用ASP实现分级权限控制
用asp实现分级权限控制
本文实现的是一个帐务管理系统中分级权限的控制,程序使用asp和javascript编写,在装有iis4.0的win nt服务器上运行,速度快,易维护。
权限级别划分如下:
①、院长和财务科长:不能输入,可以无限制查询、统计;
②、副院长:不能输入,可以查询、统计其分管部门的帐务;
③、部门领导:不能输入,可以查询、统计本部门的帐务;
④、会计:能输入各部门的帐务(一个会计有时要做几个部门的帐),只能查询、统计自己输入的帐务。
涉及的数据库和字段如下
①、jk_user数据库及字段:id(序列号),bmid(部门号),username(用户名),pwd(口令),right(权限值);
②、bm数据库及字段:id(序列号) ,bmid(部门号);
③、jzpz数据库及字段:id(序列号),bm(部门), zgs(子公司),xmz(项目组),xm(项目),sr(收入),zc(支出),szfx(收支方向),szxs(收支形式),
rq(日期),jbr(经办人),lrr(录入人),szsm(收支说明);
④、zgs数据库及字段:id(序列号),zgs(子公司)name(公司名),bmid(部门编号)。
1.首先进行用户身份合法性验证
将用户提交的用户名和口令与数据库jk_user中的字段对照对照,以确定其合法性,只有合法的用户(系统管理员为其开过户)才可以进入,合法用户有
四种权限级别,分别赋予“1”、“2”、“3”、“4”四种权限值。(程序略)。
2.凭证记帐(分级权限控制)
凭证记帐功能是专为会计人员服务的,其他人不可以使用,如以非会计人员身份进入凭证录入界面时,只有“查询记帐凭证”功能按钮可见,其它功能
按钮不可见。录入的凭证先存放在一个临时表里,称为“未记帐凭证库”,只有运行“凭证记帐”功能后才进入“凭证库”在“未记帐凭证库”中的凭证可以
修改。部分程序如下:
'非会计人员进入,不显示“凭证记帐”和“保存未记帐凭证”功能按钮
if (thispage.firstentered) then
if session("tright")<> "1" then
button1.hide
button2.hide
end if
…………
'自动填写时间和操作人
textbox7.value=year(date) & "-" & month(date) & "-" & day(date)
textbox9.value =session("username")
set cnn1=server.createobject("adodb.connection")
set rst1=server.createobject("adodb.recordset")
cnn1.cursorlocation=3
cnn1.connectiontimeout =30
cnn1.open "dsn=jky"
rst1.open "select * from bm ",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
id=rst1.fields("id")
do while not rst1.eof
listbox3.additem rst1.fields("bmname"),cint(rst1.fields("id"))
“response.write rst1.fields("bmname") & rst1.fields("id")
rst1.movenext
loop
end if
rst1.close
rst1.open "select zgsname from zgs where bmid=" & id,cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox4.additem cstr(rst1.fields("zgsname"))
rst1.movenext
loop
end if
rst1.close
cnn1.close
call writerst
end if
end function
………………
'凭证记帐
sub button2_onclick
dim s
s=listbox1.selectedindex
response.write s
end sub
sub listbox3_onchange
dim id,i
i=listbox4.getcount()
do while i>-1
call listbox4.removeitem(i)
i=i-1
loop
id=listbox3.getvalue (listbox3.selectedindex)
set cnn2=server.createobject("adodb.connection")
set rst2=server.createobject("adodb.recordset")
cnn2.cursorlocation=3
cnn2.connectiontimeout =30
cnn2.open"dsn=jky"
rst2.open "select zgsname from zgs where bmid=" & id,cnn2,1,1,adcmdtext
if rst2.recordcount >0 then
rst2.movefirst
do while not rst2.eof
listbox4.additem cstr(rst2.fields("zgsname"))
rst2.movenext
loop
end if
rst2.close
cnn2.close
end sub
sub button2_onclick
set cnn5=server.createobject("adodb.connection")
cnn5.cursorlocation=3
cnn5.connectiontimeout =30
cnn5.open"dsn=jky"
cnn5.execute "insert into jzpz(bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq,jbr,lrr,szsm) select bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq,jbr,
lrr,szsm from wjzpz where lrr=“" & session("username") & "“"
cnn5.execute "delete from wjzpz where lrr=“" & session("username") & "“"
end sub
3.数据查询(分级权限控制)
以凭证的字段为条件进行查询,在供选条件前有一方框供打“√”,其中“部门“条件必选(程序自动加上),部门内容由程序根据用户的权限自动
从数据库中调用相应值,分公司内容根据所属部门自动调整,部分程序如下:
……………
'根据权限值进入相应的查询界面
……………
function thispage_onenter()
set cnn1=server.createobject("adodb.connection")
set rst1=server.createobject("adodb.recordset")
cnn1.cursorlocation=3
cnn1.connectiontimeout =30
cnn1.open "dsn=jky"
select case session("tright")
case "3"“副院长
rst1.open "select bm.bmname from jk_user ,bm where jk_user.bmid=bm.id and jk_user.username =“"& session("username")
& "“",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox1.additem cstr(rst1.fields("bmname"))
rst1.movenext
loop
end if
rst1.close
rst1.open "select zgsname from zgs ",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox2.additem cstr(rst1.fields("zgsname"))
rst1.movenext
loop
end if
rst1.close
cnn1.close
checkbox1.setchecked (true)
case "2"“部门经理
listbox1.additem session("bm")
rst1.open "select zgsname from zgs where bmid=" & session("bmid"),cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox2.additem cstr(rst1.fields("zgsname"))
rst1.movenext
loop
end if
rst1.close
cnn1.close
checkbox1.setchecked (true)
“checkbox1.0
case "1"“会计
rst1.open "select bmname from bm ",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox1.additem cstr(rst1.fields("bmname"))
rst1.movenext
loop
end if
rst1.close
rst1.open "select zgsname from zgs ",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox2.additem cstr(rst1.fields("zgsname"))
rst1.movenext
loop
end if
rst1.close
cnn1.close
case "4"“院长
rst1.open "select bmname from bm ",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox1.additem cstr(rst1.fields("bmname"))
rst1.movenext
loop
end if
rst1.close
rst1.open "select zgsname from zgs ",cnn1,1,1,adcmdtext
if rst1.recordcount >0 then
rst1.movefirst
do while not rst1.eof
listbox2.additem cstr(rst1.fields("zgsname"))
rst1.movenext
loop
end if
rst1.close
cnn1.close
end select
end if
…………
end function
'按照权限查询凭证
sub button1_onclick
dim rst2,cnn2,str,i
dim bm(1),zgs(1),xmz(1),xm(1),szfx(1),szxs(1),rq(2),jbr(1)
bm(0)=checkbox1.getchecked()
if bm(0) then
bm(1)=listbox1.gettext(listbox1.selectedindex )
str=" and bm=“" & bm(1) & "“"
end if
zgs(0)=checkbox2.getchecked()
if zgs(0) then
zgs(1)=listbox2.gettext(listbox2.selectedindex )
str=str & " and zgs =“"& zgs(1) & "“"
end if
xmz(0)=checkbox3.getchecked()
if xmz(0) then
xmz(1)=trim(txtxmz.value )
str=str & " and xmz like “%" & xmz(1) & "%“"
end if
xm(0)=checkbox4.getchecked()
if xm(0) then
xm(1)=trim(tztxm.value )
str=str & " and xm like “%" & xm(1) & "%“"
end if
szfx(0)=checkbox5.getchecked()
if szfx(0) then
szfx(1)=listbox3.gettext(listbox3.selectedindex )
str =str & " and szfx =“" & szfx(1) & "“"
end if
szxs(0)=checkbox6.getchecked()
if szxs(0) then
szxs(1)=listbox4.gettext(listbox4.selectedindex )
str =str & " and szxs =“" & szxs(1) & "“"
end if
jbr(0)=checkbox8.getchecked()
if jbr(0) then
jbr(1)=trim(txtjbr.value )
str =str & " and jbr like “%" & jbr(1) & "%“"
end if
set cnn2=server.createobject("adodb.connection")
set rst2=server.createobject("adodb.recordset")
cnn2.cursorlocation=3
cnn2.connectiontimeout =30
cnn2.open "dsn=jky"
response.write "<table border=“1“ cellpadding=0 cellspacing=0 width=“650“ height=“33“ >"
response.write "<tr>"
response.write "<td width=“100%“ colspan=“6“ height=“44“ align=“middle“ bgcolor=lightblue>"
response.write "<p align=“center“><b><font color=“#000084“>记 帐 凭 证 列 表"
response.write "</font></b></p></td></tr> "
response.write "<tr>"
response.write "<td width=“15%“ bgcolor=lightsteelblue>"
response.write "部 门</td>"
response.write "<td width=“20%“bgcolor=lightsteelblue>"
response.write "子公司</td>"
response.write "<td width=“15%“ bgcolor=lightsteelblue>"
response.write "项目组</td>"
response.write "<td width=“15%“ bgcolor=lightsteelblue>"
response.write "项目名/合同号</td>"
response.write "<td width=“15%“ bgcolor=lightsteelblue>"
response.write "收入金额(万元)</td>"
response.write "<td width=“15%“ bgcolor=lightsteelblue>"
response.write "支出金额(万元)</td></tr>"
if session("tright")="1" then
“response.write "aaaaaaaa"
rst2.open "select * from jzpz where id>0 and lrr=“" & session("username") & "“" & str ,cnn2,1,1,adcmdtext
else
“response.write "fffffffffffff"
rst2.open "select * from jzpz where id>0 " & str ,cnn2,1,1,adcmdtext
end if
if rst2.recordcount >0 then
rst2.movefirst
rst2.pagesize =20
rst2.absolutepage =1
i=0
do while not rst2.eof and i< rst2.pagesize
response.write "<tr>"
response.write "<td width=“15%“ bgcolor=lightgrey>"& rst2.fields("bm")& "</td>"
response.write "<td width=“15%“ bgcolor=lightgrey>"& rst2.fields("zgs")& "</td>"
response.write "<td width=“15%“ bgcolor=lightgrey>"& rst2.fields("xmz")& "</td>"
response.write "<td width=“15%“ bgcolor=lightgrey><a href=“fmjz1.asp?id="& rst2.fields("id") & "“
target=“_blank“>" & rst2.fields("xm")& "</a></td>"
response.write "<td width=“5%“ bgcolor=lightgrey>"& rst2.fields("sr")& "</td>"
response.write "<td width=“5%“ bgcolor=lightgrey>"& rst2.fields("zc")& "</td>"
response.write "</tr>"
i=i+1
rst2.movenext
loop
end if
response.write "</table>"
response.write "</div>"
j= rst2.pagecount
response.write "<p align=center><b>共有页数: "
for i=1 to j
response.write "<a href=“fmjzpzck1.asp?id=" & i & "“ target=“_blank“>" & i & "</a>" & " "
if j mod 10= 0 then
response.write "<br>"
end if
next
response.write "</b></p>"
rst2.close
cnn2.close
…………
end sub
应用以上程序,可以根据用户的权限,按照用户的要求实行订制查询,该系统在win nt、iis4.0和win98、pws上运行通过。
推荐阅读
-
ASP.NET MVC+EF框架+EasyUI实现权限管系列
-
spring boot 1.5.4 集成shiro+cas,实现单点登录和权限控制
-
Laravel 如何实现 管理员后台权限控制
-
自定义Hive权限控制(4) 扩展Hive以实现自定义权限控制
-
用php实现像JSP,ASP里Application那样的全局变量_PHP教程
-
用php实现像JSP,ASP里Application那样的全局变量_PHP教程
-
django 实现编写控制登录和访问权限控制的中间件方法
-
这种类型的网站用户权限控制,如何实现?
-
Yii 权限分级式访问控制实现(非RBAC法)_PHP教程
-
用php实现像JSP,ASP里Application那样的全局变量