用户权限从数据库中获取 - 概念问题

I have a table users

我有一个表用户

ID    status
1     5
2     50
3     60
4     999
5     5

Each user in table has it's status. Status means like:

表中的每个用户都有它的状态。状态意味着：

5 = normal user
50 = article writer
60 = blog writer
999 = administrator

Until I had normal linear system of ascending status values everything was Ok. If page was accessible only for admins I did a session check for status 999, if the page was accessible by minimal status user I did a check if status > 2 etc... It works without accessing the database (I have statuses fetched in session variables so the mysql is queried only when session is timed out and on first visit).

直到我有正常线性系统的升序状态值，一切都很好。如果只有管理员才能访问页面，我会对状态999进行会话检查，如果最小状态用户可以访问该页面，我会检查状态> 2等...它可以在不访问数据库的情况下工作（我在会话中获取了状态）变量，所以只有在会话超时和第一次访问时才会查询mysql）。

Now I have a problem with article writers and blog administrators... There is a concept problem. I can only apply the = or > to statuses, so allow only one of the statuses or any status that is higher. Admin can see everything so it has highest number.

现在我对文章作者和博客管理员有问题......存在一个概念问题。我只能将=或>应用于状态，因此只允许其中一个状态或更高的状态。管理员可以查看所有内容，因此编号最高。

Now I want that user 2 would also be able to be a blog writer, so in fact to have 2 exact roles. He needs to have status 50 and 60 at the same time. And 60 is not HIGHER because I don't want every blog writer to be able to see article administration also. What to do now?

现在我希望用户2也可以成为博客作者，所以实际上要有2个确切的角色。他需要同时拥有50和60的状态。 60并不是因为我不希望每个博客作者也能看到文章管理。现在做什么？

I can of course put in status columns 50,60 and then parse the right one out, but I would loose the number column and I think this is bad practice to misuse the column field for more than one value.

我当然可以放入状态列50,60，然后解析出正确的列，但是我会松开数字列，我认为将列字段误用于多个值是不好的做法。

Logical way would be to make a status table like

逻辑方式是制作状态表

IDuser     status
2          50
2          60
3          60
1          5
5          5
4          999

So when I am on a blog page I can query the exact needed status and one user could have more than one role...

因此，当我在博客页面上时，我可以查询确切需要的状态，一个用户可以拥有多个角色......

BUT... As I wrote, I have status in session variable using classic ASP not to query the database on every page. If I make another status table I will need to query status table on every page to see if the role for that user is included. I'd like to have this info in memory somehow, but I am not sure how.

但是......正如我写的那样，我使用经典ASP在会话变量中具有状态，而不是在每个页面上查询数据库。如果我创建另一个状态表，我将需要在每个页面上查询状态表，以查看是否包含该用户的角色。我想以某种方式将这些信息记在内存中，但我不确定如何。

Or maybe there is some other way?

或者也许有其他方式？

4 个解决方案

#1

a hashmap solution that keeps db tables and code readable can be:

保持db表和代码可读的hashmap解决方案可以是：

on header.inc

在header.inc上

'add new tasks  here  (and in perfiles table) '
mask_order = "write_article,read_article,write_blog,read_blog"

' this function can be coded 2 ways: checking bad parameters or   '
' not checking bad parameters (best perfomance, but unpredictible problems on wrong calls), i coded this way here '
function can_user(what)
    x = split(" " & mask_order, what)    ' the extra space is needed here '
    x = ubound(split(x(0), ","))+1
    can_user = (session("mask") and 2^x)<>0
end function

on login.asp or session restart

在login.asp或会话重启

sql="select users.usuario, perfiles.* from users inner join perfiles on users.perfil=perfiles.perfil" _
 & " where usuario = '" & limpia(quien) & "' and pass ' = '" & limpia(password) & "';"
r.open sql, c
ok = not r.eof
if ok then 
    mask = 0: i = 0
    for each campo in split(mask_order, ",")
      i = i +1
      if r(campo) then mask = mask or 2^i
    next
    session("mask") = mask

on each file required

在每个文件上

if can_user("read_article") then ....

#2

Use a hashmap of the various 'status' values and OR your user with whatever permission they are asking for.

使用各种“状态”值的哈希映射，并将您的用户与他们要求的任何权限一起使用。

#3

You can still store multiple statuses in a session variable, I would recommend a comma delimited list:

您仍然可以在会话变量中存储多个状态，我建议使用逗号分隔列表：

Session.Contents("Status") = "50,60"

You can then get the list as an Array ie

然后，您可以将列表作为数组获取，即

Dim Status
'Check if there is a comma in the list
If (InStr(Session.Contents("Status"), ",")) Then
   Status = Split(Session.Contents("Status"), ",")
Else
   Status Array(Session.Contents("Status"))
End If

'Use a for loop to check if the user has access
i = 0
For i = LBound(Status) To UBound(Status)
   'Do your check here
Next

#4

I do with two tables:
"users" has "profiles" asociated and
"profiles" has "alowed actions" asociated
you can mantain your "normal linear system of ascending status" based on "status" and you can start migrating to this new model here is a simplficated part of my login.aps (clasic) I also maintain "alowed actions" on session
perhaps (I'm not shure, if it is good as a long term solution) you can use "status" field as the join betwin users and alowed_actions_by_profile tables

我做了两个表：“用户”有“配置文件”关联，“配置文件”有“操作”，你可以根据“状态”保留你的“正常线性提升状态系统”，你可以开始迁移到这个新模型这是我的login.aps（clasic）的一个简单的部分我也在会话中保持“alowed actions”（我不是shure，如果它作为一个长期的解决方案是好的）你可以使用“status”字段作为连接betwin用户和alowed_actions_by_profile表

sql="select users.usuario, perfiles.* from users inner join perfiles on users.perfil=perfiles.perfil" _
 & " where usuario = '" & limpia(quien) & "' and pass ' = '" & limpia(password) & "';"
r.open sql, c
ok = not r.eof
if ok then 
    for each campo in r.fields
      if campo.name<>"usuario" then session("can_" & campo.name) = r(campo.name)
    next
    session("user") = r("usuario")

here profile table is like

这里的个人资料表就像

perfil         varchar(20) not null,   
write_article  bolean null,   
read_article   bolean not null,
write_blog     bolean null,   
read_blog      bolean not null,
and so on

and you check in your code as

并将您的代码签入

if session("can_write_blog") then ....

#1