users.perfil=perfiles.perfil" _
 & " where usuario = '" & limpia(quien) & "' and pass ' = '" & limpia(password) & "';"
r.open sql, c
ok = not r.eof
if ok then 
    for each campo in r.fields
      if campo.name<>"usuario" then session("can_" & campo.name) = r(campo.name)
    next
    session("user") = r("usuario")

这里的配置文件表就像这样

perfil         varchar(20) not null,   
write_article  bolean null,   
read_article   bolean not null,
write_blog     bolean null,   
read_blog      bolean not null,
and so on

，您将代码签入为

if session("can_write_blog") then ....

I do with two tables:
"users" has "profiles" asociated and
"profiles" has "alowed actions" asociated
you can mantain your "normal linear system of ascending status" based on "status" and you can start migrating to this new model
here is a simplficated part of my login.aps (clasic) I also maintain "alowed actions" on session
perhaps (I'm not shure, if it is good as a long term solution) you can use "status" field as the join betwin users and alowed_actions_by_profile tables

sql="select users.usuario, perfiles.* from users inner join perfiles on users.perfil=perfiles.perfil" _
 & " where usuario = '" & limpia(quien) & "' and pass ' = '" & limpia(password) & "';"
r.open sql, c
ok = not r.eof
if ok then 
    for each campo in r.fields
      if campo.name<>"usuario" then session("can_" & campo.name) = r(campo.name)
    next
    session("user") = r("usuario")

here profile table is like

perfil         varchar(20) not null,   
write_article  bolean null,   
read_article   bolean not null,
write_blog     bolean null,   
read_blog      bolean not null,
and so on

and you check in your code as