我的sql数据库中有一个名为“usertype”的表。我的网站有一个注册表单,用户可以在其中选择他/她的用户类型。所以,我想要的是,当用户登录的用户类型为User add时,编辑和删除按钮将在网站的Faculty页面中禁用。
点击链接查看我的usertype表格如何:
http://i44.tinypic.com/2j34cau.jpg
这是我的Register.aspx.cs代码
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
public partial class Register : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(Helper.GetConnection());
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
GetUserType();
}
}
void GetUserType()
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "SELECT ID, userType FROM type";
SqlDataReader dr = cmd.ExecuteReader();
ddlType.DataSource = dr;
ddlType.DataTextField = "userType";
ddlType.DataValueField = "ID";
ddlType.DataBind();
con.Close();
}
bool IsExisting(string email)
{
bool existing = true; //initial Value
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "SELECT userEmail FROM users WHERE userEmail = @userEmail";
cmd.Parameters.Add("userEmail", SqlDbType.VarChar).Value = email;
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows) // record (email Address) is existing
existing = true;
else //record is not existing
existing = false;
con.Close();
return existing;
}
protected void btnRegister_Click(object sender, EventArgs e)
{
if (!IsExisting(txtEmail.Text)) //if email not existing
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "INSERT INTO users VALUES (@TypeID, @userFN, @userLN, @userEmail, @userPassword, @userAddress, @userContact, @userCourse, @userSection, @userSchool)";
cmd.Parameters.Add("@TypeID", SqlDbType.Int).Value = ddlType.SelectedValue;
cmd.Parameters.Add("@userFN", SqlDbType.VarChar).Value = txtFN.Text;
cmd.Parameters.Add("@userLN", SqlDbType.VarChar).Value = txtLN.Text;
cmd.Parameters.Add("@userEmail", SqlDbType.VarChar).Value = txtEmail.Text;
cmd.Parameters.Add("@userPassword", SqlDbType.VarChar).Value = Helper.CreateSHAHash(txtPassword.Text);
cmd.Parameters.Add("@userAddress", SqlDbType.VarChar).Value = "";
cmd.Parameters.Add("@userContact", SqlDbType.VarChar).Value = "";
cmd.Parameters.Add("@userCourse", SqlDbType.VarChar).Value = "";
cmd.Parameters.Add("@userSection", SqlDbType.VarChar).Value = "";
cmd.Parameters.Add("@userSchool", SqlDbType.VarChar).Value = "";
cmd.ExecuteNonQuery();
con.Close();
string message = "Hello, " + txtFN.Text + " " + txtLN.Text + "! <br />"
+ "<br />You have successfully registered in our website. <br />" + "<br /> Click <a href = 'http://localhost:7773/PROJECT%20%5BWB-DEV1%5D/Login.aspx'>" + "here</a> to login <br /> <br />" + "Regards, <br /> " + "The Administrator";
Helper.SendEmail(txtEmail.Text, "Registered Successfully", message);
Response.Redirect("Login.aspx");
}
else //error existing
{
error.Visible = true;
}
}
}
这是Faculty.aspx.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
public partial class Faculty : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(Helper.GetConnection());
protected void Page_Load(object sender, EventArgs e)
{
GetProfessor();
}
void GetProfessor()
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "SELECT ProfNo, SchoolID, LastName, FirstName, MI, " +
"Address, ContactNo, EmailAddress FROM Professor";
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds, "Professor");
gvProfessor.DataSource = ds;
gvProfessor.DataBind();
con.Close();
}
protected void gvProfessor_SelectedIndexChanged(object sender, EventArgs e)
{
btnEdit.Visible = true;
btnDelete.Visible = true;
btnAdd.Visible = true;
}
protected void btnDelete_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "DELETE FROM Professor WHERE ProfNo=@ProfNo";
cmd.Parameters.Add("@ProfNo", SqlDbType.Int).Value =
gvProfessor.SelectedRow.Cells[0].Text;
cmd.ExecuteNonQuery();
con.Close();
GetProfessor();
}
protected void btnEdit_Click(object sender, EventArgs e)
{
Session["ID"] = gvProfessor.SelectedRow.Cells[0].Text;
Response.Redirect("EditFaculty.aspx");
}
protected void btnAdd_Click(object sender, EventArgs e)
{
Response.Redirect("AddFaculty.aspx");
}
}
btnAdd,btnEdit,btnDelete应该在用户时禁用,并且应该在其管理员时启用。
我是新手,我希望你能帮助我。谢谢!
答案 0 :(得分:2)
由于您没有提供任何代码,我只能给您伪代码:
protected void Page_Load(object sender, EventArgs e)
{
if(!IsPostBack)
{
// If the user type doesn't equal user, they're enabled
btnAdd.Enabled = user.Type != "User";
btnEdit.Enabled = user.Type != "User";
btnDelete.Enabled = user.Type != "User";
}
}
答案 1 :(得分:0)
如果您的用户类型作为ID存储在数据库中,则处理此问题的最佳方法是创建其值与数据库中的ID匹配的枚举。枚举看起来像这样。
public enum UserType
{
Unknown = 0,
Admin = 1,
User = 2
}
然后,您的代码看起来与此类似。
protected void Page_Load(object sender, EventArgs e)
{
SetButtonsEnabledDisabled(IsAdmin(userType));
}
private bool IsAdmin(int userTypeId)
{
return userTypeId == (int)UserType.Admin;
}
private void SetButtonsEnabledDisabled(bool isEnabled)
{
ButtonAdd.Enabled = isEnabled;
ButtonEdit.Enabled = isEnabled;
ButtonDelete.Enabled = isEnabled;
}
将ID存储在枚举中是个好主意,除非是为了提高代码的可读性。在Faculty.aspx.cs中,您需要检查当前登录的用户。无论您是通过查询字符串传递某些值,还是进行额外的数据库调用,我都不会为您构建它。但是,一旦有了上下文,就可以应用它来启用或禁用按钮。
另外需要注意的是,将数据层代码放在代码中总是一个不错的想法。看看这个SO答案的原因。 https://stackoverflow.com/a/5318242/1717855