Question

我在行的开头有一个带有编辑选项的gridview。此外，我维护一个名为Permission的单独表，我维护用户权限。我有三种不同类型的权限，如Admin，Leads，Programmers。这三个人都可以访问gridview。除了管理员，如果有人在点击编辑选项时尝试编辑gridview，我需要提供This row has important validation and make sure you make proper changes之类的提醒。

当我编辑时，操作发生在名为Application的表上。该表有一个名为Comments的列。此外，警报只有在他们尝试编辑“注释”列中包含这些值的行时才会发生。

ManLog datas Funding Approved Exported Applications

到目前为止我的尝试。

public bool IsApplicationUser(string userName)
{
    return CheckUser(userName);
}

public static bool CheckUser(string userName)
{
    string CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    DataTable dt = new DataTable();
    using (SqlConnection connection = new SqlConnection(CS))
    {
        SqlCommand command = new SqlCommand();
        command.Connection = connection;
        string strquery = "select * from Permissions where AppCode='Nest' and UserID = '" + userName + "'";
        SqlCommand cmd = new SqlCommand(strquery, connection);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);
    }
    if (dt.Rows.Count >= 1)
        return true;
    else
        return true;
}

 protected void Details_RowCommand(object sender, GridViewCommandEventArgs e)
{
    string currentUser = HttpContext.Current.Request.LogonUserIdentity.Name;
    string str = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    string[] words = currentUser.Split('\\');
    currentUser = words[1];
    bool appuser = IsApplicationUser(currentUser);
    if (appuser)
    {
        DataSet ds = new DataSet();
        using (SqlConnection connection = new SqlConnection(str))
        {
            SqlCommand command = new SqlCommand();
            command.Connection = connection;
            string strquery = "select Role_Cd from User_Role where AppCode='PM' and UserID = '" + currentUser + "'";
            SqlCommand cmd = new SqlCommand(strquery, connection);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(ds);
        }

        if (e.CommandName.Equals("Edit") && ds.Tables[0].Rows[0]["Role_Cd"].ToString().Trim() != "ADMIN")
        {
            int index = Convert.ToInt32(e.CommandArgument);

            GridView gvCurrentGrid = (GridView)sender;
            GridViewRow row = gvCurrentGrid.Rows[index];

            string strID = ((Label)row.FindControl("lblID")).Text;
            string strAppName = ((Label)row.FindControl("lblAppName")).Text;
            Response.Redirect("AddApplication.aspx?ID=" + strID + "&AppName=" + strAppName + "&Edit=True");
        }
    }
}

请告诉我是否需要添加内容。感谢您的任何建议。

Answer 1

public static bool CheckUserAdminOrNot(your arguments)
{
    string currentUser = HttpContext.Current.Request.LogonUserIdentity.Name;
    string str = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    string[] words = currentUser.Split('\\');
    currentUser = words[1];
    bool appuser = IsApplicationUser(currentUser);
    if (appuser)
    {
        DataSet ds = new DataSet();
        using (SqlConnection connection = new SqlConnection(str))
        {
            SqlCommand command = new SqlCommand();
            command.Connection = connection;
            string strquery = "select Role_Cd from User_Role where AppCode='PM' and UserID = '" + currentUser + "'";
            SqlCommand cmd = new SqlCommand(strquery, connection);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(ds);
        }

        if(user is not Admin)

            return string that you want....
        }
    }
}

之后你在ajax中获得响应，使用这个响应并重定向页面并在你想要的url中传递值...

基于权限的gridview编辑警报

1 个答案: