基于权限的gridview编辑警报

我有一个gridview与编辑选项在行的开始。此外，我还维护了一个名为Permission的单独表，用于维护用户权限。我有三种不同类型的权限，比如管理员、主管、程序员。这三个人都可以进入网格视图。除了管理员，如果有人试图编辑gridview点击编辑选项，我需要给一个警报，如This row has important validation and make sure you make proper changes。

当我编辑时，动作将发生在名为Application的表上。表中有一列叫做Comments。而且，只有当他们尝试编辑Comments列中有这些值的行时，才会出现警告。

ManLog datasFunding ApprovedExported Applications

My try so far.

public bool IsApplicationUser(string userName)
{
    return CheckUser(userName);
}
public static bool CheckUser(string userName)
{
    string CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    DataTable dt = new DataTable();
    using (SqlConnection connection = new SqlConnection(CS))
    {
        SqlCommand command = new SqlCommand();
        command.Connection = connection;
        string strquery = "select * from Permissions where AppCode='Nest' and UserID = '" + userName + "'";
        SqlCommand cmd = new SqlCommand(strquery, connection);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);
    }
    if (dt.Rows.Count >= 1)
        return true;
    else
        return true;
}
 protected void Details_RowCommand(object sender, GridViewCommandEventArgs e)
{
    string currentUser = HttpContext.Current.Request.LogonUserIdentity.Name;
    string str = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    string[] words = currentUser.Split('''');
    currentUser = words[1];
    bool appuser = IsApplicationUser(currentUser);
    if (appuser)
    {
        DataSet ds = new DataSet();
        using (SqlConnection connection = new SqlConnection(str))
        {
            SqlCommand command = new SqlCommand();
            command.Connection = connection;
            string strquery = "select Role_Cd from User_Role where AppCode='PM' and UserID = '" + currentUser + "'";
            SqlCommand cmd = new SqlCommand(strquery, connection);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(ds);
        }
        if (e.CommandName.Equals("Edit") && ds.Tables[0].Rows[0]["Role_Cd"].ToString().Trim() != "ADMIN")
        {
            int index = Convert.ToInt32(e.CommandArgument);
            GridView gvCurrentGrid = (GridView)sender;
            GridViewRow row = gvCurrentGrid.Rows[index];
            string strID = ((Label)row.FindControl("lblID")).Text;
            string strAppName = ((Label)row.FindControl("lblAppName")).Text;
            Response.Redirect("AddApplication.aspx?ID=" + strID + "&AppName=" + strAppName + "&Edit=True");
        }
    }
}

如果我需要添加一些东西，请让我知道。谢谢你的建议。

public static bool CheckUserAdminOrNot(your arguments)
{
    string currentUser = HttpContext.Current.Request.LogonUserIdentity.Name;
    string str = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    string[] words = currentUser.Split('''');
    currentUser = words[1];
    bool appuser = IsApplicationUser(currentUser);
    if (appuser)
    {
        DataSet ds = new DataSet();
        using (SqlConnection connection = new SqlConnection(str))
        {
            SqlCommand command = new SqlCommand();
            command.Connection = connection;
            string strquery = "select Role_Cd from User_Role where AppCode='PM' and UserID = '" + currentUser + "'";
            SqlCommand cmd = new SqlCommand(strquery, connection);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(ds);
        }
        if(user is not Admin)
            return string that you want....
        }
    }
}