用ASP实现分级权限控制
本文实现的是一个帐务管理系统中分级权限的控制,程序使用ASP和JavaScript编写,在装有IIS4.0的win NT服务器上运行,速度快,易维护。
权限级别划分如下:
①、院长和财务科长:不能输入,可以无限制查询、统计;
②、副院长:不能输入,可以查询、统计其分管部门的帐务;
③、部门领导:不能输入,可以查询、统计本部门的帐务;
④、会计:能输入各部门的帐务(一个会计有时要做几个部门的帐),只能查询、统计自己输入的帐务。
涉及的数据库和字段如下
①、JK_USER数据库及字段:id(序列号),bmid(部门号),username(用户名),pwd(口令),right(权限值);
②、BM数据库及字段:id(序列号) ,bmid(部门号);
③、JZPZ数据库及字段:id(序列号),bm(部门), zgs(子公司),xmz(项目组),xm(项目),sr(收入),zc(支出),szfx(收支方向),szxs(收支形式),rq(日期),jbr(经办人),lrr(录入人),szsm(收支说明);
④、ZGS数据库及字段:id(序列号),zgs(子公司)name(公司名),bmid(部门编号)。
1.首先进行用户身份合法性验证
将用户提交的用户名和口令与数据库JK_USER中的字段对照对照,以确定其合法性,只有合法的用户(系统管理员为其开过户)才可以进入,合法用户有四种权限级别,分别赋予“1”、“2”、“3”、“4”四种权限值。(程序略)。
2.凭证记帐(分级权限控制)
凭证记帐功能是专为会计人员服务的,其他人不可以使用,如以非会计人员身份进入凭证录入界面时,只有“查询记帐凭证”功能按钮可见,其它功能按钮不可见。录入的凭证先存放在一个临时表里,称为“未记帐凭证库”,只有运行“凭证记帐”功能后才进入“凭证库”在“未记帐凭证库”中的凭证可以修改。部分程序如下:
’非会计人员进入,不显示“凭证记帐”和“保存未记帐凭证”功能按钮
if (thisPage.firstEntered) then
if session("tright")<> "1" then
button1.hide
button2.hide
end if
…………
’自动填写时间和操作人
Textbox7.value=year(date) & "-" & month(date) & "-" & day(date)
Textbox9.value =session("username")
set cnn1=server.CreateObject("adodb.connection")
set rst1=server.CreateObject("adodb.recordset")
cnn1.CursorLocation=3
cnn1.ConnectionTimeout =30
cnn1.Open "DSN=jky"
rst1.Open "select * from bm ",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
RST1.MoveFirst
Id=rst1.Fields("id")
do while not rst1.EOF
Listbox3.addItem rst1.Fields("bmName"),cint(rst1.Fields("id"))
“Response.Write rst1.Fields("bmname") & rst1.Fields("id")
rst1.MoveNext
loop
end if
rst1.Close
rst1.Open "select zgsname from zgs where bmid=" & id,cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
rst1.MoveFirst
do while not rst1.EOF
Listbox4.addItem cstr(rst1.Fields("zgsname"))
rst1.MoveNext
loop
end if
rst1.Close
cnn1.close
call writerst
end if
end function
………………
’凭证记帐
sub button2_onclick
dim s
s=Listbox1.selectedIndex
Response.Write s
end sub
sub listbox3_onchange
dim id,i
i=Listbox4.getCount()
do while i>-1
call Listbox4.removeItem(i)
i=i-1
loop
id=listbox3.getValue (listbox3.selectedIndex)
set cnn2=server.CreateObject("adodb.connection")
set rst2=server.CreateObject("adodb.recordset")
cnn2.CursorLocation=3
cnn2.ConnectionTimeout =30
cnn2.Open"DSN=jky"
rst2.Open "select zgsName from zgs where bmid=" & id,cnn2,1,1,adcmdtext
if rst2.RecordCount >0 then
RST2.MoveFirst
do while not rst2.EOF
Listbox4.addItem cstr(rst2.Fields("zgsName"))
rst2.MoveNext
loop
end if
rst2.Close
cnn2.Close
end sub
sub button2_onclick
set cnn5=server.CreateObject("adodb.connection")
cnn5.CursorLocation=3
cnn5.ConnectionTimeout =30
cnn5.Open"DSN=jky"
cnn5.Execute "insert into jzpz(bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq,jbr,lrr,szsm) select bm,zgs,xmz,xm,sr,zc,szfx,szxs,rq,jbr,lrr,szsm from wjzpz where lrr=“" & session("username") & "“"
cnn5.Execute "delete from wjzpz where lrr=“" & session("username") & "“"
end sub
3.数据查询(分级权限控制)
以凭证的字段为条件进行查询,在供选条件前有一方框供打“√”,其中“部门“条件必选(程序自动加上),部门内容由程序根据用户的权限自动从数据库中调用相应值,分公司内容根据所属部门自动调整,部分程序如下:
……………
’根据权限值进入相应的查询界面
……………
function thisPage_onenter()
set cnn1=server.CreateObject("adodb.connection")
set rst1=server.CreateObject("adodb.recordset")
cnn1.CursorLocation=3
cnn1.ConnectionTimeout =30
cnn1.Open "dsn=jky"
select case session("Tright")
case "3"“副院长
rst1.Open "select bm.bmName from jk_user ,bm where JK_user.bmid=bm.id and jk_user.username =“"& session("username") & "“",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
RST1.MoveFirst
do while not rst1.EOF
Listbox1.addItem cstr(rst1.Fields("bmName"))
rst1.MoveNext
loop
end if
rst1.Close
rst1.Open "select zgsname from zgs ",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
rst1.MoveFirst
do while not rst1.EOF
Listbox2.addItem cstr(rst1.Fields("zgsname"))
rst1.MoveNext
loop
end if
rst1.Close
cnn1.close
Checkbox1.setChecked (true)
case "2"“部门经理
Listbox1.addItem session("bm")
rst1.Open "select zgsname from zgs where bmid=" & session("bmid"),cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
rst1.MoveFirst
do while not rst1.EOF
Listbox2.addItem cstr(rst1.Fields("zgsname"))
rst1.MoveNext
loop
end if
rst1.Close
cnn1.close
Checkbox1.setChecked (true)
“Checkbox1.0
case "1"“会计
rst1.Open "select bmName from bm ",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
RST1.MoveFirst
do while not rst1.EOF
Listbox1.addItem cstr(rst1.Fields("bmName"))
rst1.MoveNext
loop
end if
rst1.Close
rst1.Open "select zgsname from zgs ",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
rst1.MoveFirst
do while not rst1.EOF
Listbox2.addItem cstr(rst1.Fields("zgsname"))
rst1.MoveNext
loop
end if
rst1.Close
cnn1.close
case "4"“院长
rst1.Open "select bmName from bm ",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
RST1.MoveFirst
do while not rst1.EOF
Listbox1.addItem cstr(rst1.Fields("bmName"))
rst1.MoveNext
loop
end if
rst1.Close
rst1.Open "select zgsname from zgs ",cnn1,1,1,adcmdtext
if rst1.RecordCount >0 then
rst1.MoveFirst
do while not rst1.EOF
Listbox2.addItem cstr(rst1.Fields("zgsname"))
rst1.MoveNext
loop
end if
rst1.Close
cnn1.close
end select
end if
…………
end function
’按照权限查询凭证
sub button1_onclick
dim rst2,cnn2,str,i
dim bm(1),zgs(1),xmz(1),xm(1),szfx(1),szxs(1),rq(2),jbr(1)
bm(0)=Checkbox1.getChecked()
if bm(0) then
bm(1)=Listbox1.getText(Listbox1.selectedIndex )
str=" and bm=“" & bm(1) & "“"
end if
zgs(0)=Checkbox2.getChecked()
if zgs(0) then
zgs(1)=Listbox2.getText(Listbox2.selectedIndex )
str=str & " and zgs =“"& zgs(1) & "“"
end if
xmz(0)=Checkbox3.getChecked()
if xmz(0) then
xmz(1)=trim(txtxmz.value )
str=str & " and xmz like “%" & xmz(1) & "%“"
end if
xm(0)=Checkbox4.getChecked()
if xm(0) then
xm(1)=trim(tztxm.value )
str=str & " and xm like “%" & xm(1) & "%“"
end if
szfx(0)=Checkbox5.getChecked()
if szfx(0) then
szfx(1)=Listbox3.getText(Listbox3.selectedIndex )
str =str & " and szfx =“" & szfx(1) & "“"
end if
szxs(0)=Checkbox6.getChecked()
if szxs(0) then
szxs(1)=Listbox4.getText(Listbox4.selectedIndex )
str =str & " and szxs =“" & szxs(1) & "“"
end if
jbr(0)=Checkbox8.getChecked()
if jbr(0) then
jbr(1)=trim(txtjbr.value )
str =str & " and jbr like “%" & jbr(1) & "%“"
end if
set cnn2=server.CreateObject("adodb.connection")
set rst2=server.CreateObject("adodb.recordset")
cnn2.CursorLocation=3
cnn2.ConnectionTimeout =30
cnn2.Open "dsn=jky"
Response.Write "
"
Response.Write "
"
Response.Write "
"
Response.Write "
记 帐 凭 证 列 表"
Response.Write "
"
Response.Write "
"
Response.Write "
"
Response.Write "部 门"
Response.Write "
"
Response.Write "子公司"
Response.Write "
"
Response.Write "项目组"
Response.Write "
"
Response.Write "项目名/合同号"
Response.Write "
"
Response.Write "收入金额(万元)"
Response.Write "
"
Response.Write "支出金额(万元)"
if session("Tright")="1" then
“Response.Write "AAAAAAAA"
rst2.Open "select * from jzpz where id>0 and lrr=“" & session("username") & "“" & str ,cnn2,1,1,adcmdtext
else
“Response.Write "FFFFFFFFFFFFF"
rst2.Open "select * from jzpz where id>0 " & str ,cnn2,1,1,adcmdtext
end if
if rst2.RecordCount >0 then
rst2.MoveFirst
rst2.PageSize =20
rst2.AbsolutePage =1
i=0
do while not rst2.EOF and i< rst2.PageSize
Response.Write "
"
Response.Write "
"& rst2.Fields("bm")& ""
Response.Write "
"& rst2.Fields("zgs")& ""
Response.Write "
"& rst2.Fields("xmz")& ""
Response.Write "
Response.Write "
"& rst2.Fields("sr")& ""
Response.Write "
"& rst2.Fields("zc")& ""
Response.Write ""
i=i+1
rst2.MoveNext
loop
end if
Response.Write ""
Response.Write "
"
j= rst2.PageCount
Response.Write "
共有页数: "
for i=1 to j
Response.Write "" & i & "" & " "
if j mod 10= 0 then
Response.Write "
"
end if
next
Response.Write "
"
rst2.Close
cnn2.Close
…………
end sub
应用以上程序,可以根据用户的权限,按照用户的要求实行订制查询,该系统在win NT、IIS4.0和win98、PWS上运行通过。