Last active
January 2, 2016 09:18
-
-
Save s0ren/8281698 to your computer and use it in GitHub Desktop.
Adgangskontrol med caching af brugerens roller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<%@ Application Language="C#" %> | |
<script runat="server"> | |
void Application_Start(object sender, EventArgs e) | |
{ | |
// Code that runs on application startup | |
} | |
void Application_End(object sender, EventArgs e) | |
{ | |
// Code that runs on application shutdown | |
} | |
void Application_Error(object sender, EventArgs e) | |
{ | |
// Code that runs when an unhandled error occurs | |
} | |
void Session_Start(object sender, EventArgs e) | |
{ | |
// Code that runs when a new session is started | |
myACL.startRolle(); | |
} | |
void Session_End(object sender, EventArgs e) | |
{ | |
// Code that runs when a session ends. | |
// Note: The Session_End event is raised only when the sessionstate mode | |
// is set to InProc in the Web.config file. If session mode is set to StateServer | |
// or SQLServer, the event is not raised. | |
} | |
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Web; | |
using System.Web.UI; | |
using System.Web.UI.WebControls; | |
using System.Data; | |
using System.Data.SqlClient; | |
using System.Data.SqlTypes; | |
using System.Configuration; | |
public partial class login_cheat : System.Web.UI.Page | |
{ | |
protected void Page_Load(object sender, EventArgs e) | |
{ | |
if (Request.QueryString["bruger_id"] != null) | |
{ | |
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ToString()); | |
SqlCommand cmd = new SqlCommand(); | |
cmd.Connection = conn; | |
// alle roller til repeater | |
conn.Open(); | |
cmd.CommandText = "SELECT * FROM brugere WHERE br_id = @bruger_id"; | |
cmd.Parameters.Add("@bruger_id", SqlDbType.Int).Value = Request.QueryString["bruger_id"]; | |
SqlDataReader reader = cmd.ExecuteReader(); | |
if (reader.Read()) | |
{ | |
Session["bruger_id"] = reader["br_id"]; | |
Session["rolle_id"] = reader["fk_rolle_id"]; | |
} | |
conn.Close(); | |
myACL.startRolle(Convert.ToInt32(Session["bruger_id"])); | |
Response.Redirect("side_03.aspx", true); | |
} | |
else | |
{ | |
LabelInfo.Text = "Vælg en bruger"; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Web; | |
using System.Data; | |
using System.Data.SqlClient; | |
using System.Data.SqlTypes; | |
using System.Configuration; | |
using System.Collections; | |
/// <summary> | |
/// Summary description for myACL | |
/// </summary> | |
public class myACL | |
{ | |
public myACL() | |
{ | |
// | |
// TODO: Add constructor logic here | |
// | |
} | |
/// <summary> | |
/// initializerer cache, for gæst | |
/// </summary> | |
public static void startRolle() | |
{ | |
// Init | |
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ToString()); | |
SqlCommand cmd = new SqlCommand(); | |
cmd.Connection = conn; | |
// rollefunktioner til repeater | |
cmd.CommandText = @"SELECT funktioner.fu_codename | |
FROM | |
funktioner | |
INNER JOIN | |
rollefunktioner | |
ON funktioner.fu_id = rollefunktioner.fk_funktion_id | |
WHERE rollefunktioner.fk_rolle_id = @rolle_id"; | |
cmd.Parameters.Add("rolle_id", SqlDbType.Int).Value = 5; | |
//cmd.Parameters.Add("fu_codename", SqlDbType.NVarChar).Value = functionCodename; | |
conn.Open(); | |
SqlDataReader reader = cmd.ExecuteReader(); | |
ArrayList funktioner = new ArrayList(); | |
while (reader.Read()) | |
{ | |
funktioner.Add(reader["fu_codename"]); | |
} | |
conn.Close(); | |
HttpContext.Current.Session["funktioner"] = funktioner; | |
} | |
/// <summary> | |
/// initializerer cache, for specifik bruger | |
/// </summary> | |
/// <param name="bruger_id"></param> | |
public static void startRolle(int bruger_id) | |
{ | |
// Init | |
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ToString()); | |
SqlCommand cmd = new SqlCommand(); | |
cmd.Connection = conn; | |
// rollefunktioner til repeater | |
cmd.CommandText = @"SELECT funktioner.fu_codename | |
FROM | |
funktioner | |
INNER JOIN | |
rollefunktioner | |
ON funktioner.fu_id = rollefunktioner.fk_funktion_id | |
INNER JOIN | |
brugere | |
ON rollefunktioner.fk_rolle_id = brugere.fk_rolle_id | |
WHERE brugere.br_id = @bruger_id"; | |
cmd.Parameters.Add("bruger_id", SqlDbType.Int).Value = bruger_id; | |
//cmd.Parameters.Add("fu_codename", SqlDbType.NVarChar).Value = functionCodename; | |
conn.Open(); | |
SqlDataReader reader = cmd.ExecuteReader(); | |
ArrayList funktioner = new ArrayList(); | |
while (reader.Read()) | |
{ | |
funktioner.Add(reader["fu_codename"]); | |
} | |
conn.Close(); | |
HttpContext.Current.Session["funktioner"] = funktioner; | |
} | |
/// <summary> | |
/// Checker adgangsret for aktive bruger | |
/// </summary> | |
/// <param name="codeName"></param> | |
/// <returns>Den "tingest" der skal checkes adgagn til.</returns> | |
public static bool checkAccess2(string codeName) | |
{ | |
return ((ArrayList)HttpContext.Current.Session["funktioner"]).Contains(codeName); | |
} | |
// override af checkAccess(int userID, string functionCodename) | |
/// <summary> | |
/// Override af checkAccess(int userID, string functionCodename) | |
/// </summary> | |
/// <param name="userID"></param> | |
/// <param name="functionCodename"></param> | |
/// <returns></returns> | |
public static bool checkAccess(String userID, string functionCodename) | |
{ | |
return myACL.checkAccess(Convert.ToInt32(userID), functionCodename); | |
} | |
// den trivielle ("dumme") udgave, der henter fra databasen hver gang | |
/// <summary> | |
/// den trivielle ("dumme") udgave, der henter fra databasen hver gang | |
/// </summary> | |
/// <param name="userID"></param> | |
/// <param name="functionCodename"></param> | |
/// <returns></returns> | |
public static bool checkAccess(int userID, string functionCodename) | |
{ | |
// Init | |
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString1"].ToString()); | |
SqlCommand cmd = new SqlCommand(); | |
cmd.Connection = conn; | |
// rollefunktioner til repeater | |
cmd.CommandText = @"SELECT funktioner.fu_id | |
FROM | |
funktioner | |
INNER JOIN | |
rollefunktioner | |
ON funktioner.fu_id = rollefunktioner.fk_funktion_id | |
INNER JOIN | |
brugere | |
ON rollefunktioner.fk_rolle_id = brugere.fk_rolle_id | |
WHERE brugere.br_id = @bruger_id AND funktioner.fu_codename = @fu_codename"; | |
cmd.Parameters.Add("bruger_id", SqlDbType.Int).Value = userID; | |
cmd.Parameters.Add("fu_codename", SqlDbType.NVarChar).Value = functionCodename; | |
conn.Open(); | |
bool accessFound = cmd.ExecuteNonQuery() == 1; | |
conn.Close(); | |
return accessFound; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Web; | |
using System.Web.UI; | |
using System.Web.UI.WebControls; | |
public partial class side_04 : System.Web.UI.Page | |
{ | |
protected void Page_Load(object sender, EventArgs e) | |
{ | |
} | |
protected void PanelOpretBruger_Load(object sender, EventArgs e) | |
{ | |
//((Panel)sender).Visible = false; | |
//((Panel)sender).Visible = myACL.checkAccess(Convert.ToInt32(Session["bruger_id"]), "BrugerOpret"); | |
//((Panel)sender).Visible = myACL.checkAccess(Session["bruger_id"].ToString(), "BrugerOpret"); | |
((Panel)sender).Visible = myACL.checkAccess2("BrugerOpret"); | |
} | |
protected void PanelRegistrerBruger_Load(object sender, EventArgs e) | |
{ | |
((Panel)sender).Visible = myACL.checkAccess2("BrugerRegistrer"); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment