Call the process of DBPERMISSION judgment permissions:
First, the program calls the Permission's getDenyrule and getAcceptrule to get the mask or accepted rules.
Then determine if there is permission.
There is no Denyrule in dbpermission, and Acceptrule has only one RuleImpl.
RuleImpl's judgment rule is: obtaining the property corresponding to the validity in the role getMissionProp property, making judgment,
If this property is not permissible. If there is a property, it is determined whether it can be passed by determining whether the Permission PermissionItem (request judgment item) and the Role correspond to whether it can be adopted.
Of course, you can set the Role's PermissionProp when inherited.
The current dbrole's permissionProp is obtained from the table TBLpermissionRole.
for example:
TBLROLE Table: ID Name ................ 1 finance
TBLPERMISSION Table ID Permission Subpermission Property .....................
1 Machine Read Department; SEX
2 Measure Null Null
TBLPERMISSIONROLE Table ID Role_ID Permission Properties
1 1 Machine: Read Department; 2; SEX; 2
2 2 measure null
In the above representation, the role 1 When department is 2 and SEX is 2, there is a privilege of Machine: Read,
No matter how the parameters have permissions permission
