最初は、ASP MVCがすぐに使用できる十分なツールがありましたが、時間が経つにつれて、独自の権利共有ツールを作成する必要に直面しました。 親愛なる%habrauser%がこの問題を解決する方法に興味があるなら、catにようこそ。
いくつかの歌詞
プロジェクトの1つで、サイトのセクションと要素へのアクセス権を共有する問題に遭遇しました。 これは、従業員が休暇を計画できる会社の内部Webサイトです。 TKは驚くほどうまく書かれています。 作業は加速ペースで進み、1か月の作業の後、作業用プロトタイプの準備が整いました。 システムの運用に関する「洗練」が開始されなかった瞬間まで、誰もがまさに喜んでいました。 そして、官僚は誕生以来私たちの男性に座っていたので、多くの調整と議論がありました。その結果は次のようなものでした。 しかし、これは普通のユーザーには見られないはずです。 そして、これは管理者のみが見ることができます。 そして、これは特に秘密の管理者だけが見るべきであり、他の誰も見るべきではありません!」 そして、残念なことに、これは顧客の混乱した想像力の終わりではありません。
標準ツールを使用して役割とアクセスの管理を行うことができますが、非常に面倒です。 そのため、簡単に管理できるアクセス共有モジュールの作成に取りかかりました。
はじめに
まず、モジュールの基本的な要件が導き出されました。
- コントローラメソッドへのアクセス権の簡単な分離(Authorize属性の原理に基づく)
- サイト要素へのアクセスを共有するための使いやすいメカニズム
- アクセスバリエーションのあるロールを作成する機能
- さまざまなプロジェクトで使用する能力
その後、さまざまなスキームを作成し、トピックに関する膨大な資料を表示する「作業」を実施しました。 その結果、モジュールの概念が開発されました。
モジュールが機能するために必要なデータは、MSSQLデータベースに格納されます(c#で記述した場合は、他のものに格納されます)。 企業ネットワーク構造の特性と、プロジェクトで(理論上)を使用するというアイデアのために、私は集中ストレージを行いませんでした。 したがって、モジュールデータのセットをプロジェクトデータベースに書き込みます。
また、モジュールはどのプロジェクトでも機能するという考えに基づいて、モジュールが接続されているプロジェクトのweb.configファイルから設定を読み取る必要があります。
さて、新しいプロジェクトへの展開が... ahemと同じくらい簡単になるように、モジュールにベースを準備し、初期構成を行う方法を教えてください。 さて、あなたはポイントを得る。
また、デフォルトで、新しく作成または追加されたすべての要素とセクションをテーブルに入力し、「スーパー管理者」にアクセスできるようにして、作業するたびに設定を行う必要がないようにします。
はじめに
最初に、結果のモジュールについて少し説明したいと思います。 彼の仕事では、彼は自分で書いたRoleProviderを使用します。 また、その使用の理由は、企業ネットワークの機能でした。 したがって、サーバーの1つに、従業員に関するすべてのデータとドメインログインへのバインドが格納されているディレクトリが作成されました。 理由を聞かないでください。 これは確立された状態です。
そのため、ディレクトリの内部ニーズのために、従業員のグループがあります。 そのため、主要な機能を実行するだけでなく、サーバー上のディレクトリ内のグループを操作する役割プロバイダーが作成されました。 それは特別な興味の対象ではなく、プロバイダーを書く上で新しいものを見つけることはないので、私はそれを持ち込みません。 (コードスニペットでは、ロールプロバイダーを含むAuthLib名前空間にアピールします)。
コードが実行されるまで、コード内のコメントやその他のゴミについて謝罪したいと思います。 与えられたコードは(現在のプロジェクトの現実では)時代遅れであり、アイデアを示すためだけに与えられています。
最初のステップは、ユーザーを記述するクラスを作成することです。 将来は働きやすくなります。
クラス「従業員」
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Data.SqlClient; namespace Ekzo.BaseClasses { public class Employee : IEquatable<Employee> { /// <summary> /// /// </summary> public int Id { get; set; } /// <summary> /// /// </summary> public string Name { get; set; } /// <summary> /// /// </summary> /// <param name="id"> </param> public Employee(int id) { InitClass(id); } /// <summary> /// /// </summary> /// <param name="employeeName"> </param> public Employee(string employeeName) { using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("SELECT employee_id FROM employee WHERE employee_name LIKE @employeeName+'%' AND date_fired IS NULL", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@employeeName", string.Join("%", employeeName.Split(char.Parse(" ")))); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.Id = reader.GetInt32(0); } reader.Close(); } catch (Exception ex) { if (Ekzo.Web.Configuration.s_log != null) Ekzo.Web.Configuration.s_log.Error("[ ] [ ]", ex); } } } if (this.Id != 0) InitClass(this.Id); } /// <summary> /// /// </summary> public Employee() { } /// <summary> /// /// </summary> /// <param name="id"> </param> private void InitClass(int id) { this.Id = id; using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("SELECT employee_name FROM employee WHERE employee_id=@employeeID AND date_fired IS NULL", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@employeeID", this.Id); SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.Name = reader.GetString(0); } reader.Close(); } catch (Exception ex) { if (Ekzo.Web.Configuration.s_log != null) Ekzo.Web.Configuration.s_log.Error("[ ] [ ]", ex); } } } } public bool Equals(Employee x, Employee y) { if (x.Name == y.Name && x.Id == y.Id) return true; else return false; } public override int GetHashCode() { int hasEmployeeName = this.Name == null ? 0 : this.Name.GetHashCode(); int hasID = this.Id == 0 ? 0 : this.Id.GetHashCode(); return hasEmployeeName ^ hasID; } public bool Equals(Employee other) { if (this.Name == other.Name && this.Id == other.Id) return true; else return false; } bool IEquatable<Employee>.Equals(Employee other) { if (this.Name == other.Name && this.Id == other.Id) return true; else return false; } } }
次に、システムの要素(セクション、リンク、コントロールなど)を記述するクラスを準備します
クラス「アクション」
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web; namespace Ekzo.Web.Security.Utilization.Authorization { /// <summary> /// . , . /// </summary> public class Action { /// <summary> /// /// </summary> public int id { get; private set; } /// <summary> /// , /// </summary> private int[] _ActionGroups; /// <summary> /// , /// </summary> public ActionGroup[] ActionGroups { get { List<ActionGroup> Groups = new List<ActionGroup>(); if (_ActionGroups != null) { for (int i = 0; i < _ActionGroups.Count(); i++) Groups.Add(new ActionGroup(_ActionGroups[i])); return Groups.ToArray(); } return null; } } /// <summary> /// /// </summary> public string ActionName { get; set; } /// <summary> /// /// </summary> public bool Active { get; private set; } #region ClassBuilder public Action() { } public Action(string ActionName) { InitClass(ActionName); } public Action(int id) { InitClass(null, id); } private void InitClass(string name, int id = 0, int actionGroup = 0) { if (id != 0) this.id = id; if (!string.IsNullOrEmpty(name)) this.ActionName = name; //this._ActionGroups = actionGroup; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_Actions WHERE id=@id OR Name=@actionName", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", id); cmd.Parameters.AddWithValue("@actionName", string.IsNullOrEmpty(name) ? "" : name); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); this.ActionName = reader.GetString(1); this.Active = reader.GetBoolean(2); } reader.Close(); List<int> actionGroups = new List<int>(); cmd.CommandText = "SELECT GroupID FROM Authorization_ActionToGroup WHERE ActionID=@id"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@id", this.id); reader = cmd.ExecuteReader(); while (reader.Read()) actionGroups.Add(reader.GetInt32(0)); this._ActionGroups = actionGroups.ToArray(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } #endregion /// <summary> /// /// </summary> public void Save() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@" IF((SELECT COUNT(*) FROM Authorization_Actions WHERE id=@id OR Name=@name)=0) BEGIN INSERT INTO Authorization_Actions(Name) VALUES(@name) INSERT INTO Authorization_ActionToGroup(ActionID,GroupID) VALUES((SELECT TOP(1) id FROM Authorization_Actions WHERE Name=@name),0) END ELSE UPDATE Authorization_Actions SET Name=@name, Active=@active SELECT * FROM Authorization_Actions WHERE Name=@name", conn)) { try { conn.Open(); if (!string.IsNullOrEmpty(this.ActionName) && this.id == 0) cmd.CommandText = cmd.CommandText.Replace("WHERE id=@id OR Name=@name", "WHERE Name=@name"); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@name", this.ActionName); cmd.Parameters.AddWithValue("@active", this.Active); //cmd.Parameters.AddWithValue("@groupID", this._ActionGroup); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); List<int> actionGroups = new List<int>(); while (reader.Read()) { this.id = reader.GetInt32(0); this.ActionName = reader.GetString(1); this.Active = reader.GetBoolean(2); } reader.Close(); cmd.CommandText = "SELECT GroupID FROM Authorization_ActionToGroup WHERE ActionID=@id"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@id", this.id); reader = cmd.ExecuteReader(); while (reader.Read()) actionGroups.Add(reader.GetInt32(0)); this._ActionGroups = actionGroups.ToArray(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> public void Delete() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_Actions WHERE id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); cmd.CommandText = "DELETE FROM Autorization_ActionToGroup WHERE ActionID=@id"; cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <returns></returns> public bool IsExist() { return IsExist(this.ActionName); } /// <summary> /// /// </summary> /// <param name="ActionName"> </param> /// <returns></returns> public static bool IsExist(string ActionName) { bool result = false; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT COUNT(*) FROM Authorization_Actions WHERE Name=@name", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", ActionName); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result = reader.GetInt32(0) == 0 ? false : true; } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result; } /// <summary> /// /// </summary> /// <returns></returns> public static List<Action> GetAllActions() { List<Action> result = new List<Action>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT id FROM Authorization_Actions ORDER BY Name ", conn)) { try { conn.Open(); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result.Add(new Action(reader.GetInt32(0))); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result; } /// <summary> /// /// </summary> /// <param name="groupID"></param> public void AddToGroup(int groupID) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@" IF((SELECT COUNT(*) FROM Authorization_ActionToGroup WHERE ActionID=@action AND GroupID=@group)=0) INSERT INTO Authorization_ActionToGroup(ActionID,GroupID) VALUES(@action,@group)", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@action", groupID); cmd.Parameters.AddWithValue("@group", this.id); cmd.ExecuteNonQuery(); new Action(this.id); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } } }
クラス「アクショングループ」
using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Ekzo.Web.Security.Utilization.Authorization { /// <summary> /// /// </summary> public class ActionGroup { /// <summary> /// /// </summary> public int id { get; private set; } /// <summary> /// , /// </summary> public SystemRole[] Roles { get; private set; } /// <summary> /// /// </summary> public string Name { get; private set; } /// <summary> /// . , . /// </summary> public bool Active { get; set; } /// <summary> /// . /// </summary> public Action[] GroupActions { get; private set; } #region ClassBuilder public ActionGroup(int id) { InitClass(null, id); } public ActionGroup(string name) { InitClass(name); } private void InitClass(string name, int id = 0) { if (id != 0) this.id = id; if (!string.IsNullOrEmpty(name)) this.Name = name; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_ActionGroups WHERE id=@id OR Name=@groupName", conn)) { try { conn.Open(); if (!string.IsNullOrEmpty(name) && id == 0) cmd.CommandText = "SELECT * FROM Authorization_ActionGroups WHERE Name=@groupName"; cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@groupName", this.Name == null ? "" : this.Name); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); if (string.IsNullOrEmpty(this.Name)) this.Name = reader.GetString(1); this.Active = reader.GetBoolean(2); } reader.Close(); cmd.CommandText = "SELECT * FROM Authorization_RoleToActionGroup WHERE ActionGroup=@groupID"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@groupID", this.id); reader = cmd.ExecuteReader(); List<SystemRole> rolesList = new List<SystemRole>(); while (reader.Read()) rolesList.Add(new SystemRole(this.id, reader.GetString(2))); this.Roles = rolesList.ToArray(); reader.Close(); cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@id", this.id); List<Action> actionsList = new List<Action>(); cmd.CommandText = "SELECT ActionID FROM Authorization_ActionToGroup WHERE GroupID=@id"; reader = cmd.ExecuteReader(); while (reader.Read()) { actionsList.Add(new Action(reader.GetInt32(0))); } this.GroupActions = actionsList.Distinct().ToArray(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } #endregion /// <summary> /// /// </summary> public void Save() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@" IF((SELECT COUNT(*) FROM Authorization_ActionGroups WHERE Name=@name)=0) INSERT INTO Authorization_ActionGroups(Name) VALUES(@name) ELSE UPDATE Authorization_ActionGroups SET Name=@name, Active=@active WHERE id=@id SELECT * FROM Authorization_ActionGroups WHERE Name=@name", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@name", this.Name); cmd.Parameters.AddWithValue("@active", this.Active); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); this.Name = reader.GetString(1); this.Active = reader.GetBoolean(2); } reader.Close(); cmd.CommandText = "SELECT * FROM Authorization_RoleToActionGroup WHERE ActionGroup=@id"; reader = cmd.ExecuteReader(); List<SystemRole> rolesList = new List<SystemRole>(); while (reader.Read()) rolesList.Add(new SystemRole(reader.GetString(2))); this.Roles = rolesList.ToArray(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// . /// </summary> /// <remarks> .</remarks> public void Delete() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_ActionGroups WHERE id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); cmd.CommandText = "DELETE FROM Authorization_RoleToActionGroup WHERE ActionGroup=@id"; cmd.ExecuteNonQuery(); cmd.CommandText = "DELETE FROM Authorization_ActionToGroup WHERE GroupID=@id"; cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <param name="actionID"> </param> public void DeleteAction(int actionID) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_ActionToGroup WHERE ActionID=@action AND GroupID=@group", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@action", actionID); cmd.Parameters.AddWithValue("@group", this.id); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <param name="roleID"> </param> public void DeleteRole(int roleID) { string roleName = ""; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT group_name FROM groups WHERE group_id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", roleID); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) roleName = reader.GetString(0); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_RoleToActionGroup WHERE ActionGroup=@group AND Role=@roleName", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@roleName", roleName); cmd.Parameters.AddWithValue("@group", this.id); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <returns></returns> public static List<ActionGroup> GetAllgroups() { List<ActionGroup> result = new List<ActionGroup>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT id FROM Authorization_ActionGroups", conn)) { try { conn.Open(); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result.Add(new ActionGroup(reader.GetInt32(0))); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result; } } }
クラス「コントロール」
using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Ekzo.Web.Security.Utilization.Authorization { /// <summary> /// , /// </summary> public class PageControl { /// <summary> /// /// </summary> public int id { get; private set; } /// <summary> /// /// </summary> public string Name { get; set; } /// <summary> /// , /// </summary> public List<PageControlsGroup> Groups { get; set; } #region ClassBuilder public PageControl(int id) { InitClass(id, null); } public PageControl(string name) { InitClass(0, name); } private void InitClass(int id, string Name) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { // , using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@"IF((SELECT COUNT(*) FROM Authorization_Controls WHERE Name=@name OR id=@id)=0) INSERT INTO Authorization_Controls(Name) VALUES (@name)", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", Name == null ? "" : Name); cmd.Parameters.AddWithValue("@id", id); cmd.ExecuteNonQuery(); cmd.CommandText = "SELECT id,Name FROM Authorization_Controls WHERE Name=@name OR id=@id"; System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); this.Name = reader.GetString(1); } reader.Close(); // , // -1 cmd.CommandText = "IF((SELECT COUNT(*) FROM Authorization_ControlToGroup WHERE ControlID=@id AND GroupID=-1)=0) INSERT INTO Authorization_ControlToGroup(ControlID,GroupID) VALUES(@id,-1)"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@name", this.Name); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } this.Groups = new List<PageControlsGroup>(); List<int> groupsIDs = new List<int>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT GroupID FROM Authorization_ControlToGroup WHERE ControlID=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) groupsIDs.Add(reader.GetInt32(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } for (int i = 0; i < groupsIDs.Count; i++) this.Groups.Add(new PageControlsGroup(groupsIDs[i])); } #endregion /// <summary> /// /// </summary> /// <param name="groupID"></param> public void AddToGroup(int groupID) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@"IF((SELECT COUNT(*) FROM Authorization_ControlToGroup WHERE ControlID=@id AND GroupID=@group)=0) INSERT INTO Authorization_ControlToGroup(ControlID,GroupID) VALUES(@id,@group)", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@group", groupID); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> public void Save() { string commandText = this.id == 0 ? "INSERT INTO Authorization_Controls (Name) VALUES(@name)" : "UPDATE Authorization_Controls SET Name=@name WHERE id=@id"; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(commandText, conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", this.Name); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); cmd.CommandText = "IF((SELECT COUNT(*) FROM Authorization_ControlToGroup WHERE ControlID=(SELECT TOP(1) id FROM Authorization_Controls WHERE Name=@name) AND GroupID=-1)=0) INSERT INTO Authorization_ControlToGroup(ControlID,GroupID) VALUES(SELECT TOP(1) id FROM Authorization_Controls WHERE Name=@name,-1)"; cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> public void Delete() { if (this.id == 0) return; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_Controls WHERE id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <returns></returns> public static PageControl[] GetAllControls() { List<PageControl> result = new List<PageControl>(); List<int> controlsIDs = new List<int>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT id FROM Authorization_Controls ORDER BY Name", conn)) { try { conn.Open(); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) controlsIDs.Add(reader.GetInt32(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } for (int i = 0; i < controlsIDs.Count; i++) result.Add(new PageControl(controlsIDs[i])); return result.ToArray(); } } }
クラス「コントロールグループ」
using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Ekzo.Web.Security.Utilization.Authorization { /// <summary> /// /// </summary> public class PageControlsGroup : IEquatable<PageControlsGroup>, IEqualityComparer<PageControlsGroup> { /// <summary> /// /// </summary> public int id { get; private set; } /// <summary> /// /// </summary> public string Name { get; set; } /// <summary> /// , /// </summary> public List<ControlsGroupRole> Roles { get; set; } #region ClassBuilder public PageControlsGroup(int id) { InitClass(id, ""); } public PageControlsGroup(string Name) { this.Name = Name; InitClass(0, Name); } public PageControlsGroup(int id, string Name) { this.id = id; this.Name = Name; this.Roles = new PageControlsGroup(id).Roles; } private void InitClass(int id, string name) { //this.Controls = new List<PageControl>(); this.Roles = new List<ControlsGroupRole>(); List<int> pageControls = new List<int>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_ControlsGroup WHERE id=@id OR Name=@name", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", id); cmd.Parameters.AddWithValue("@name", name); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); this.Name = reader.GetString(1); } reader.Close(); cmd.CommandText = @"SELECT Authorization_Controls.id AS ControlID FROM Authorization_ControlToGroup INNER JOIN Authorization_ControlsGroup ON Authorization_ControlToGroup.GroupID = Authorization_ControlsGroup.id INNER JOIN Authorization_Controls ON Authorization_ControlToGroup.ControlID = Authorization_Controls.id WHERE Authorization_ControlsGroup.id=@id OR Authorization_ControlsGroup.Name=@name"; reader = cmd.ExecuteReader(); while (reader.Read()) pageControls.Add(reader.GetInt32(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } //for(int i=0;i<pageControls.Count;i++) // this.Controls.Add(new PageControl(pageControls[i])); List<int> groupRoles = new List<int>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT RoleID FROM Authorization_RoleToControlGroup WHERE GroupID=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) groupRoles.Add(reader.GetInt32(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } for (int i = 0; i < groupRoles.Count; i++) this.Roles.Add(new ControlsGroupRole(groupRoles[i], this.id)); } #endregion /// <summary> /// /// </summary> /// <returns></returns> public static PageControlsGroup[] GetAllGroups() { List<PageControlsGroup> result = new List<PageControlsGroup>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_ControlsGroup", conn)) { try { conn.Open(); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result.Add(new PageControlsGroup(reader.GetInt32(0), reader.GetString(1))); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result.ToArray(); } /// <summary> /// /// </summary> public void Save() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("IF((SELECT COUNT(*) FROM Authorization_ControlsGroup WHERE Name=@name)=0) INSERT INTO Authorization_ControlsGroup(Name) VALUES(@name)", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", this.Name); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } PageControlsGroup newGroup = new PageControlsGroup(this.Name); this.id = newGroup.id; this.Roles = newGroup.Roles; newGroup = null; } /// <summary> /// /// </summary> public void Delete() { if (this.id != 0) using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_ControlsGroup WHERE id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); cmd.CommandText = "DELETE FROM Authorization_RoleToControlGroup WHERE GroupID=@id"; cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <param name="controlID"> </param> public void DeleteControl(int controlID) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_ControlToGroup WHERE ControlID=@control AND GroupID=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@control", controlID); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <param name="roleID"> </param> public void DeleteRole(int roleID) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_RoleToControlGroup WHERE RoleID=@role AND GroupID=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@role", roleID); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } #region InterfaceImplementation bool IEquatable<PageControlsGroup>.Equals(PageControlsGroup other) { return this.id == other.id & this.Name == other.Name; } public bool Equals(PageControlsGroup x, PageControlsGroup y) { return x.id == y.id & x.Name == y.Name; } public int GetHashCode(PageControlsGroup obj) { return this.id.GetHashCode() + this.Name.GetHashCode() + this.Roles.GetHashCode(); } #endregion } }
クラス「コントロールとロールのリンクグループ」
using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Ekzo.Web.Security.Utilization.Authorization { /// <summary> /// /// </summary> public class ControlsGroupRole { /// <summary> /// ConsUser /// </summary> public int id { get; private set; } /// <summary> /// /// </summary> public string Role { get { string result = null; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT group_name FROM groups WHERE group_id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.RoleID); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result = reader.GetString(0); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result; } } /// <summary> /// /// </summary> public int RoleID { get; set; } /// <summary> /// /// </summary> public int GroupID { get; set; } public ControlsGroupRole(int id, int groupID) { this.id = id; this.GroupID = groupID; InitClass(id, groupID); } private void InitClass(int id, int groupID) { this.RoleID = id; this.GroupID = groupID; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_RoleToControlGroup WHERE RoleID=@role AND GroupID=@group", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@role", id); cmd.Parameters.AddWithValue("@group", groupID); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) this.id = reader.GetInt32(0); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> public void Save() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@"IF((SELECT COUNT(*) FROM Authorization_RoleToControlGroup WHERE RoleID=@id AND GroupID=@group)=0) INSERT INTO Authorization_RoleToControlGroup(RoleID,GroupID) VALUES(@id,@group)", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@group", this.GroupID); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } } }
クラス「システムロール」
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web; namespace Ekzo.Web.Security.Utilization.Authorization { /// <summary> /// ConsUser /// </summary> public class SystemRole { /// <summary> /// /// </summary> public int id { get; private set; } /// <summary> /// ConsUser /// </summary> public int baseID { get; private set; } /// <summary> /// /// </summary> public string Role { get; private set; } public int ActionGroup { get; private set; } public SystemRole() { } public SystemRole(string role) { InitClass(role); } public SystemRole(int actionGorup, string role) { InitClass(role, actionGorup); } public SystemRole(int baseID, int actionGroup = 0) { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT group_name FROM groups WHERE group_id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", baseID); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) this.Role = reader.GetString(0); this.baseID = baseID; this.ActionGroup = actionGroup; } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } private void InitClass(string role, int actionGroup = -1) { this.ActionGroup = actionGroup; this.Role = role; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_RoleToActionGroup WHERE ActionGroup=@groupID AND Role=@role", conn)) { try { if (actionGroup == -1) cmd.CommandText = "SELECT * FROM Authorization_RoleToActionGroup WHERE Role=@role"; conn.Open(); cmd.Parameters.AddWithValue("@groupID", actionGroup); cmd.Parameters.AddWithValue("@role", role); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); this.Role = reader.GetString(2); this.ActionGroup = reader.GetInt32(1); } } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT group_id FROM groups WHERE group_name=@name", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", this.Role); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) this.baseID = reader.GetInt32(0); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ . ] ", ex); } } } } /// <summary> /// /// </summary> /// <param name="Name"> </param> /// <returns></returns> public static SystemRole CreateRole(string Name) { SystemRole role = new SystemRole(); role.Role = Name; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("INSERT INTO groups(group_id,group_name) SELECT MIN(group_id)-1,@name FROM groups WHERE group_id>-1000", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", Name); cmd.ExecuteNonQuery(); cmd.CommandText = "SELECT group_id FROM groups WHERE group_name=@name"; System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) role.baseID = reader.GetInt32(0); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("INSERT INTO Authorization_RoleToActionGroup(ActionGroup,Role) VALUES(@group,@name)", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", role.Role); cmd.Parameters.AddWithValue("@group", -1); cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } role.ActionGroup = -1; return role; } /// <summary> /// /// </summary> /// <param name="employeeID"> </param> /// <returns></returns> public static string[] GetEmployeeRoles(int employeeID) { List<string> roles = new List<string>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT group_name FROM employee2group INNER JOIN groups ON intranet_employee2group.group_id = groups.group_id WHERE employee_id=@employeeID ORDER BY group_name", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@employeeID", employeeID); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) roles.Add(reader.GetString(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } List<string> roleToDelete = new List<string>(); foreach (string role in roles) if (!HttpContext.Current.User.IsInRole(role)) roleToDelete.Add(role); for (int i = 0; i < roleToDelete.Count; i++) roles.Remove(roleToDelete[i]); return roles.ToArray(); } /// <summary> /// /// </summary> public void Save() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(@" IF((SELECT COUNT(*) FROM Authorization_RoleToActionGroup WHERE id=@id OR Role=@name AND ActionGroup=@groupID)=0) INSERT INTO Authorization_RoleToActionGroup(ActionGroup,Role) VALUES(@groupID, @name) ELSE UPDATE Authorization_RoleToActionGroup SET ActionGroup=@groupID, Role=@name WHERE id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.Parameters.AddWithValue("@name", this.Role); cmd.Parameters.AddWithValue("@groupID", this.ActionGroup); cmd.ExecuteNonQuery(); cmd.CommandText = "SELECT * FROM Authorization_RoleToActionGroup WHERE Role=@name AND ActionGroup=@groupID"; System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) { this.id = reader.GetInt32(0); this.ActionGroup = reader.GetInt32(1); this.Role = reader.GetString(2); } } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } /// <summary> /// /// </summary> /// <remarks> , ConsUser</remarks> public void Delete() { using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM Authorization_RoleToActionGroup WHERE id=@id", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@id", this.id); cmd.ExecuteNonQuery(); cmd.CommandText = "DELETE FROM Authorization_RoleToActionGroup WHERE ActionGroup=@id"; cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("DELETE FROM employee2group WHERE group_id=@groupID", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@groupID", this.baseID); cmd.ExecuteNonQuery(); cmd.Parameters.AddWithValue("@name", this.Role); cmd.CommandText = "DELETE FROM groups WHERE group_name=@name"; cmd.ExecuteNonQuery(); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } #region StaticFields /// <summary> /// /// </summary> /// <returns></returns> public static List<string> GetAllRoles() { List<string> result = new List<string>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT DISTINCT Role FROM Authorization_RoleToActionGroup ORDER BY Role", conn)) { try { conn.Open(); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result.Add(reader.GetString(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result; } /// <summary> /// /// </summary> /// <returns></returns> public static List<string> GetAllIntranetRoles() { List<string> result = new List<string>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT DISTINCT group_name FROM groups ORDER BY group_name", conn)) { try { conn.Open(); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result.Add(reader.GetString(0)); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return result; } /// <summary> /// /// </summary> /// <param name="role"> </param> /// <returns></returns> public static List<BaseClasses.Employee> EmployeesInRole(string role) { List<BaseClasses.Employee> result = new List<BaseClasses.Employee>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Ekzo.Web.Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT intranet_employee2group.employee_id FROM groups INNER JOIN intranet_employee2group on groups.group_id=intranet_employee2group.group_id WHERE group_name=@groupName", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@groupName", role); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) result.Add(new BaseClasses.Employee(reader.GetInt32(0))); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ , ] ", ex); } } } return result; } /// <summary> /// /// </summary> /// <param name="GroupName"> </param> /// <returns></returns> public static SystemRole[] GetGroupRoles(string GroupName) { ActionGroup group = new ActionGroup(GroupName); return GetGroupRoles(group.id); } /// <summary> /// /// </summary> /// <param name="groupID"> </param> /// <returns></returns> public static SystemRole[] GetGroupRoles(int groupID) { List<SystemRole> rolesList = new List<SystemRole>(); using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.ConnectionStringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT * FROM Authorization_RoleToActionGroup WHERE ActionGroup=@groupID", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@groupID", groupID); System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader(); while (reader.Read()) rolesList.Add(new SystemRole(reader.GetInt32(1), reader.GetString(2))); } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } return rolesList.ToArray(); } public static int? IntranetRoleID(string roleName) { int? result = null; using (System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[Configuration.StringName].ConnectionString)) { using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand("SELECT group_id FROM groups WHERE group_name=@name", conn)) { try { conn.Open(); cmd.Parameters.AddWithValue("@name", roleName); using (System.Data.SqlClient.SqlDataReader reader = cmd.ExecuteReader()) while (reader.Read()) result = reader.GetInt32(0); } catch (Exception ex) { Configuration.s_log.Error("[ ] [ ]", ex); } } } return result; } #endregion } }
次に、承認属性(AuthorizeAttribute)から継承された属性の実装に移ります。これは、コントローラーのメソッドに適用され、現在のユーザーがサイトのページにアクセスする権利を持っているかどうかを判断します(ここでは、言い回しは少し間違っていますが、理解を簡単にするためにそのままにしておきます)。
認可属性
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Mvc; namespace Ekzo.Web.Security.Utilization { /// <summary> /// /// </summary> [AttributeUsage(AttributeTargets.All, AllowMultiple = false, Inherited = false)] public class ActionAuthorization : AuthorizeAttribute { /// <summary> /// /// </summary> public string ActionName { get; set; } /// <summary> /// /// </summary> /// <param name="httpContext"></param> /// <returns> , . .</returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { bool result = false; var isAuthorized = base.AuthorizeCore(httpContext); if (!isAuthorized) return false; Authorization.Action currentAction = new Authorization.Action(this.ActionName); // , . if (!currentAction.IsExist()) currentAction.Save(); // , . if (!currentAction.Active) return true; string[] currentUserRoles = AuthLib.Helpers.RoleProviderHelper.GetUserGroups(httpContext.User.Identity.Name); foreach (string role in currentUserRoles) { if (currentAction.ActionGroups != null && currentAction.ActionGroups.Where(o => o.Roles.Select(n => n.Role).Contains(role)).Count() != 0) { result = true; break; } } return result; } } }
実装に複雑なものはありません。 AuthorizeCore関数を再定義します。これは、ユーザーにアクセスする権利がある場合、または管理者が設定で認証を無効にしている場合にtrueを返します。ユーザーにアクセス権がない場合は、falseを返し、401エラーページにリダイレクトします。
注意を引くのは、次の行のみです。
if (!currentAction.IsExist()) currentAction.Save();
これにより、テスト対象のメソッドのルールの存在が確認されます。ルールがない場合は作成します。これは、新しいメソッドのルールを追加するのではなく、自動的に追加するために行われました(今後、管理者の承認ルールの作成は内部で行われるため、適切な権限を持つすべてのユーザーがアクセスできるようになります)。
ビューだけでなく、最も頻繁に使用される標準型の拡張機能を作成することは残っています。
拡張機能
using System; using System.Linq; using System.Web; using System.Web.Mvc; namespace Ekzo.Web.Security { /// <summary> /// /// </summary> public class ControlAccesSecurity { /// <summary> /// /// </summary> /// <param name="controlName"> , </param> /// <returns> - true, false</returns> public static bool HasControlAccess(string controlName) { BaseClasses.Employee employee = new BaseClasses.Employee(AuthLib.Helpers.RoleProviderHelper.GetUserId(HttpContext.Current)); Utilization.Authorization.PageControl currentControl = new Utilization.Authorization.PageControl(controlName); foreach (Utilization.Authorization.PageControlsGroup group in currentControl.Groups) if (group.Roles.Where(o => Utilization.Authorization.SystemRole.GetEmployeeRoles(employee.Id).Contains(o.Role)).Count() != 0) return true; return false; } } } namespace Ekzo.Web.Security.SecurityExtensions { /// <summary> /// , /// </summary> public static class StringExtensions { /// <summary> /// /// </summary> /// <param name="controlName"> , </param> /// <returns> - , </returns> public static MvcHtmlString HasControlAccess(this MvcHtmlString s, string controlName) { BaseClasses.Employee employee = new BaseClasses.Employee(AuthLib.Helpers.RoleProviderHelper.GetUserId(HttpContext.Current)); Utilization.Authorization.PageControl currentControl = new Utilization.Authorization.PageControl(controlName); foreach (Utilization.Authorization.PageControlsGroup group in currentControl.Groups) if (group.Roles.Where(o => Utilization.Authorization.SystemRole.GetEmployeeRoles(employee.Id).Contains(o.Role)).Count() != 0) return s; return MvcHtmlString.Create(""); } /// <summary> /// /// </summary> /// <param name="controlName"> , </param> /// <returns> - , </returns> public static IHtmlString HasControlAccess(this IHtmlString s, string controlName) { BaseClasses.Employee employee = new BaseClasses.Employee(AuthLib.Helpers.RoleProviderHelper.GetUserId(HttpContext.Current)); Utilization.Authorization.PageControl currentControl = new Utilization.Authorization.PageControl(controlName); foreach (Utilization.Authorization.PageControlsGroup group in currentControl.Groups) if (group.Roles.Where(o => Utilization.Authorization.SystemRole.GetEmployeeRoles(employee.Id).Contains(o.Role)).Count() != 0) return s; return MvcHtmlString.Create(string.Empty); } /// <summary> /// /// </summary> /// <param name="controlName"> , </param> /// <returns> - , </returns> public static string HasControlAccess(this string s, string controlName) { BaseClasses.Employee employee = new BaseClasses.Employee(AuthLib.Helpers.RoleProviderHelper.GetUserId(HttpContext.Current)); Utilization.Authorization.PageControl currentControl = new Utilization.Authorization.PageControl(controlName); foreach (Utilization.Authorization.PageControlsGroup group in currentControl.Groups) if (group.Roles.Where(o => Utilization.Authorization.SystemRole.GetEmployeeRoles(employee.Id).Contains(o.Role)).Count() != 0) return s; return String.Empty; } } /// <summary> /// TagBuilder'a /// </summary> public static class TagBuilderExtensions { /// <summary> /// /// </summary> /// <param name="controlName"> , </param> /// <returns> - , </returns> public static TagBuilder HasControlAccess(this TagBuilder s, string controlName) { BaseClasses.Employee employee = new BaseClasses.Employee(AuthLib.Helpers.RoleProviderHelper.GetUserId(HttpContext.Current)); Utilization.Authorization.PageControl currentControl = new Utilization.Authorization.PageControl(controlName); foreach (Utilization.Authorization.PageControlsGroup group in currentControl.Groups) if (group.Roles.Where(o => Utilization.Authorization.SystemRole.GetEmployeeRoles(employee.Id).Contains(o.Role)).Count() != 0) return s; return new TagBuilder("b"); } } }
これが、権利分離システムの作業に必要なすべてです。
コントローラーでの応用例
[ActionAuthorization(ActionName = " ")] public ActionResult RequestsInWork() { ViewBag.Title = " "; return View(); }
制御アプリケーションの例
... @Html.MainMenu().HasControlAccess(" ") ...
解説
ここで、前述のすべてのさの意味を明らかにしようとします。
まず、作成された構造により、コントローラーのメソッドだけでなく、サイトのページ上の他の「任意の」要素も制御できます。
次に、ユーザーの役割-「オブジェクトのグループ」-「保護されたオブジェクト」の関連付けを任意の構成で実行できるモジュールインフラストラクチャが用意されています。つまり、任意のユーザーが任意のロールに所属できます。役割は、保護オブジェクトの任意のグループに結び付けることができます。オブジェクトは任意のロールに含めることができます。
このような華やかな束を使用すると、保護されたオブジェクトと、それらが使用可能なロールの組み合わせを作成できます。したがって、新しい役割が表示されると、システム内の別の役割に既に割り当てられている権利を発行することも、一意の権利セットを発行することもできます。顧客が来て「私は新しい役割が欲しい、そういう人が利用できるようになりたい」と言ったら、それはすべてプロジェクトコードの変更を必要としない簡単なアクションを実行することになります。
モジュールで作成された拡張機能により、たとえばHtmlHelper独自のメソッドで出力データを柔軟に制御することもできます。
実際には、権利を共有するこの方法は、AJAXリクエストでうまく機能します。
ちょっとしたグッズ
より便利な管理のために、クラスコンフィギュレーターを作成します
コンフィギュレーター
using System; using System.Collections.Generic; using System.Data.SqlClient; using log4net; namespace Ekzo.Web { public static class Configuration { /// <summary> /// web.config, . /// DataSource /// </summary> public static string ConnectionStringName = "DataSource"; /// <summary> /// web.config, /// /// </summary> public static string StringName = "ConsUser"; /// <summary> /// /// </summary> public static string ProjectName = "Project Name"; /// <summary> /// log4net /// </summary> public static ILog s_log = null; /// <summary> /// /// </summary> private static string[] tables = { "Authorization_ActionGroups", "Authorization_Actions", "Authorization_ActionToGroup", "Authorization_Controls", "Authorization_ControlsGroup", "Authorization_ControlToGroup", "Authorization_RoleToActionGroup", "Authorization_RoleToControlGroup"}; /// <summary> /// /// </summary> /// <returns> , </returns> public static bool BaseHasTables() { List<string> dbTables = new List<string>(); using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[ConnectionStringName].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("select TABLE_NAME from information_schema.tables WHERE TABLE_NAME LIKE 'Authorization_%'", conn)) { try { conn.Open(); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) dbTables.Add(reader.GetString(0)); } foreach (string securityTable in tables) if (dbTables.Contains(securityTable)) dbTables.Remove(securityTable); } catch (Exception ex) { Configuration.s_log.Error("[ ] [ ] ", ex); } } } if (dbTables.Count == 0) return false; else return true; } /// <summary> /// /// </summary> /// <param name="superAdminGroup"> , </param> [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA2100:Review SQL queries for security vulnerabilities")] public static void CreateSecurityTables(string superAdminGroup = null) { List<string> dbTables = new List<string>(); using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[ConnectionStringName].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("SELECT TABLE_NAME FROM information_schema.tables WHERE TABLE_NAME LIKE 'Authorization_%'", conn)) { try { conn.Open(); using (SqlDataReader reader = cmd.ExecuteReader()) { while (reader.Read()) dbTables.Add(reader.GetString(0)); } foreach (string securityTable in tables) if (dbTables.Contains(securityTable)) dbTables.Remove(securityTable); cmd.Parameters.AddWithValue("@database", conn.Database); if (dbTables.Count == 0) foreach (string table in tables) dbTables.Add(table); if (dbTables.Count != 0) foreach (string table in dbTables) { switch (table) { case "Authorization_ControlsGroup": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON SET ANSI_PADDING ON CREATE TABLE [dbo].[Authorization_ControlsGroup]( [id] [int] IDENTITY(1,1) NOT NULL, [Name] [varchar](500) NOT NULL, CONSTRAINT [PK_Authorization_ControlsGroup] PRIMARY KEY CLUSTERED ([id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] SET ANSI_PADDING OFF SET IDENTITY_INSERT [dbo].[Authorization_ControlsGroup] ON INSERT INTO [dbo].[Authorization_ControlsGroup](id,Name) VALUES(-1,' ') SET IDENTITY_INSERT [dbo].[Authorization_ControlsGroup] OFF"; break; case "Authorization_Actions": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON SET ANSI_PADDING ON CREATE TABLE [dbo].[Authorization_Actions]( [id] [int] IDENTITY(1,1) NOT NULL, [Name] [varchar](500) NOT NULL, [Active] [bit] NOT NULL, CONSTRAINT [PK_Authorization_Actions] PRIMARY KEY CLUSTERED ([id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] SET ANSI_PADDING OFF ALTER TABLE [dbo].[Authorization_Actions] ADD CONSTRAINT [DF_Authorization_Actions_Active] DEFAULT ((1)) FOR [Active]"; break; case "Authorization_ActionToGroup": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON CREATE TABLE [dbo].[Authorization_ActionToGroup]( [id] [int] IDENTITY(1,1) NOT NULL, [ActionID] [int] NOT NULL, [GroupID] [int] NOT NULL, CONSTRAINT [PK_Authorization_ActionToGroup] PRIMARY KEY CLUSTERED ([id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY]"; break; case "Authorization_Controls": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON SET ANSI_PADDING ON CREATE TABLE [dbo].[Authorization_Controls]( [id] [int] IDENTITY(1,1) NOT NULL, [Name] [varchar](500) NOT NULL, CONSTRAINT [PK_Authorize_Controls] PRIMARY KEY CLUSTERED ([id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] SET ANSI_PADDING OFF"; break; case "Authorization_ControlToGroup": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON CREATE TABLE [dbo].[Authorization_ControlToGroup]( [id] [int] IDENTITY(1,1) NOT NULL, [ControlID] [int] NOT NULL, [GroupID] [int] NOT NULL, CONSTRAINT [PK_Authorization_ControlToGroup] PRIMARY KEY CLUSTERED ( [id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY]"; break; case "Authorization_RoleToActionGroup": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON SET ANSI_PADDING ON CREATE TABLE [dbo].[Authorization_RoleToActionGroup]( [id] [int] IDENTITY(1,1) NOT NULL, [ActionGroup] [int] NOT NULL, [Role] [varchar](500) NOT NULL, CONSTRAINT [PK_Authorization_RoleToActionGroup] PRIMARY KEY CLUSTERED ([id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] SET ANSI_PADDING OFF ALTER TABLE [dbo].[Authorization_RoleToActionGroup] ADD CONSTRAINT [DF_Authorization_RoleToActionGroup_ActionGroup] DEFAULT ((-1)) FOR [ActionGroup]"; break; case "Authorization_RoleToControlGroup": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON CREATE TABLE [dbo].[Authorization_RoleToControlGroup]( [id] [int] IDENTITY(1,1) NOT NULL, [RoleID] [int] NOT NULL, [GroupID] [int] NOT NULL, CONSTRAINT [PK_Authorization_RoleToControlGroup] PRIMARY KEY CLUSTERED ([id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY]"; break; case "Authorization_ActionGroups": cmd.CommandText = "USE " + conn.Database + @" SET ANSI_NULLS ON SET QUOTED_IDENTIFIER ON SET ANSI_PADDING ON CREATE TABLE [dbo].[Authorization_ActionGroups]( [id] [int] IDENTITY(1,1) NOT NULL, [Name] [varchar](500) NOT NULL, [active] [bit] NOT NULL, CONSTRAINT [PK_Authorization_ActionGroups] PRIMARY KEY CLUSTERED ( [id] ASC )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY] ) ON [PRIMARY] SET ANSI_PADDING OFF ALTER TABLE [dbo].[Authorization_ActionGroups] ADD CONSTRAINT [DF_Authorization_ActionGroups_active] DEFAULT ((1)) FOR [active] SET IDENTITY_INSERT [dbo].[Authorization_ActionGroups] ON INSERT INTO [dbo].[Authorization_ActionGroups](id,Name) VALUES(0,' ') SET IDENTITY_INSERT [dbo].[Authorization_ActionGroups] OFF"; break; } cmd.ExecuteNonQuery(); } if (!string.IsNullOrEmpty(superAdminGroup) && Web.Security.Utilization.Authorization.SystemRole.IntranetRoleID(superAdminGroup) != null) { cmd.CommandText = @"INSERT INTO Authorization_RoleToActionGroup(ActionGroup,Role) VALUES(0,@group) INSERT INTO Authorization_RoleToControlGroup(RoleID,GroupID) VALUES(@role,-1)"; cmd.Parameters.Clear(); cmd.Parameters.AddWithValue("@group", superAdminGroup); cmd.Parameters.AddWithValue("@role", Web.Security.Utilization.Authorization.SystemRole.IntranetRoleID(superAdminGroup)); cmd.ExecuteNonQuery(); } } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } } public static void RecreateTables(string superAdminGroup = null) { string command = "DROP TABLE {0}"; using (SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings[ConnectionStringName].ConnectionString)) { using (SqlCommand cmd = new SqlCommand("", conn)) { try { conn.Open(); foreach (string table in tables) { cmd.CommandText = string.Format(command, table); cmd.ExecuteNonQuery(); } } catch (Exception ex) { if (Configuration.s_log != null) Configuration.s_log.Error("[ ] [ ] ", ex); } } } CreateSecurityTables(superAdminGroup); } } }
このクラスには、すべての設定と、ボーナスとして、モジュールテーブルの管理に必要な機能が含まれています。GitHub
プロジェクト
結論の代わりに
私が説明したEmployeeクラスは省略してもかまいませんが、私のプロジェクトではよく使用するため、モジュールから削除しませんでした。
役割とバインディングをすばやく/便利に作成/削除/変更できるようにする役割管理用のインターフェイスが作成されました。しかし、モジュールの新しいバージョンで動作するため、アップロードしません。
もう一度、トマトを投げないでください。上記のコードとGitHubにあるプロジェクトはすべて最初のバージョンであり、大量のgovnokodが含まれています。