How to implement hierarchical permission control

Author：Eve Cole Update Time：2025-07-02 21:00:03

How does ASP implement hierarchical permission control? I believe this problem has stumped many novice programmers. The following is the method of using ASP to implement hierarchical permission control based on this problem.

Use ASP to implement hierarchical permission control

This article implements the control of hierarchical permissions in an accounting management system. The program is written in ASP and javascript and runs on a win NT server equipped with IIS4.0. It is fast and easy to maintain.

The permission levels are divided as follows:

①. Dean and Finance Section Chief: Cannot enter, unlimited inquiries and statistics can be found;

②. Vice President: If you cannot enter, you can query and count the accounts of the department in charge;

③. Department leader: If you cannot enter, you can query and count the accounts of this department;

④. Accounting: You can enter the accounts of each department (an accountant sometimes needs to make accounts of several departments), and you can only query and count the accounts you entered by yourself.

The databases and fields involved are as follows

①. JK_USER database and fields: id (serial number), bmid (department number), username (user name), pwd (password), right (permission value);

②. BM database and fields: id (serial number), bmid (department number);

③, JZPZ database and fields: id (serial number), bm (department), zgs (subsidiary), xmz (project group), xm (project), sr (revenue), zc (expenditure), szfx (revenue direction), szxs (revenue form),

rq (date), jbr (manager), lrr (inputer), szsm (incoming statement);

④, ZGS database and fields: id (serial number), zgs (subsidiary) name (company name), bmid (department number).

1. First, verify the user identity legality

Compare the username and password submitted by the user with the fields in the database JK_USER to determine its legality. Only legal users (the system administrator opens an account for them) can enter. Legal users have

There are four permission levels, and four permission values are given to "1", "2", "3", and "4". (Program omitted).

2. Voucher accounting (Level permission control)

The voucher accounting function is specially used for accountants and cannot be used by others. For example, when entering the voucher entry interface as a non-accountant, only the "Query Accounting Voucher" function button can be seen, and other functions

The button is not visible. The entered vouchers are first stored in a temporary table, which is called the "Unaccounted Voucher Library". Only after running the "Voucher Accounting" function can you enter the voucher library in the "Unaccounted Voucher Library" vouchers.

Revise. Some procedures are as follows:

'Non-accounting personnel enter, the "Voucher Accounting" and "Save Undocumented Vouchers" function buttons do not display

if (thisPage.firstEntered) then

if session("right")<> "1" then

button1.hide

button2.hide

end if

…………

'Automatically fill in time and operator

Textbox7.value=year(date) & "-" & month(date) & "-" & day(date)

Textbox9.value =session("username")

set cnn1=server.CreateObject("adodb.connection")

set rst1=server.CreateObject("adodb.recordset")

cnn1.CursorLocation=3

cnn1.ConnectionTimeout =30

cnn1.Open "DSN=jky"

rst1.Open "select * from bm",cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

RST1.MoveFirst

Id=rst1.Fields("id")

do while not rst1.EOF

Listbox3.addItem rst1.Fields("bmName"),cint(rst1.Fields("id"))

"Response.Write rst1.Fields("bmname") & rst1.Fields("id")

rst1.MoveNext

loop

end if

rst1.Close

rst1.Open "select zgsname from zgs where bmid=" & id,cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

rst1.MoveFirst

do while not rst1.EOF

Listbox4.addItem cstr(rst1.Fields("zgsname"))

rst1.MoveNext

loop

end if

rst1.Close

cnn1.close

call writerst

end if

end function

……………………

'Voucher accounting

sub button2_onclick

dim s

s=Listbox1.selectedIndex

Response.Write s

end sub

sub listbox3_onchange

dim id,i

i=Listbox4.getCount()

do while i>-1

call Listbox4.removeItem(i)

i=i-1

loop

id=listbox3.getValue (listbox3.selectedIndex)

set cnn2=server.CreateObject("adodb.connection")

set rst2=server.CreateObject("adodb.recordset")

cnn2.CursorLocation=3

cnn2.ConnectionTimeout =30

cnn2.Open"DSN=jky"

rst2.Open "select zgsName from zgs where bmid=" & id,cnn2,1,1,adcmdtext

if rst2.RecordCount >0 then

RST2.MoveFirst

do while not rst2.EOF

Listbox4.addItem cstr(rst2.Fields("zgsName"))

rst2.MoveNext

loop

end if

rst2.Close

cnn2.Close

end sub

sub button2_onclick

set cnn5=server.CreateObject("adodb.connection")

cnn5.CursorLocation=3

cnn5.ConnectionTimeout =30

cnn5.Open"DSN=jky"

cnn5.Execute "insert into jzpz(bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq,jbr,lrr,szsm) select bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq,jbr,

lrr,szsm from wjzpz where lrr="" & session("username") & """

cnn5.Execute "delete from wjzpz where lrr="" & session("username") & """

end sub

3. Data query (level permission control)

Query with the fields of the credentials as the condition. There is a box before the selection criteria for "√", where the "department" condition must be selected (the program is automatically added), and the department content is automatically based on the user's permissions.

Call the corresponding value from the database, and the branch content will be automatically adjusted according to the department to which it belongs. Some procedures are as follows:

…………………

'Enter the corresponding query interface according to the permission value

…………………

function thisPage_onenter()

set cnn1=server.CreateObject("adodb.connection")

set rst1=server.CreateObject("adodb.recordset")

cnn1.CursorLocation=3

cnn1.ConnectionTimeout =30

cnn1.Open "dsn=jky"

select case session("Tright")

case "3"" Vice President

rst1.Open "select bm.bmName from jk_user ,bm where JK_user.bmid=bm.id and jk_user.username = ""& session("username")

& """,cnn1,1,adcmdtext

if rst1.RecordCount >0 then

RST1.MoveFirst

do while not rst1.EOF

Listbox1.addItem cstr(rst1.Fields("bmName"))

rst1.MoveNext

loop

end if

rst1.Close

rst1.Open "select zgsname from zgs",cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

rst1.MoveFirst

do while not rst1.EOF

Listbox2.addItem cstr(rst1.Fields("zgsname"))

rst1.MoveNext

loop

end if

rst1.Close

cnn1.close

Checkbox1.setChecked (true)

case "2" department manager

Listbox1.addItem session("bm")

rst1.Open "select zgsname from zgs where bmid=" & session("bmid"),cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

rst1.MoveFirst

do while not rst1.EOF

Listbox2.addItem cstr(rst1.Fields("zgsname"))

rst1.MoveNext

loop

end if

rst1.Close

cnn1.close

Checkbox1.setChecked (true)

“Checkbox1.0

case "1"" Accountant

rst1.Open "select bmName from bm",cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

RST1.MoveFirst

do while not rst1.EOF

Listbox1.addItem cstr(rst1.Fields("bmName"))

rst1.MoveNext

loop

end if

rst1.Close

rst1.Open "select zgsname from zgs",cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

rst1.MoveFirst

do while not rst1.EOF

Listbox2.addItem cstr(rst1.Fields("zgsname"))

rst1.MoveNext

loop

end if

rst1.Close

cnn1.close

case "4" Dean

rst1.Open "select bmName from bm",cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

RST1.MoveFirst

do while not rst1.EOF

Listbox1.addItem cstr(rst1.Fields("bmName"))

rst1.MoveNext

loop

end if

rst1.Close

rst1.Open "select zgsname from zgs",cnn1,1,1,adcmdtext

if rst1.RecordCount >0 then

rst1.MoveFirst

do while not rst1.EOF

Listbox2.addItem cstr(rst1.Fields("zgsname"))

rst1.MoveNext

loop

end if

rst1.Close

cnn1.close

end select

end if

…………

end function

'Query credentials according to permissions

sub button1_onclick

dim rst2,cnn2,str,i

dim bm(1),zgs(1),xmz(1),xm(1),szfx(1),szxs(1),rq(2),jbr(1)

bm(0)=Checkbox1.getChecked()

if bm(0) then

bm(1)=Listbox1.getText(Listbox1.selectedIndex)

str=" and bm="" & bm(1) & """

end if

zgs(0)=Checkbox2.getChecked()

if zgs(0) then

zgs(1)=Listbox2.getText(Listbox2.selectedIndex)

str=str & " and zgs ="& zgs(1) & """

end if

xmz(0)=Checkbox3.getChecked()

if xmz(0) then

xmz(1)=trim(txtxmz.value)

str=str & " and xmz like "%" & xmz(1) & "%""

end if

xm(0)=Checkbox4.getChecked()

if xm(0) then

xm(1)=trim(tztxm.value)

str=str & " and xm like "%" & xm(1) & "%""

end if

szfx(0)=Checkbox5.getChecked()

if szfx(0) then

szfx(1)=Listbox3.getText(Listbox3.selectedIndex)

str =str & " and szfx = "" & szfx(1) & """

end if

szxs(0)=Checkbox6.getChecked()

if szxs(0) then

szxs(1)=Listbox4.getText(Listbox4.selectedIndex)

str =str & " and szxs = "" & szxs(1) & """

end if

jbr(0)=Checkbox8.getChecked()

if jbr(0) then

jbr(1)=trim(txtjbr.value)

str =str & " and jbr like "%" & jbr(1) & "%""

end if

set cnn2=server.CreateObject("adodb.connection")

set rst2=server.CreateObject("adodb.recordset")

cnn2.CursorLocation=3

cnn2.ConnectionTimeout =30

cnn2.Open "dsn=jky"

Response.Write "<table border="1" cellPadding=0 cellSpacing=0 width="650" height="33" >"

Response.Write "<tr>"

Response.Write "<td width="100%" colspan="6" height="44" align="middle" bgcolor=lightblue>"

Response.Write "<p align="center"><b><font color="#000084"> Accounting voucher list"

Response.Write "</font></b></p></td></tr> "

Response.Write "<tr>"