Use ASP to implement hierarchical permission control
This article implements the control of hierarchical permissions in an accounting management system. The program is written in ASP and javascript and runs on a win NT server equipped with IIS4.0. It is fast and easy to maintain.
The permission levels are divided as follows:
①. Dean and Finance Section Chief: Cannot enter, unlimited inquiries and statistics can be found;
②. Vice President: If you cannot enter, you can query and count the accounts of the department in charge;
③. Department leader: If you cannot enter, you can query and count the accounts of this department;
④. Accounting: You can enter the accounts of each department (an accountant sometimes needs to make accounts of several departments), and you can only query and count the accounts you entered by yourself.
The databases and fields involved are as follows
①. JK_USER database and fields: id (serial number), bmid (department number), username (user name), pwd (password), right (permission value);
②. BM database and fields: id (serial number), bmid (department number);
③, JZPZ database and fields: id (serial number), bm (department), zgs (subsidiary), xmz (project group), xm (project), sr (revenue), zc (expenditure), szfx (revenue direction), szxs (revenue form),
rq (date), jbr (manager), lrr (inputer), szsm (incoming statement);
④, ZGS database and fields: id (serial number), zgs (subsidiary) name (company name), bmid (department number).
1. First, verify the user identity legality
Compare the username and password submitted by the user with the fields in the database JK_USER to determine its legality. Only legal users (the system administrator opens an account for them) can enter. Legal users have
There are four permission levels, and four permission values are given to "1", "2", "3", and "4". (Program omitted).
2. Voucher accounting (Level permission control)
The voucher accounting function is specially used for accountants and cannot be used by others. For example, when entering the voucher entry interface as a non-accountant, only the "Query Accounting Voucher" function button can be seen, and other functions
The button is not visible. The entered vouchers are first stored in a temporary table, which is called the "Unaccounted Voucher Library". Only after running the "Voucher Accounting" function can you enter the voucher library in the "Unaccounted Voucher Library" vouchers.
Revise. Some procedures are as follows:
'Non-accounting personnel enter, the "Voucher Accounting" and "Save Undocumented Vouchers" function buttons do not display
if (thisPage.firstEntered) then
if session("right")<> "1" then
button1.hide
button2.hide
end if
…………
'Automatically fill in time and operator
Textbox7.value=year(date) & "-" & month(date) & "-" & day(date)
Textbox9.value =session("username")
set cnn1=server.CreateObject("adodb.connection")
set rst1=server.CreateObject("adodb.recordset")
cnn1.CursorLocation=3
cnn1.ConnectionTimeout =30
cnn1.Open "DSN=jky"
rst1.Open "select * from bm",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
RST1.MoveFirst
Id=rst1.Fields("id")
do while not rst1.EOF