管理员即John在注册后链接到人力资源部门,然后选择人力资源部门,他的数据存储在用户表中,在此表中,id设置为dep id = 2,即dep2。
然后我想通过他的登录ID和密码登录然后他只能访问HR文档,而不是其他文档,如金融,计算机科学,市场营销,我已经尝试过这个查询。
首先我选择dep id:
ALTER procedure [dbo].[sphrdoc]
@UserName nvarchar(50),
@Password nvarchar(50)
as
select DepID from Userss where UserName=@UserName AND [Password]=@Password
然后我创建一个函数:
publicint hrdoc(string Username,string password)
{
return Convert.ToInt32( db.ExecuteScalar("sphrdoc",newobject[]
{Username,password}));
}
然后在页面加载中:
Session["a"] = dd.hrdoc(Convert.ToString(Session["Login2"]),
(Convert.ToString(Session["Login3"])));
然后我设置了这个查询:
ALTER procedure [dbo].[sphrdocid1]
@DepID int
as
SELECT DocumentInfo.DocID,
dbo.DocumentInfo.DocName,
dbo.DocumentInfo.Uploadfile,
dbo.DocType.DocType,
dbo.Department.DepType ,
dbo.ApproveType.ApproveType AS ApproveID
FROM dbo.DocumentInfo
left JOIN dbo.DocType ON dbo.DocumentInfo.DocTypeID=dbo.DocType.DocTypeID
left JOIN dbo.Department ON dbo.DocumentInfo.DepID=dbo.Department.DepID
LEFT JOIN dbo.ApproveType ON dbo.ApproveType.approveid=dbo.Department.DepID where
dbo.Department.DepID=@DepID
public DataTable hrdoc1(int id)
{
DataTable table = db.ExecuteDataSet("sphrdocid1", new object[] { id
}).Tables[0];
return table;
}
然后在页面加载中我称之为:
GrdFileApprove.DataSource = dd.hrdoc1(Convert.ToInt32(Session["a"]));
GrdFileApprove.DataBind();
但是当约翰登录时,他仍可以看到与人力资源,市场营销,金融,计算机科学相关的所有文件。
答案 0 :(得分:0)
您的查询看起来是正确的。您需要检查数据以确保正确填充所有值。
这是您使用的实际代码吗?你在Department表上需要左连接吗?
exec sphrdocid1 @DepID = 1
go
ALTER procedure [dbo].[sphrdocid1]
@DepID int
as
begin
SELECT DocumentInfo.DocID, dbo.DocumentInfo.DocName, dbo.DocumentInfo.Uploadfile, dbo.DocType.DocType, dbo.Department.DepType , dbo.ApproveType.ApproveType AS ApproveID
FROM dbo.DocumentInfo
JOIN dbo.Department
ON dbo.DocumentInfo.DepID=dbo.Department.DepID
left JOIN dbo.DocType
ON dbo.DocumentInfo.DocTypeID=dbo.DocType.DocTypeID
LEFT JOIN dbo.ApproveType
ON dbo.ApproveType.approveid=dbo.Department.DepID
where dbo.DocumentInfo.DepID=@DepID
end