C# 管理授权

Question

我在为启用了两个/三个不同区域的用户管理授权时遇到问题，例如，具有此配置文件的用户我没有问题：

User = Foo 
Area = East 
Level = 2 

相反，对于用户个人资料：

User = Pluto 
Area = East 
Area = West 
Level = 2 

语句 Users() 根据成员区域和预期级别（0、1 和 2）对授权用户表执行访问控制，仅考虑西区用户冥王星，而不是同时启用东区和西区。

下面是我的代码。

任何帮助将不胜感激，在此先感谢。

protected void Users()
{
    using (OdbcConnection conn =
        new OdbcConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString))
    {
        sql = " SELECT * FROM ";
        sql = sql + " tblUsers ";
        sql = sql + " WHERE (Email = ? ";
        sql = sql + " AND degree IS NOT NULL); ";

        using (OdbcCommand command =
            new OdbcCommand(sql, conn))
        {
            try
            {
                command.Parameters.AddWithValue("param1", Server.UrlDecode(Request.Cookies["email"].Value));
                command.Connection.Open();

                using (OdbcDataReader reader = command.ExecuteReader())
                {
                    while (reader.Read())
                    {
                        degree = reader["degree"].ToString();
                        area = reader["Area"].ToString();
                    }
                }
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally
            {
                command.Connection.Close();
            }
        }
    }
}

编辑 1

    string Level;
    string Area;

    public class GrantUser
    {
        public string Area { get; set; }
        public string Level { get; set; }

        public GrantUser() { }
        public GrantUser(string Area, string Level)
        {
            this.Area = Area;
            this.Level = Level;
        }
    }


    protected void Users()
    {
        using (OdbcConnection conn =
            new OdbcConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString))
        {
            sql = " SELECT * FROM tblUsers WHERE (Email = ? AND Level IS NOT NULL); ";

            using (OdbcCommand command =
                new OdbcCommand(sql, conn))
            {
                try
                {
                    command.Parameters.AddWithValue("param1", Server.UrlDecode(Request.Cookies["email"].Value));
                    command.Connection.Open();

                    List<GrantUser> lsGrantUser = new List<GrantUser>();

                    using (OdbcDataReader reader = command.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            Level = reader["Level"].ToString();
                            Area = reader["Area"].ToString();

                            lsGrantUser.Add(new GrantUser(reader["Area"].ToString(), reader["Level"].ToString()));
                        }
                    }
                }
                catch (Exception ex)
                {
                    throw ex;
                }
                finally
                {
                    command.Connection.Close();
                }
            }
        }
    }


    protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
    {
        if (e.Row.RowType == DataControlRowType.DataRow)
        {
            Label area = (Label)e.Row.FindControl("Area");

            if (!string.IsNullOrEmpty(Level.ToString()))
            {
                if (Level.ToString() == "0")
                {
                       //here the condition 0
                }

                if (Level.ToString() == "1")
                {
                    if (area.Text == Area.ToString())
                    {
                       //here the condition 1
                    }
                }

                if (Level.ToString() == "2")
                {
                    if (area.Text == Area.ToString())
                    {
                       //here the condition 2
                    }
                }
            }
        }
    }




 public DataTable GridViewBind()
    {
        sql = " SELECT ....... ; ";

        try
        {
            dadapter = new OdbcDataAdapter(sql, conn);

            dset = new DataSet();
            dset.Clear();
            dadapter.Fill(dset);
            DataTable dt = dset.Tables[0];
            GridView1.DataSource = dt;

            conn.Open();
            GridView1.DataBind();

            if (dt.Rows.Count == 0)
            {
                Page.ClientScript.RegisterStartupScript(this.GetType(), "Alert", "alert('No data.');", true);               
            }

            return dt;
        }
        catch (Exception ex)
        {
            throw ex;
        }
        finally
        {
            dadapter.Dispose();
            dadapter = null;
            conn.Close();
        }
    }

编辑 2

Users();
GridView1.DataBind();

Answer 1

如果我理解您的问题，听起来您有 Area 属性，它可以采用许多不同的值，例如“East”、“West”，我会假设“North”和“South”（或类似的东西）。

在这种情况下，我会从这样的枚举开始：

enum Areas
{
   East, West, North, South
}

然后将Area的类型从string改为Areas：

public class GrantUser
{
    public Areas Area { get; set; }
    public string Level { get; set; }

    public GrantUser() { }
    public GrantUser(Areas Area, string Level)
    {
        this.Area = Area;
        this.Level = Level;
    }
}

现在您只能将GrantUser.Area 设置为列表中的值之一（否则您将无法编译）：

GrantUser user = GetUserFromSomewhere();
user.Area = Areas.East; //valid
user.Area = Areas.Elsewhere; // invalid, won't compile

最后，如果您希望一个用户能够有多个“区域”分配给他们，那么我们将给枚举一个[Flags] 属性，创建一个默认的None 值，然后为每个项目分配一个以 2 的幂增加的值（听起来令人困惑，但一旦你做了几次就会感觉正常）。更多信息请查看“FlagsAttribute Class”。

[Flags]
public enum Areas
{
   None = 0, East = 1, West = 2, North = 4, South = 8
}

最后，要让用户同时访问East 和West，我们只需要将这些区域组合在一起即可：

GrantUser user = GetUserFromSomewhere();
user.Area = Areas.East | Areas.West; //Gives a value of 3, which is 1 + 2

请注意，当我们对 2 的幂进行 OR 时，这与将它们加在一起是相同的，但这只是因为位排列为 2 的幂的方式（并且是另一个主题）。请注意，在一般情况下这不是真的。即：3 | 7 == 7。

现在要检查用户可以访问哪些Area，请使用 AND 运算符：

if(user.Area & Areas.East == Areas.East) {//has access to East}
if(user.Area & Areas.West == Areas.West) {//has access to West}

如需进一步阅读和详细的代码示例，请查看Enumeration Types C# Programming Guide。