控制权限的最佳实践? [英] Best practices for control permissions?
问题描述
大家好,我需要一些建议...
Hey all, I need some advice on this...
我们在数据库中设置了某些权限,以便用户可以对应用程序进行某些级别的控制.禁用、只读和编辑.
We have certain permissions setup in the database for certain levels of control a user can have over the application. Disabled, ReadOnly and Edit.
我的问题是:是否有更通用/更好的方法来处理应用于页面上表单元素的权限,而不是编写安全方法/检查每页以根据允许的权限启用/禁用/隐藏/显示适当的控件?
My question is: Are there more generic/better ways to handle permissions applied to a form element on the page than writing a security method/check per page to enable/disable/hide/show proper controls depending on the permissions allowed?
有没有人有过以不同方式处理这个问题的经验?
Anyone have any experience handling this in different ways?
我只是考虑了为每个需要安全的层添加常量的可能性,然后在用户类中添加一个 IsAuthorized 函数,该函数将接受来自控件所在表单的常量,并返回布尔值以启用/禁用控件,当/如果我需要修改所有表单的安全性时,这真的会减少我必须点击的地方.
I just thought about the possibility of adding constants for each layer that needs security and then adding an IsAuthorized function in the user class that would accept a constant from the form that the control is on, and return boolean to enable/disable controls, this would really reduce the amount of places I'd have to hit when/if I ever need to modify the security for all forms.
干杯!
推荐答案
很抱歉在这里有点跑题,但要从我的错误中吸取教训:
Sorry for going slightly off-topic here, but learn from my mistake:
有一次我正在开发一个简单的网络应用程序,我想我会设置 3 个安全级别:有限只读(公共)、读限制写(用户)、读写(管理员).users 表有一定的安全级别,一切正常……直到随着项目的发展,我需要更好地控制安全级别.这一切都始于一位用户不仅需要对程序的某个区域进行用户控制,而且还需要完全的管理控制.
I had a simple web app one time that I was developing and I thought that I'd setup 3 levels of security: limited read-only (public), read-limited write (user), read-write (admin). The users table had a level of security in it and everything worked fine... until I needed finer control over security levels as the project grew. It all started with a user that needed more than user control in one area of the program but not full admin control.
我应该做的是设置一个具有更好控制的可扩展系统,即使我一开始不需要它.这会为我节省很多时间.
What I should have done was setup an expandable system with finer control even though I didn't need it at first. This would have saved me sooo much time.
这篇关于控制权限的最佳实践?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
