Discussion on C permission management and design
- 2020-05-07 20:16:32
- OfStack
This article mainly wants to share with you is this period of time, on the authority management and design of intermittent thinking and learning, and personal 1 some software development and other aspects of the view.
When it comes to 'permission management and design', you may think about the jizigala in the garden at the first time. In this respect, he can be regarded as a 'master' or expert -- his' universal permission management system '. I can't say anything else, but at least you can see that he is quite thorough and fanatical in his research, and his system has a certain 'maturity', in his words -- is trying to be as good as he can be. He's doing a general access management system, so what is' general '? Let me talk about my personal understanding:
a. (mainstream) database universal - that is, the use of the factory and other patterns, can be easily adapted to different (types of) databases, ensure the portability of the software. This point focuses on database design!
b. The same solution or implementation approach to or ideas can be used in different development languages and project types (large aspects such as b/s and c/s), like the permission system of good day -- this aspect is common and can be applied to web and WinForm programs developed in C# language. Personally, I think the idea (or solution) generality is more important, just like the idea or solution of a good shopping cart, which can be well used in php, jsp, C# and other language development projects. The solution to the problem is basically not a programming language, the only difference is the implementation.
Me for permission management and design thinking and learning, thought: the main objective in future project development, use your own ideas or (develop) similar day 'brothers' rights management system, can quickly and efficiently rights management part of the implementation of the software (personal feelings about rights management part is quite tricky thing). While learning and thinking, I not only confined to its own (empty) idea, study and research some 1 I feel can also improve our thinking, can draw lessons from the project case, like: a permissions system, (general rights management system) FrameWork104Src, MemberShip, phpcms, ecshop etc., but because of the time, only a rough look under the front of the two. The way I suggest to think and learn, or research, is: Determine or out train of thought about himself first, then reference learning other project case with you in the same research direction (preferably with 1 set of 'maturity' projects), to improve their own thinking, (for reference), raise your study will stand in a higher starting point (which can be called "standing on the shoulders of giants', hehe), and the results of the study is not 'too' failure; unique because your idea is good, you can't thoughtful, could you think good idea, can be considered part of a 1 problem, Compared with good, there is no comparability. For example: before I was looking for developing CMS system for him, I would suggest he: CMS system if you want to do, can not one can complete a relatively large project, if you really want to develop their own, draw lessons from the best phpcms popular CMS system such as, or make something both functionally and ease of use, may be less than 1 and a half. Or research project to do, can't blind to do, reference and learn more excellent project, or your project or research will be on the 'death' in the development!] .
As a permissions system Permission project is a good day 1 of code, the role of, you see will know - 1 based on the current logged-in user permissions, whether on the page button is available, the reason for it, because of my personal feeling: this code is concise and effective enough to suggest can consider to use set to handle the judgment authority (which I also have been largely considered good, feasible in the study of their simple way of specific ideas still need further the overall consideration, and we exchange] again.
When I looked at the FrameWork104Src system, I also felt that the processing of its permission judgment was a little tedious. More importantly, I found that one bug, which may be easily neglected in many software, was not thorough enough. The result of a good permission management implementation should be to ensure that the software is sufficiently secure to prevent the user from "doing what he cannot do". This bug is: after I to A user login system, the user do not have permission to add members, but I in order to test its access control is thorough enough, direct access to add members in Url page, who knows, and went in, however, is also good when click ok button pop-up 'does not have this permission' tips - so, here to remind, permissions management functions or modules are being done to friend, please check your software rights management is enough safety thoroughly. Action buttons are not visible or available and do not control the 'user' action from the source. Just like: submit js validation for login or registration pages, no matter how well written or powerful, you must add the necessary judgment in the background code!
Ok, write temporarily here, (discover sometimes attentively write a blog, very need time, ha ha), hope to have the friend that does this respect research to raise opinion more!
When it comes to 'permission management and design', you may think about the jizigala in the garden at the first time. In this respect, he can be regarded as a 'master' or expert -- his' universal permission management system '. I can't say anything else, but at least you can see that he is quite thorough and fanatical in his research, and his system has a certain 'maturity', in his words -- is trying to be as good as he can be. He's doing a general access management system, so what is' general '? Let me talk about my personal understanding:
a. (mainstream) database universal - that is, the use of the factory and other patterns, can be easily adapted to different (types of) databases, ensure the portability of the software. This point focuses on database design!
b. The same solution or implementation approach to or ideas can be used in different development languages and project types (large aspects such as b/s and c/s), like the permission system of good day -- this aspect is common and can be applied to web and WinForm programs developed in C# language. Personally, I think the idea (or solution) generality is more important, just like the idea or solution of a good shopping cart, which can be well used in php, jsp, C# and other language development projects. The solution to the problem is basically not a programming language, the only difference is the implementation.
Me for permission management and design thinking and learning, thought: the main objective in future project development, use your own ideas or (develop) similar day 'brothers' rights management system, can quickly and efficiently rights management part of the implementation of the software (personal feelings about rights management part is quite tricky thing). While learning and thinking, I not only confined to its own (empty) idea, study and research some 1 I feel can also improve our thinking, can draw lessons from the project case, like: a permissions system, (general rights management system) FrameWork104Src, MemberShip, phpcms, ecshop etc., but because of the time, only a rough look under the front of the two. The way I suggest to think and learn, or research, is: Determine or out train of thought about himself first, then reference learning other project case with you in the same research direction (preferably with 1 set of 'maturity' projects), to improve their own thinking, (for reference), raise your study will stand in a higher starting point (which can be called "standing on the shoulders of giants', hehe), and the results of the study is not 'too' failure; unique because your idea is good, you can't thoughtful, could you think good idea, can be considered part of a 1 problem, Compared with good, there is no comparability. For example: before I was looking for developing CMS system for him, I would suggest he: CMS system if you want to do, can not one can complete a relatively large project, if you really want to develop their own, draw lessons from the best phpcms popular CMS system such as, or make something both functionally and ease of use, may be less than 1 and a half. Or research project to do, can't blind to do, reference and learn more excellent project, or your project or research will be on the 'death' in the development!] .
/// <summary>
/// Access to the user's permissions, operation permissions
/// </summary>
private void GetPermission()
{
this.DbHelper.Open();
// User action permissions
this.btnUserAdd.Enabled = this.IsAuthorized("User.Add");
this.btnUserDelete.Enabled = this.IsAuthorized("User.Delete");
this.btnUserExport.Enabled = this.IsAuthorized("User.Export");
this.btnUserImport.Enabled = this.IsAuthorized("User.Import");
this.btnUserPrint.Enabled = this.IsAuthorized("User.Print");
this.btnUserUpdate.Enabled = this.IsAuthorized("User.Update");
// The operation permissions of the role
this.btnRoleAdd.Enabled = this.IsAuthorized("Role.Add");
this.btnRoleDelete.Enabled = this.IsAuthorized("Role.Delete");
this.btnRoleExport.Enabled = this.IsAuthorized("Role.Export");
this.btnRoleImport.Enabled = this.IsAuthorized("Role.Import");
this.btnRolePrint.Enabled = this.IsAuthorized("Role.Print");
this.btnRoleUpdate.Enabled = this.IsAuthorized("Role.Update");
this.DbHelper.Close();
}
As a permissions system Permission project is a good day 1 of code, the role of, you see will know - 1 based on the current logged-in user permissions, whether on the page button is available, the reason for it, because of my personal feeling: this code is concise and effective enough to suggest can consider to use set to handle the judgment authority (which I also have been largely considered good, feasible in the study of their simple way of specific ideas still need further the overall consideration, and we exchange] again.
When I looked at the FrameWork104Src system, I also felt that the processing of its permission judgment was a little tedious. More importantly, I found that one bug, which may be easily neglected in many software, was not thorough enough. The result of a good permission management implementation should be to ensure that the software is sufficiently secure to prevent the user from "doing what he cannot do". This bug is: after I to A user login system, the user do not have permission to add members, but I in order to test its access control is thorough enough, direct access to add members in Url page, who knows, and went in, however, is also good when click ok button pop-up 'does not have this permission' tips - so, here to remind, permissions management functions or modules are being done to friend, please check your software rights management is enough safety thoroughly. Action buttons are not visible or available and do not control the 'user' action from the source. Just like: submit js validation for login or registration pages, no matter how well written or powerful, you must add the necessary judgment in the background code!
Ok, write temporarily here, (discover sometimes attentively write a blog, very need time, ha ha), hope to have the friend that does this respect research to raise opinion more!