Setting up user permissions for reading and writing document files in IIS7
I want to make a very simple CMS for my sites. So what I am thinking is this a user logs in and a list of their pages shows up. Now they change their ends and save it. My C# code would then write over the file/section.
So I don't think it would be to bad to do this however I am not sure about how it works with read and write premission and how to set it up.
Like I want the user to only be able to read and write to their files they own.
So if User A has Page1.html and Page2.html they can only开发者_C百科 read those files and write to those files they can touch User B's page3.html and Page4.html
So how would I setup this up?
Thanks
When you create your list of files, you will be reading that list from a database repository. Include in that code conditions that allow only those records for which the user has permission.
The most straightforward way to do this is to create a table with two columns: UserID and DocumentID. A presence of a record in the table indicates that the user has permission to that particular document. Add records to this table that give the user permissions to the appropriate documents.
Then, when you read the documents from the database, you can join this table to the documents table via the DocumentID, and filter the table by UserID. This will return only those records for which the user has permission. You can then use that set of records as the basis for the list of documents that you display to the user.
You could employ a cms the SharePoint way. You begin with a base file on the network. If a change to it is made then the page is stored in a database. each subsequent change is a db change and the application renders the last entry in the table for that page.
this does two things. first, you can see revisions and re-instate them. you can see a complete history of the page, who made the changes and when.
it also allows you to lock pages within the database and assign roles/users against the pages. you can then apply a decoration to the controller which checks rights and either renders the page or displays a access denied page and then log the attempted access to the page.
i know this sounds complex but can you foresee a time when after you've gone live with your cms that the client is going to want more from it? you need to implement a solution that's adaptable to needs.
if it's worth writing then it's worth writing well.
精彩评论