最佳实践，以控制对表单字段 [英] Best Practices for controlling access to form fields

问题描述

我有与显示业务对象，让他们编辑的形式经典的3层ASP.Net 3.5 Web应用程序。在窗体上的控件对应于基础业务对象的属性。用户将具有读/写，只读，或者根据他/她的角色的各种控件的访问权限。非常传统的东西。

I have a classic 3-tier ASP.Net 3.5 web application with forms that display business objects and allow them to be edited. Controls on the form correspond to a property of the underlying business object. The user will have read/write, readonly, or no access to the various controls depending on his/her role. Very conventional stuff.

我的问题是：什么是编码这种面向对象的最佳实践？还有什么更优雅比对用户的角色测试包装每个控件并设置其Visible和Enabled属性？

My question is: what is the object-oriented best practice for coding this? Is there anything more elegant than wrapping each control in a test for the user's role and setting its Visible and Enabled properties?

感谢

推荐答案

要正常工作，我发现，访问级别应该是在这个递增的顺序：
NONE，查看，需要，编辑。

To work properly, I have found that access levels should be in this increasing order: NONE, VIEW, REQUIRED, EDIT.

请注意这要求是不是顶层，你可能会认为这是因为编辑（包括填充和放大器;去填充许可）比要求的（填充只许可）

Note that REQUIRED is NOT the top level as you may think it would be since EDIT (both populate & de-populate permission) is a greater privilege than REQUIRED (populate-only permission).

枚举是这样的：

/** NO permissions.
 *     Presentation: "hidden"
 *     Database: "no access"
 */
NONE(0),

/** VIEW permissions.
 *     Presentation: "read-only"
 *     Database: "read access"
 */
VIEW(1),

/** VIEW and POPULATE permissions.
 *     Presentation: "required/highlighted"
 *     Database: "non-null"
 */
REQUIRED(2),

/** VIEW, POPULATE, and DEPOPULATE permissions.
 *     Presentation: "editable"
 *     Database: "nullable"
 */
EDIT(3);

从底层（数据库约束），创建地图领域对访问。这个地图然后被更新（进一步抑制）下一层向上（业务规则+用户权限）。最后，该顶层（presentation规则）可以然后进一步再次如果需要抑制在地图

From the bottom layer (database constraints), create a map of fields-to-access. This map then gets updated (further restrained) at the next layer up (business rules + user permissions). Finally, the top layer (presentation rules) can then further restrain the map again if desired.

重要信息：地图必须包装，使其只允许接人待的降低的任何后续更新。应该只，而不会触发任何错误忽视，试图增加获得更新。这是因为它应该像上的访问应该是什么样子表决系统。在本质上，如上面提到的访问级别的随后分层可以按任何顺序，因为这将导致一个存取级低水标记为每个字段一旦所有的层都投发生

Important: The map must be wrapped so that it only allows access to be decreased with any subsequent update. Updates which attempt to increase access should just be ignored without triggering any error. This is because it should act like a voting system on what the access should look like. In essence, the subsequent layering of access levels as mentioned above can happen in any order since it will result in an access-level low-water-mark for each field once all layers have voted.

后果：

1）presentation层可以隐藏字段（设置访问NONE）为数据库指定只读（VIEW）字段。

1) The presentation layer CAN hide a field (set access to NONE) for a database-specified read-only (VIEW) field.

2）presentation层时，业务规则说，用户不具有至少VIEW访问无法显示的字段。

2) The presentation layer CANNOT display a field when the business rules say that the user does not have at least VIEW access.

3）presentation层不能移动字段的访问到编辑（可为空），如果数据库称，这只是需要（非空的）。

3) The presentation layer CANNOT move a field's access up to "editable" (nullable) if the database says it's only "required" (non-nullable).

注：presentation层应当由（自定义显示的标签），以通过读取地图的访问，而不需要任何如果语句渲染领域

Note: The presentation layer should be made (custom display tags) to render the fields by reading the access map without the need for any "if" statements.

这是用于设置显示相同的存取映射也可以在提交验证期间使用。一个通用的验证器可以写入读取任何形式和访问地图，以确保所有的规则都得到遵守。

The same access map that is used for setting up the display can also be using during the submit validations. A generic validator can be written to read any form and its access map to ensure that all the rules have been followed.

这篇关于最佳实践，以控制对表单字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！