My boss at work told me to implement a new technique of user access to a website i am developing. He wants the users to have a number sotred in the database as there access level. This number, however, would not be the usual number equals a certain access level. Rather more like the UNIX permissions vector style access.
For example, we have 3 types of user levels. (You dont need to know what these do or anything)
1. edit customer allowing
2. syncronising jobs
3. admin
so if the users number was 2 that would correspond to 011 in binary and would therefor have both 1 and 2 permissions (as listed above)
if it was 7 the users permissions would have all 3 of the listed permissions.
Get me?
How on earth do i implement this? Im using C# and I have made a class called UserAccess which will be passed in a username to "get" that users current level.ok in SQL you wouldn't use a binary field... rather use a integer.
1
2
4
8
16
32
64
etc
and in a stored procedure you
select the max and loop until 0.
if i can find my stored procedure i will post it later.I see what your saying, and I did mean to have it as an integer field. But I was wanting more of a code implementation rather than a sql implementation.
all i want to do is go liek this:
UserAccess ua = new UserAccess("PaulJones")
if(ua.IsAdmin)
{
do admin stuff
}
In my UserAccess class have a property that does some bitwise operations on the users level (which is retreived from the database) which may be a 2 or 3, and see what the user is allowed to do.
Ive heard you can use the << or the >> operators but i dont know how they could be used in this instance>> is called a bit shift operand.
They are used by shifting the value the value left or right depending on the direction of the shifter. A division operand works the same way by dividing by 2. It works the same.Ok i found a way to do it, I had to use the BitVector32 Class in the system.collections.specialise group. It has ways of extracting specific bits of a bitstring and seeing if they are 1 or 0, i will post the code tomorrow.the following code gets the first 5 bits of a bit string and checkes if they are 1 or 0
in C#
using System.Collections.Specialized;
BitVector32.Section section1,section2,section3,section4,section5;
BitVector32 userAccessBit;
section1 = BitVector32.CreateSection(1);
section2 = BitVector32.CreateSection(1,section1);
section3 = BitVector32.CreateSection(1,section2);
section4 = BitVector32.CreateSection(1,section3);
section5 = BitVector32.CreateSection(1,section4);
userAccessBit = new BitVector32(_accessLevel);
// where _accessLevel is an int representaion of the bit vector you wish to check
// i.e. 5 = 00101, 31 = 11111, etc...
bool bit1 = userAccessBit[section1] == 1
bool bit2 = userAccessBit[section2] == 1
bool bit3 = userAccessBit[section3] == 1
bool bit4 = userAccessBit[section4] == 1
bool bit5 = userAccessBit[section5] == 1
that should be about it, although a small note, the "1" in the code:
section1 = BitVector32.CreateSection(1);
section2 = BitVector32.CreateSection(1,section1);
is the number conversion of the number of bits to be in the section. I.e if you wanted 2 bits in each section you would use 3 not 1, if you wanted 3 bits you would use 7
hope that helps anyone with the same problem i hadYeah but if you wanted role based authentication you should have just not re-invented the wheel. Considering the fact if you implemented the first the part of the forms authentication then provided custom roles on assignment you could have done this so it is portable.
if(Page.User.Identity.IsInRole("My Admin"))
{
}
if you want the source code for this, there are 3 files, a login page and code behind, along with a peice in the global.asax that re-assigns the access on each page request.well the only real reason i chose to do it this way was so that we coul dhave just 1 little int field in the database, retrieve it and checkit against the class. In the not to distant future we plan to have an admin page that will operate much like the UNIX chmod comand in a sense.but the unix version allows for groups something that this still does not. You would need a double vector class to do something like that.
chmod 777 -R
this is 1 + 2 + 4 or Read + Write + Delete each number is a vector of the group. User, Group, Everyone. You wouldn't want teh 3rd vector but you would want the second, as it would allow for implicit user premissions by group access.you mean read + write + execute?
and I think I may have been a little to literal when i said i wanted it like the UNIX one, what i meant by the is that each user has 1 "vector" associated to them, this vector is NOT a litteral vector, rather 1 int entry in the DB. This int will be interpreted as, for example 10011. each bit in the bit string will represent a access that we have in our system, wether it be admin, allowing to update certain pages etc...
Hope i cleared something up, i really think we are thinking about this differently
I will upload my code later that will show you how to do this.I will upload my code later that will show you how to do this.
I have done it. Thats what the code i posted earlier does. I just thought that we got our wires crossed from post 1.
The code I posted is complete and works fine. So thanks anyways but, yeah, its done
For example, we have 3 types of user levels. (You dont need to know what these do or anything)
1. edit customer allowing
2. syncronising jobs
3. admin
so if the users number was 2 that would correspond to 011 in binary and would therefor have both 1 and 2 permissions (as listed above)
if it was 7 the users permissions would have all 3 of the listed permissions.
Get me?
How on earth do i implement this? Im using C# and I have made a class called UserAccess which will be passed in a username to "get" that users current level.ok in SQL you wouldn't use a binary field... rather use a integer.
1
2
4
8
16
32
64
etc
and in a stored procedure you
select the max and loop until 0.
if i can find my stored procedure i will post it later.I see what your saying, and I did mean to have it as an integer field. But I was wanting more of a code implementation rather than a sql implementation.
all i want to do is go liek this:
UserAccess ua = new UserAccess("PaulJones")
if(ua.IsAdmin)
{
do admin stuff
}
In my UserAccess class have a property that does some bitwise operations on the users level (which is retreived from the database) which may be a 2 or 3, and see what the user is allowed to do.
Ive heard you can use the << or the >> operators but i dont know how they could be used in this instance>> is called a bit shift operand.
They are used by shifting the value the value left or right depending on the direction of the shifter. A division operand works the same way by dividing by 2. It works the same.Ok i found a way to do it, I had to use the BitVector32 Class in the system.collections.specialise group. It has ways of extracting specific bits of a bitstring and seeing if they are 1 or 0, i will post the code tomorrow.the following code gets the first 5 bits of a bit string and checkes if they are 1 or 0
in C#
using System.Collections.Specialized;
BitVector32.Section section1,section2,section3,section4,section5;
BitVector32 userAccessBit;
section1 = BitVector32.CreateSection(1);
section2 = BitVector32.CreateSection(1,section1);
section3 = BitVector32.CreateSection(1,section2);
section4 = BitVector32.CreateSection(1,section3);
section5 = BitVector32.CreateSection(1,section4);
userAccessBit = new BitVector32(_accessLevel);
// where _accessLevel is an int representaion of the bit vector you wish to check
// i.e. 5 = 00101, 31 = 11111, etc...
bool bit1 = userAccessBit[section1] == 1
bool bit2 = userAccessBit[section2] == 1
bool bit3 = userAccessBit[section3] == 1
bool bit4 = userAccessBit[section4] == 1
bool bit5 = userAccessBit[section5] == 1
that should be about it, although a small note, the "1" in the code:
section1 = BitVector32.CreateSection(1);
section2 = BitVector32.CreateSection(1,section1);
is the number conversion of the number of bits to be in the section. I.e if you wanted 2 bits in each section you would use 3 not 1, if you wanted 3 bits you would use 7
hope that helps anyone with the same problem i hadYeah but if you wanted role based authentication you should have just not re-invented the wheel. Considering the fact if you implemented the first the part of the forms authentication then provided custom roles on assignment you could have done this so it is portable.
if(Page.User.Identity.IsInRole("My Admin"))
{
}
if you want the source code for this, there are 3 files, a login page and code behind, along with a peice in the global.asax that re-assigns the access on each page request.well the only real reason i chose to do it this way was so that we coul dhave just 1 little int field in the database, retrieve it and checkit against the class. In the not to distant future we plan to have an admin page that will operate much like the UNIX chmod comand in a sense.but the unix version allows for groups something that this still does not. You would need a double vector class to do something like that.
chmod 777 -R
this is 1 + 2 + 4 or Read + Write + Delete each number is a vector of the group. User, Group, Everyone. You wouldn't want teh 3rd vector but you would want the second, as it would allow for implicit user premissions by group access.you mean read + write + execute?
and I think I may have been a little to literal when i said i wanted it like the UNIX one, what i meant by the is that each user has 1 "vector" associated to them, this vector is NOT a litteral vector, rather 1 int entry in the DB. This int will be interpreted as, for example 10011. each bit in the bit string will represent a access that we have in our system, wether it be admin, allowing to update certain pages etc...
Hope i cleared something up, i really think we are thinking about this differently
I will upload my code later that will show you how to do this.I will upload my code later that will show you how to do this.I have done it. Thats what the code i posted earlier does. I just thought that we got our wires crossed from post 1.
The code I posted is complete and works fine. So thanks anyways but, yeah, its done