我有程序"GetCurrentUserRoleByDomainLogin",它返回UserRole。
我想在另一个过程(GroupInsertUpdateDelete)的条件下执行此过程,但它给我语法错误。
这是" GetCurrentUserRoleByDomainLogin":
CREATE PROCEDURE [dbo].[GetCurrentUserRoleByDomainLogin]
AS
SELECT UserRole FROM [User]
JOIN Role on [User].UserRole=Role.RoleId
WHERE [User].DomainLogin = (SELECT SYSTEM_USER)
这是" GroupInsertUpdateDelete:"
CREATE PROCEDURE [dbo].[GroupInsertUpdateDelete]
@GroupName nvarchar(50),
@GroupRole nvarchar(50),
@StatementType nvarchar(50),
@UserRole nvarchar(50) = CALL GetCurrentUserRoleByDomainLogin
AS
IF EXISTS (SELECT * FROM Groups WHERE GroupName=@GroupName)
PRINT 'Group with such GroupName already exists'
ELSE
IF @StatementType = 'Insert' AND @UserRole = 'Admin'
BEGIN
insert into [Group]
(GroupName,RoleName)
values (@GroupName, @GroupRole)
PRINT 'Group was added successfully'
END
IF @StatementType = 'Update' AND @UserRole = 'Admin'
BEGIN
UPDATE [Group]
SET GroupName = @GroupName,
GroupRole = @GroupRole
WHERE GroupName = @GroupName
PRINT 'Group was updated successfully'
END
IF @StatementType = 'Delete' AND @UserRole = 'Admin'
BEGIN
DELETE FROM [Group] WHERE GroupName = @GroupName
PRINT 'Group was deleted successfully'
END
IF @StatementType = 'Select'
BEGIN
SELECT * from [Group]
END
这个字符串给我语法错误:
@UserRole nvarchar(50) = CALL GetCurrentUserRoleByDomainLogin
所以,为了让它变得更好,我想打电话给" GetCurrentUserRoleByDomainLogin"程序" GroupInsertUpdateDelete"过程并将它返回的值放入变量中,然后检查" if语句"中的最后一个值。我该怎么办?
答案 0 :(得分:0)
您必须编辑SP以添加OUTPUT参数:
CREATE PROCEDURE [dbo].[GetCurrentUserRoleByDomainLogin]
@UserRole nvarchar(50) OUTPUT
AS
SELECT TOP 1 @UserRole = UserRole
FROM [User] u
INNER JOIN [Role] r
ON u.UserRole = r.RoleId
WHERE u.DomainLogin = (SELECT SYSTEM_USER)
RETURN;
然后称之为:
DECLARE @UserRole nvarchar(50)
EXEC GetCurrentUserRoleByDomainLogin @UserRole OUTPUT
之后,您可以在SP中使用@UserRole。
答案 1 :(得分:0)
CALL不是SQL Server中的命令。相反,我们有EXECUTE或EXEC。而且我不认为你可以将它作为参数的默认值。请在第一行代码中执行此操作。
答案 2 :(得分:0)
您必须设置OUTPUT参数,例如此页面中的示例
Return Data from a Stored Procedure
USE AdventureWorks2012;
GO
IF OBJECT_ID('Sales.uspGetEmployeeSalesYTD', 'P') IS NOT NULL
DROP PROCEDURE Sales.uspGetEmployeeSalesYTD;
GO
CREATE PROCEDURE Sales.uspGetEmployeeSalesYTD
@SalesPerson nvarchar(50),
@SalesYTD money OUTPUT
AS
SET NOCOUNT ON;
SELECT @SalesYTD = SalesYTD FROM Sales.SalesPerson AS sp JOIN HumanResources.vEmployee AS e ON e.BusinessEntityID = sp.BusinessEntityID WHERE LastName = @SalesPerson;
RETURN
GO
答案 3 :(得分:0)
CREATE PROCEDURE [dbo].[GetCurrentUserRoleByDomainLogin]
@UserRole NVARCHAR(50) OUTPUT
AS
SELECT UserRole FROM [User]
JOIN Role on [User].UserRole=Role.RoleId
WHERE [User].DomainLogin = SYSTEM_USER
GO
要使用上述内容,请执行以下操作: -
DECLARE @MyUserRole NVARCHAR(50)
EXEC [dbo].[GetCurrentUserRoleByDomainLogin] @MyUserRole OUTPUT
说实话,我的偏好是重构第二个存储过程。这样就没有任何论据可以强制承担这个角色。
CREATE PROCEDURE [dbo].[GroupInsertUpdateDelete]
@GroupName nvarchar(50),
@GroupRole nvarchar(50),
@StatementType nvarchar(50)
AS
IF EXISTS (SELECT * FROM Groups WHERE GroupName=@GroupName)
PRINT 'Group with such GroupName already exists'
ELSE
BEGIN
IF @StatementType = 'Select'
BEGIN
SELECT * from [Group]
END
ELSE
BEGIN
DECLARE @UserRole nvarchar(50)
SELECT UserRole
FROM [User]
INNER JOIN Role on [User].UserRole=Role.RoleId
WHERE [User].DomainLogin = SYSTEM_USER
IF @UserRole='Admin'
BEGIN
IF @StatementType = 'Update'
BEGIN
UPDATE [Group]
SET GroupName = @GroupName,
GroupRole = @GroupRole
WHERE GroupName = @GroupName
PRINT 'Group was updated successfully'
END
IF @StatementType = 'Insert'
BEGIN
insert into [Group]
(GroupName,RoleName)
values (@GroupName, @GroupRole)
PRINT 'Group was added successfully'
END
IF @StatementType = 'Delete' AND @UserRole = 'Admin'
BEGIN
DELETE FROM [Group] WHERE GroupName = @GroupName
PRINT 'Group was deleted successfully'
END
END
END
GO
我不得不说我会建议不要单独执行此操作,特别是因为它与您的应用程序的安全性有关。
有权执行此过程的人可以在您的群组中执行他们喜欢的任何CRUD。我强烈建议在这里分工。 可以阅读团体信息的人可能不是您想要修改它的人。 从机械上讲,你可以做到,但这是一个好主意吗?