WO2023087278A1 - Cloud platform permission setting method and apparatus, terminal device, and storage medium - Google Patents

Cloud platform permission setting method and apparatus, terminal device, and storage medium Download PDF

Info

Publication number
WO2023087278A1
WO2023087278A1 PCT/CN2021/131905 CN2021131905W WO2023087278A1 WO 2023087278 A1 WO2023087278 A1 WO 2023087278A1 CN 2021131905 W CN2021131905 W CN 2021131905W WO 2023087278 A1 WO2023087278 A1 WO 2023087278A1
Authority
WO
WIPO (PCT)
Prior art keywords
function
interface
page
role
information
Prior art date
Application number
PCT/CN2021/131905
Other languages
French (fr)
Chinese (zh)
Inventor
邓玉芳
季统凯
贺忠堂
Original Assignee
国云科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国云科技股份有限公司 filed Critical 国云科技股份有限公司
Priority to PCT/CN2021/131905 priority Critical patent/WO2023087278A1/en
Publication of WO2023087278A1 publication Critical patent/WO2023087278A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the embodiments of the present application relate to the field of cloud platforms, and in particular, to a cloud platform authority setting method, device, terminal equipment, and storage medium.
  • a set of permission control methods will be set up on the current cloud platforms.
  • the functional permissions of most cloud platforms are generally divided according to functional modules, such as cloud server modules, storage modules, network modules, mirroring modules, and monitoring modules.
  • each functional module will configure sub-modules and configure the permissions of each functional interface under the sub-modules.
  • a certain function of a functional module will depend on the functions of other functional modules. For example, the function of creating a virtual machine will depend on the image module. Mirror list function, network list of network module, subnet list function and disk list function of disk type module, etc.
  • the embodiment of the present invention provides a cloud platform authority setting method, device, terminal equipment and storage medium, which solves the technical problem of low efficiency of authority setting in the process of setting authority for cloud platform in the prior art.
  • the embodiment of the present invention provides a cloud platform permission setting method, comprising the following steps:
  • Obtain the module data of the functional module on the cloud platform page configure the page function table according to the module data, and include the function information of each function of each function module in the described page function table;
  • the page function-dependent interface table includes each of the functions and each of the Correspondence between the above interfaces;
  • a role function authorization table is configured, and the function that each role can use is included in the role function authorization table;
  • the specific process of obtaining the functional data of the functional modules on the cloud platform page and configuring the page function table according to the functional data is as follows:
  • the functions include N-level functions, and the i-th level function is a child function of the i-1th level function, and the i-th level function is the parent function of the i+1-th level function, where 2 ⁇ i ⁇ N- 1, N is a positive integer;
  • N-level functions in each of the function modules are determined according to the page layout structure, and a page function table is configured according to the function data and the N-level functions.
  • the specific process of configuring the page function table according to the function data and the N-level function is as follows:
  • the function information of the first-level function is configured in the page function table, and the first drop-down list is set in the function information of the first-level function;
  • the function data and the X-level function configure the function information of the X-level function in the X-1 drop-down list in the page function table, and set it in the function information of the X-level function
  • the function information of the Nth level function is set in the N-1th drop-down list.
  • the specific process of configuring the page function dependent interface table is as follows:
  • the specific process of configuring the role function authorization table according to the authority of each role and the page function table is as follows:
  • each role determines the functions that each role can use in different areas based on the page function table, and configure role function authorization according to the functions that each role can use in the different areas surface.
  • the specific process of determining whether the first role has permission to call the first interface is as follows:
  • the first role has the authority to call the first interface
  • If participating in authority detection determine the first area where the first role is located, and look up the target functions that the first role can use in the role function authorization table according to the first role and the first area;
  • the first role has permission to call the first interface; if not, the first role has no permission to call the first interface.
  • the embodiment of the present invention provides a cloud platform permission setting device, including a page function table configuration module, a system function interface table configuration module, a page function dependency interface table configuration module, a role function authorization table configuration module, and a permission judgment module ;
  • the page function table configuration module is used to obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and include the function information of each function of each function module in the page function table ;
  • the system function interface table configuration module is used to obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each of the interfaces in the system function interface table;
  • the page function dependent interface table configuration module is used to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table, and the page function dependent interface table includes The corresponding relationship between each of the functions and each of the interfaces;
  • the role function authorization table configuration module is used to configure a role function authorization table according to the authority of each role and the page function table, and the role function authorization table includes the functions that can be used by each role;
  • the authority judging module is used to determine the first role currently logged into the cloud platform, and when the first role calls the first interface, according to the page function dependent interface table, the role function authorization table and the system function interface table to determine whether the first role has permission to call the first interface.
  • an embodiment of the present invention provides a terminal device, where the terminal device includes a processor and a memory;
  • the memory is used to store a computer program and transmit the computer program to the processor
  • the processor is configured to execute the cloud platform authority setting method as described in the first aspect according to the instructions in the computer program.
  • an embodiment of the present invention provides a storage medium storing computer-executable instructions, and the computer-executable instructions are used to perform a cloud platform permission setting as described in the first aspect when executed by a computer processor method.
  • the embodiment of the present invention provides a cloud platform permission setting method, device, terminal equipment and storage medium, the method includes the following steps: obtain the module data of the functional modules on the cloud platform page, configure the page function table according to the module data, page The function table includes the function information of each function of each function module; obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and the system function interface table includes the interface information of each interface; According to the function information in the page function table and the interface information in the system function interface table, configure the page function dependent interface table, which includes the correspondence between each function and each interface; according to each role Permission and page function table, configure the role function authorization table, the role function permission table includes the functions that each role can use; determine the first role currently logged into the cloud platform, when the first role calls the first interface, according to The page function relies on the interface table, the role function authorization table and the system function interface table to determine whether the first role has permission to call the first interface.
  • the page function table including the function information of each function of each function module and the system function interface table including the interface information of each interface are respectively configured, and then according to the corresponding relationship between the function and the interface, the configuration
  • the page function depends on the interface table, and finally configures the role function authorization table including the functions that each role can use.
  • the page function depends on the interface table and the role function authorization table.
  • the system function interface table you can determine whether the role has permission to call the interface.
  • FIG. 1 is a flow chart of a method for setting permissions on a cloud platform provided by an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of interface information in a system function interface table provided by an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a page function dependency interface table provided by an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of an interface for assigning permissions to different roles provided by an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a cloud platform permission setting device provided by an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a terminal device provided by an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for setting permissions on a cloud platform provided by an embodiment of the present invention.
  • the cloud platform permission setting method provided by the embodiment of the present invention can be executed by a cloud platform permission setting device, which can be implemented by software and/or hardware, and the cloud platform permission setting device can be two or more It is composed of physical entities, and can also be composed of a physical entity.
  • the permission setting device of the cloud platform can be a computer, a host computer, a tablet and other devices.
  • the method includes the following steps:
  • Step 101 Obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and the page function table includes function information of each function of each function module.
  • the module data includes data such as the function name of each function of the function module and the function Chinese description of each function.
  • the function information of each function of each function module can be configured in the page function table.
  • the function information includes fields such as function ID, function name, function Chinese description, whether it is disabled, whether it is a menu item, whether it is a public function or not.
  • the function ID indicates the ID of the function in the page function table
  • the function name indicates the name of the function, such as creating a cloud server, etc.
  • the Chinese description of the function indicates the Chinese description information of the function
  • whether it is disabled indicates whether the function is disabled
  • whether the menu item indicates the function Whether the menu bar on the cloud platform page is displayed and whether it is a public function indicates whether the function is authorized by default.
  • the function data of the function modules of the cloud platform page and the page layout structure of the cloud platform page are obtained, and the page function table is configured according to the page layout structure and the function data.
  • the page layout structure of the cloud platform page needs to be acquired at the same time.
  • the page layout structure includes the actual display level of each function of each functional module on the page, according to each The actual display level of the function can determine the upper and lower relationship of each function, and then, the page function table can be configured according to the upper and lower relationship of each function and the function data of each functional module.
  • the function information can be set to Is the menu item field set to Yes.
  • the functions include N-level functions, and the i-th level function is a sub-function of the i-1th level function, and the i-th level function is the parent function of the i+1-th level function, where 2 ⁇ i ⁇ N-1, N is a positive integer.
  • the functions in each functional module include a parent function and a sub-function corresponding to the parent function, and the parent function is a superordinate concept of the sub-function.
  • the resource management function of the resource management module includes cloud server management functions
  • the cloud service management functions include functions such as cloud server list management, cloud server details viewing, creating cloud servers, and restarting cloud servers.
  • the resource management function is a level 1 function
  • the cloud server management function is a level 2 function
  • the functions such as cloud server list management, cloud server details viewing, creating a cloud server, and restarting a cloud server are level 3 functions.
  • the function information further includes a parent function ID field, where the parent function ID is the function ID of the parent function corresponding to the sub-function.
  • the actual display level of each function in the function module can be determined, and the first-level function, second-level function...N-level function in each function module can be determined according to the actual display level.
  • the page function table can be configured according to the function data and N-level functions.
  • the function ID of the parent function corresponding to each sub-function is set in the parent function ID field of other level functions, for example, the first
  • the parent function ID field of the level 2 function is set to correspond to the function ID of the level 1 function, and the whether menu item is set to No. It can be understood that the parent function ID field is not set in the function information of the first-level function.
  • the function information of the first-level function is configured in the page function table, and the first drop-down list is set in the function information of the first-level function.
  • the function information of the second-level function can be set in the first drop-down list, and the second drop-down list can be set under the function information of the second-level function, and then, according to the function data and Level 3 function, set the function information of the level 3 function in the 2nd drop-down list..., repeat this step until the N-1th drop-down list is set.
  • the function data and the Nth level function in the N-1th drop-down list, set the function information of the Nth level function.
  • the function information of the N-level function can be set. So far, the configuration of the page function table is completed.
  • the functional modules on the cloud platform page include a resource management module, obtain the module data of the resource management module and the page layout structure of the cloud platform page, according to the page layout structure, the resource management module
  • the resource management function is located at the top of the display layer, and the cloud server management function, storage management function, and network management function are located at the next display layer of the resource management function, such as cloud server list management, cloud server details view, cloud server creation, cloud server restart, etc. Functions are located at the next display level of cloud server management functions.
  • the resource management function is the first-level function
  • the cloud server management function, storage management function, and network management function are the second-level functions
  • Step 102 Obtain interface data of all interfaces on the cloud platform, configure a system function interface table according to the interface data, and the system function interface table includes interface information of each interface.
  • the specific process is: obtain the interface data of all interfaces on the cloud platform, and configure the system function interface table according to the interface data.
  • the system function interface table includes each Interface information of an interface.
  • the cloud platform includes a cloud server management interface
  • the cloud server management interface includes multiple sub-interfaces, such as the cloud server list management interface, the cloud server details view interface, the creation cloud server interface, and the restart cloud server interface.
  • Server interface close cloud server interface, delete cloud server interface, mount CD interface, unmount CD interface, etc.
  • the interface information in the system function interface table includes fields such as interface ID, parent interface ID, request path, function Chinese description, whether it is a public interface, whether it is a leaf item, and whether it participates in permission detection.
  • Figure 2 is the interface information for creating a virtual machine interface.
  • the function interface id id
  • the function interface parent ID parent_id
  • the request path path
  • the function Chinese description description
  • public interface commo_func
  • leaf item leaf port, whether to participate in permission detection: uncheck.
  • commo_func is 0, which means it is not a public interface
  • uncheck is 0, which means it does not participate in permission detection.
  • Step 103 Configure a page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table.
  • the page function dependent interface table includes the correspondence between each function and each interface.
  • the specific process of configuring the page function dependent interface table is as follows:
  • the page function dependency table includes association information
  • the association information includes fields such as auto-increment ID, function ID, and interface ID, and an association is created according to the correspondence between each function and interface Information, set the auto-increment ID of the associated information, and obtain the function ID of the function and the interface ID of the interface corresponding to the function, respectively write the function ID and interface ID into the function ID and interface ID of the associated information, and complete Binding of functions and interfaces.
  • the function ID of creating a virtual machine function is 01020101
  • the interface corresponding to creating a virtual machine function is creating a virtual machine interface.
  • function_id is the function ID
  • api_id is the interface ID
  • major field is 1, which represents the function related to the creation of the virtual machine
  • the ID of the created virtual machine interface is 010101
  • the major field of other corresponding sub-interfaces is 0.
  • Step 104 according to the authority of each role and the page function table, configure a role function authorization table, and the role function authorization table includes the functions that each role can use.
  • the specific process of configuring the role function authorization table is as follows:
  • each role determines the functions that each role can use in different areas based on the page function table, and configure the role function authorization table according to the functions that each role can use in different areas.
  • the functions that each role can use in different areas are determined, and then, according to the function configuration that each role can use in different areas Role function authorization table.
  • the fields of the role function authorization table include role ID, area ID and function ID.
  • the function ID generates a function list, and the drop-down list of each parent function in the function list includes corresponding sub-functions.
  • the current role is determined to be an administrator, and the area that needs to be assigned permissions is regionA, the subsystem is the cloud host service, select the function according to the actual needs in the function list, such as the check box in front of each function in Figure 4, if the check box is checked, it means that the authority is granted to the administrator, and click OK after the setting is completed , so as to assign corresponding functions to the current role in the corresponding area.
  • the role function authorization table can be generated according to the permissions of different roles in different areas. Different roles in the role function authorization table are configured with different role IDs. The area ID is used to record the area where the role is located, and the function ID is used to record the role. For functions that can be used under different area IDs, it can be understood that the function ID of the same function in the role function authorization table is consistent with the function ID in the page function table.
  • Step 105 Determine the first role currently logged into the cloud platform.
  • the first role calls the first interface, determine whether the first role has permission to call the first interface according to the page function dependency interface table, role function authorization table, and system function interface table. interface.
  • the first The role function authorization table corresponding to a role queries the target functions that the first role can use, and judges whether the target functions include the first function. If yes, the first role has the authority to use the first function; In the dependent interface table, query the target interface corresponding to the target function according to the target function, and determine whether the target interface contains the first interface according to the system function interface table. If so, the first role has the authority to call the first interface, otherwise, then The first role does not have permission to call the first interface.
  • the first role has the authority to call the first interface
  • If participating in authority detection determine the first area where the first role is located, and look up the target functions that the first role can use in the role function authorization table according to the first role and the first area;
  • the first role has the right to call the first interface; if not, the first role has no right to call the first interface.
  • the first interface information of the first interface is first obtained on the cloud platform, and then the system function interface table is searched according to the first interface information , judging whether the first interface is included in the system function interface table, if the first interface is not included, it means that the first interface does not exist in the cloud platform, and the process ends. If the first interface is included, further judge whether the first interface needs to participate in the authority detection according to the interface information of the first interface in the system function interface table. If it does not participate in the authority detection, the first role has the authority to call the first interface. Permission detection determines the first area where the first role is located.
  • the target functions that the first role can use in the role function authorization table According to the first role and the first area, look up the target functions that the first role can use in the role function authorization table; according to the corresponding relationship in the page function dependency interface table, look up Output the target interface corresponding to the target function, and judge whether the target interface includes the first interface; if yes, the first role has the right to call the first interface; if not, the first role does not have the right to call the first interface.
  • the interface information in the system function interface table includes fields such as interface ID, parent interface ID, request path, function Chinese description, whether it is a public interface, whether it is a leaf item, and whether it participates in permission detection.
  • first obtain the first interface information of the first interface in the cloud platform search the system function interface table according to the first interface information, and judge whether the system function interface table includes the first interface .
  • the first interface information includes the first interface ID of the first interface, and according to the first interface ID, it is searched in the system function interface table whether an interface with the same interface ID is included, so as to determine the system function interface Whether the first interface is included in the table.
  • the first interface is not included in the system function interface table, an exception window containing "this function is not supported" pops up; if the first interface is included in the system function interface table, then further according to the interface information in the system function interface table , to determine whether the first interface needs to participate in the detection.
  • whether the first interface participates in the authority detection field can be determined according to whether the first interface participates in the authority detection field in the interface information of the first interface. If the participation authority detection field is No, the first role has The authority calls the first interface. If the whether to participate in the authority detection field is Yes, then further determine the first role ID of the first role and the first area ID of the cloud platform where the first role is located.
  • the first role ID and the first Area ID look up the first function ID corresponding to the first role ID in the first area ID in the role function authorization table, and then, according to the first function ID, in the page function dependent interface table, the correspondence between each function and interface relationship, find out the target interface ID corresponding to the first function ID, determine whether the target interface ID includes the first interface ID, if yes, the first role has the right to call the first interface, if not, the first role does not The authority calls the first interface.
  • the present invention provides a cloud platform permission setting method, by respectively configuring the page function table including the function information of each function of each function module and configuring the system function interface table including the interface information of each interface, Afterwards, according to the corresponding relationship between functions and interfaces, configure the page function dependent interface table, and finally configure the role function authorization table including the functions that can be used by each role.
  • a role logs in to the cloud platform to call a certain interface
  • Page functions rely on the interface table, role function authorization table, and system function interface table to determine whether the role has permission to call the interface.
  • this embodiment provides a cloud platform permission setting device, including a page function table configuration module 201, a system function interface table configuration module 202, a page function dependent interface table configuration module 203, and a role function authorization table configuration module 204 and authority judging module 205;
  • the page function table configuration module 201 is used to obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and the page function table includes the function information of each function of each function module;
  • the system function interface table configuration module 202 is used to obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each interface in the system function interface table;
  • the page function dependent interface table configuration module 203 is used to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table.
  • the page function dependent interface table includes each function and each interface Correspondence between;
  • the role function authorization table configuration module 204 is used to configure the role function authorization table according to the authority of each role and the page function table, and the role function authorization table includes the functions that each role can use;
  • the authority judging module 205 is used to determine the first role currently logged into the cloud platform.
  • the first role calls the first interface, it determines whether the first role has authority according to the page function dependency interface table, role function authorization table and system function interface table. Call the first interface.
  • the page function table configuration module 201 is used to obtain the function data of the function modules on the cloud platform page, and according to the function data configuration page function table is specifically:
  • the functions include N-level functions, and the i-th level function is a sub-function of the i-1th level function, and the i-th level function is the parent function of the i+1-th level function, where 2 ⁇ i ⁇ N-1, N is a positive integer;
  • the page function table configuration module 201 is used to configure the page function table according to the page layout structure and function data, specifically:
  • the page function table configuration module 201 is configured to configure the page function table according to function data and N-level functions, specifically:
  • the page function dependent interface table configuration module 203 is configured to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table as follows:
  • the role function authorization table configuration module 204 is used to configure the role function authorization table according to the authority of each role and the page function table, specifically:
  • the authority judging module 205 is used to determine whether the first role has the authority to call the first interface according to the page function dependent interface table, role function authorization table and system function interface table, specifically:
  • the interface information of the first interface in the function interface table determines whether the first interface participates in the authority detection; if it does not participate in the authority detection, the first role has the authority to call the first interface; if it participates in the authority detection, determine the first area where the first role is located , according to the first role and the first area, look up the target function that the first role can use in the role function authorization table; according to the corresponding relationship in the page function dependent interface table, find out the target interface corresponding to the target function, and judge the target Whether the interface includes the first interface; if yes, the first role has the right to call the first interface; if not, the first role does not have the right to call the first interface.
  • This embodiment also provides a terminal device, as shown in FIG. 6 , a terminal device 30, the terminal device includes a processor 300 and a memory 301;
  • the memory 301 is used to store a computer program 302, and transmit the computer program 302 to the processor;
  • the processor 300 is configured to execute the steps in the above embodiment of a cloud platform authority setting method according to the instructions in the computer program 302 .
  • the computer program 302 may be divided into one or more modules/units, and the one or more modules/units are stored in the memory 301 and executed by the processor 300 to complete this application.
  • the one or more modules/units may be a series of computer program instruction segments capable of accomplishing specific functions, and the instruction segments are used to describe the execution process of the computer program 302 in the terminal device 30 .
  • the terminal device 30 may be a computing device such as a desktop computer, a notebook, a palmtop computer, or a cloud server.
  • the terminal device 30 may include, but not limited to, a processor 300 and a memory 301 .
  • FIG. 6 is only an example of the terminal device 30, and does not constitute a limitation on the terminal device 30. It may include more or less components than those shown in the figure, or combine certain components, or different components.
  • the terminal device 30 may also include an input and output device, a network access device, a bus, and the like.
  • the so-called processor 300 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
  • the storage 301 may be an internal storage unit of the terminal device 30 , for example, a hard disk or a memory of the terminal device 30 .
  • the memory 301 can also be an external storage terminal device of the terminal device 30, such as a plug-in hard disk equipped on the terminal device 30, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD ) card, flash memory card (Flash Card), etc. Further, the memory 301 may also include both an internal storage unit of the terminal device 30 and an external storage device.
  • the memory 301 is used to store the computer program and other programs and data required by the terminal device 30 .
  • the memory 301 can also be used to temporarily store data that has been output or will be output.
  • the disclosed system, device and method can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.
  • the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc and other media that can store computer programs. .
  • the embodiment of the present invention also provides a storage medium containing computer-executable instructions, the computer-executable instructions are used to execute a cloud platform authority setting method when executed by a computer processor, and the method includes the following steps:
  • Obtain the module data of the functional modules on the cloud platform page configure the page function table according to the module data, and include the function information of each function of each function module in the page function table;
  • the page function dependent interface table includes the corresponding relationship between each function and each interface
  • the role function authorization table which includes the functions that each role can use

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

A cloud platform permission setting method and apparatus, a terminal device, and a storage medium. The method comprises: obtaining module data of function modules on a cloud platform page, and configuring a page function table according to the module data; obtaining interface data of all interfaces on a cloud platform, and configuring a system function interface table according to the interface data; according to function information in the page function table and interface information in the system function interface table, configuring a page function dependency interface table comprising a correspondence between each function and each interface; according to the permission of each role and the page function table, configuring a role function authorization table comprising a function available to each role; and when a first role logs in the cloud platform and invokes a first interface, determining, according to the page function dependency interface table, the role function authorization table, and the system function interface table, whether the first role has permission to invoke the first interface. The method solves the technical problem in the prior art of low permission setting efficiency.

Description

一种云平台权限设置方法、装置、终端设备及存储介质A cloud platform permission setting method, device, terminal equipment and storage medium 技术领域technical field
本申请实施例涉及云平台领域,尤其涉及一种云平台权限设置方法、装置、终端设备及存储介质。The embodiments of the present application relate to the field of cloud platforms, and in particular, to a cloud platform authority setting method, device, terminal equipment, and storage medium.
背景技术Background technique
目前,随着科学技术的发展,云计算技术也正在快速进步,目前市面上已经涌现一大批成熟的云平台。目前的云平台上都会设置一套权限控制方法,大多数云平台功能权限的划分一般是根据功能模块进行划分,比如云服务器模块、存储模块、网络模块、镜像模块以及监控模块等。但是各个功能模块下会各自配置子模块以及在子模块下配置各个功能接口的权限,功能模块的某个功能会依赖于其他功能模块的功能,例如创建虚拟机的功能,会依赖到镜像模块的镜像列表功能、网络模块的网络列表、子网列表功能以及磁盘类型模块的磁盘列表功能等等。如果单纯按功能模块来划分功能权限,那么在用户勾选创建某一个功能时,还需要去勾选上这个功能所依赖的所有接口功能权限,这无疑让平台的易用性大打折扣,并且如果要让一个功能可用,可能需要勾选上并不想让某角色看见的某个模块。At present, with the development of science and technology, cloud computing technology is also advancing rapidly, and a large number of mature cloud platforms have emerged on the market. A set of permission control methods will be set up on the current cloud platforms. The functional permissions of most cloud platforms are generally divided according to functional modules, such as cloud server modules, storage modules, network modules, mirroring modules, and monitoring modules. However, each functional module will configure sub-modules and configure the permissions of each functional interface under the sub-modules. A certain function of a functional module will depend on the functions of other functional modules. For example, the function of creating a virtual machine will depend on the image module. Mirror list function, network list of network module, subnet list function and disk list function of disk type module, etc. If the function permissions are simply divided by functional modules, then when the user checks to create a certain function, he also needs to check all the interface function permissions that this function depends on, which will undoubtedly greatly reduce the usability of the platform, and if To make a feature available, it may be necessary to check a module that you don't want a character to see.
综上所述,现有技术中在为云平台设置权限的过程中,存在着权限设置效率低下的技术问题。To sum up, in the prior art, in the process of setting permissions for the cloud platform, there is a technical problem of low efficiency of permission setting.
发明内容Contents of the invention
本发明实施例提供了一种云平台权限设置方法、装置、终端设备及存储介质,解决了现有技术中在为云平台设置权限的过程中,存在着权限设置效率低下的技术问题。The embodiment of the present invention provides a cloud platform authority setting method, device, terminal equipment and storage medium, which solves the technical problem of low efficiency of authority setting in the process of setting authority for cloud platform in the prior art.
第一方面,本发明实施例提供了一种云平台权限设置方法,包括以下步骤:In the first aspect, the embodiment of the present invention provides a cloud platform permission setting method, comprising the following steps:
获取云平台页面上的功能模块的模块数据,根据所述模块数据配置页面功能表,所述页面功能表中包括有每个功能模块的每个功能的功能信息;Obtain the module data of the functional module on the cloud platform page, configure the page function table according to the module data, and include the function information of each function of each function module in the described page function table;
获取云平台上所有接口的接口数据,根据所述接口数据配置系统功能接口 表,所述系统功能接口表中包括有每个所述接口的接口信息;Obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each described interface in the system function interface table;
根据所述页面功能表中的功能信息以及所述系统功能接口表中的接口信息,配置页面功能依赖接口表,所述页面功能依赖接口表中包括有每个所述功能和所述每个所述接口之间的对应关系;According to the function information in the page function table and the interface information in the system function interface table, configure the page function-dependent interface table, and the page function-dependent interface table includes each of the functions and each of the Correspondence between the above interfaces;
根据每个角色的权限以及所述页面功能表,配置角色功能授权表,所述角色功能权限表中包括有所述每个角色所能够使用的功能;According to the authority of each role and the page function table, a role function authorization table is configured, and the function that each role can use is included in the role function authorization table;
确定当前登录云平台的第一角色,当所述第一角色调用第一接口时,根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口。Determine the first role currently logged into the cloud platform, and when the first role calls the first interface, determine the first role according to the page function dependency interface table, the role function authorization table, and the system function interface table. Whether the role has permission to call the first interface.
优选的,所述获取云平台页面上功能模块的功能数据,根据所述功能数据配置页面功能表的具体过程为:Preferably, the specific process of obtaining the functional data of the functional modules on the cloud platform page and configuring the page function table according to the functional data is as follows:
获取所述云平台页面的功能模块的功能数据以及所述云平台页面的页面布局结构,根据所述页面布局结构以及所述功能数据配置页面功能表。Obtain the function data of the function modules of the cloud platform page and the page layout structure of the cloud platform page, and configure a page function table according to the page layout structure and the function data.
优选的,所述功能包括有N级功能,且第i级功能为第i-1级功能的子功能,第i级功能为第i+1级功能的父功能,其中2≤i≤N-1,N为正整数;Preferably, the functions include N-level functions, and the i-th level function is a child function of the i-1th level function, and the i-th level function is the parent function of the i+1-th level function, where 2≤i≤N- 1, N is a positive integer;
相应的,所述根据所述页面布局结构以及所述功能数据配置页面功能表的具体过程为:Correspondingly, the specific process of configuring the page function table according to the page layout structure and the function data is as follows:
根据所述页面布局结构确定每个所述功能模块中的N级功能,根据所述功能数据以及所述N级功能配置页面功能表。N-level functions in each of the function modules are determined according to the page layout structure, and a page function table is configured according to the function data and the N-level functions.
优选的,所述根据所述功能数据以及所述N级功能配置页面功能表的具体过程为:Preferably, the specific process of configuring the page function table according to the function data and the N-level function is as follows:
根据所述功能数据以及第1级功能,在页面功能表中配置第1级功能的功能信息,在所述第1级功能的功能信息中设置第一下拉列表;According to the function data and the first-level function, the function information of the first-level function is configured in the page function table, and the first drop-down list is set in the function information of the first-level function;
设置参数X,2≤X≤N-1,初始化X,令X=2;Set parameter X, 2≤X≤N-1, initialize X, let X=2;
根据所述功能数据以及第X级功能,在所述页面功能表中的第X-1下拉列表中,配置所述第X级功能的功能信息,在所述第X级功能的功能信息中设置第X下拉列表,令X=X+1,重新执行此步骤,直至得到第N-1下拉列表为止;According to the function data and the X-level function, configure the function information of the X-level function in the X-1 drop-down list in the page function table, and set it in the function information of the X-level function The Xth drop-down list, let X=X+1, re-execute this step until the N-1th drop-down list is obtained;
根据所述功能数据以及第N级功能,在第N-1下拉列表中,设置第N级功能的功能信息。According to the function data and the Nth level function, the function information of the Nth level function is set in the N-1th drop-down list.
优选的,所述根据所述页面功能表中的功能信息以及所述系统功能接口表中的接口信息,配置页面功能依赖接口表的具体过程为:Preferably, according to the function information in the page function table and the interface information in the system function interface table, the specific process of configuring the page function dependent interface table is as follows:
根据所述页面功能表中每一个功能所对应的所有接口,确定所述页面功能表中的功能与所述系统功能接口表中的接口之间的对应关系,根据所述功能信息、所述接口信息以及所述对应关系,配置页面功能依赖接口表。According to all interfaces corresponding to each function in the page function table, determine the corresponding relationship between the functions in the page function table and the interfaces in the system function interface table, according to the function information, the interface Information and the corresponding relationship, the configuration page function depends on the interface table.
优选的,所述根据每个角色的权限以及所述页面功能表,配置角色功能授权表的具体过程为:Preferably, the specific process of configuring the role function authorization table according to the authority of each role and the page function table is as follows:
根据每个角色的权限,基于所述页面功能表确定所述每个角色在不同区域中所能够使用的功能,根据所述每个角色在所述不同区域中所能够使用的功能配置角色功能授权表。According to the authority of each role, determine the functions that each role can use in different areas based on the page function table, and configure role function authorization according to the functions that each role can use in the different areas surface.
优选的,所述根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口的具体过程为:Preferably, according to the page function dependent interface table, the role function authorization table and the system function interface table, the specific process of determining whether the first role has permission to call the first interface is as follows:
获取所述第一接口的第一接口信息,根据所述第一接口信息判断所述系统功能接口表中是否包括有所述第一接口;Acquiring first interface information of the first interface, and judging whether the system function interface table includes the first interface according to the first interface information;
若不包括有所述第一接口,结束流程;If the first interface is not included, end the process;
若包括有所述第一接口,根据所述系统功能接口表中第一接口的接口信息,判断所述第一接口是否参与权限检测;If the first interface is included, judge whether the first interface participates in authority detection according to the interface information of the first interface in the system function interface table;
若不参与权限检测,则所述第一角色有权限调用第一接口;If not participating in the authority detection, the first role has the authority to call the first interface;
若参与权限检测,确定所述第一角色所在第一区域,根据所述第一角色以及所述第一区域,在所述角色功能授权表查找所述第一角色所能够使用的目标功能;If participating in authority detection, determine the first area where the first role is located, and look up the target functions that the first role can use in the role function authorization table according to the first role and the first area;
根据所述页面功能依赖接口表中的对应关系,查找出与所述目标功能相对应的目标接口,判断所述目标接口中是否包括有所述第一接口;Find out the target interface corresponding to the target function according to the corresponding relationship in the page function dependent interface table, and judge whether the first interface is included in the target interface;
若是,则所述第一角色有权限调用所述第一接口;若否,则所述第一角色没有权限调用所述第一接口。If yes, the first role has permission to call the first interface; if not, the first role has no permission to call the first interface.
第二方面,本发明实施例提供了一种云平台权限设置装置,包括页面功能表配置模块、系统功能接口表配置模块、页面功能依赖接口表配置模块、角色功能授权表配置模块以及权限判断模块;In the second aspect, the embodiment of the present invention provides a cloud platform permission setting device, including a page function table configuration module, a system function interface table configuration module, a page function dependency interface table configuration module, a role function authorization table configuration module, and a permission judgment module ;
所述页面功能表配置模块用于获取云平台页面上的功能模块的模块数据,根据所述模块数据配置页面功能表,所述页面功能表中包括有每个功能模块的每个功能的功能信息;The page function table configuration module is used to obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and include the function information of each function of each function module in the page function table ;
所述系统功能接口表配置模块用于获取云平台上所有接口的接口数据,根据所述接口数据配置系统功能接口表,所述系统功能接口表中包括有每个所述接口的接口信息;The system function interface table configuration module is used to obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each of the interfaces in the system function interface table;
所述页面功能依赖接口表配置模块用于根据所述页面功能表中的功能信息以及所述系统功能接口表中的接口信息,配置页面功能依赖接口表,所述页面功能依赖接口表中包括有每个所述功能和所述每个所述接口之间的对应关系;The page function dependent interface table configuration module is used to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table, and the page function dependent interface table includes The corresponding relationship between each of the functions and each of the interfaces;
所述角色功能授权表配置模块用于根据每个角色的权限以及所述页面功能表,配置角色功能授权表,所述角色功能权限表中包括有所述每个角色所能够使用的功能;The role function authorization table configuration module is used to configure a role function authorization table according to the authority of each role and the page function table, and the role function authorization table includes the functions that can be used by each role;
所述权限判断模块用于确定当前登录云平台的第一角色,当所述第一角色调用第一接口时,根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口。The authority judging module is used to determine the first role currently logged into the cloud platform, and when the first role calls the first interface, according to the page function dependent interface table, the role function authorization table and the system function interface table to determine whether the first role has permission to call the first interface.
第三方面,本发明实施例提供了一种终端设备,所述终端设备包括处理器以及存储器;In a third aspect, an embodiment of the present invention provides a terminal device, where the terminal device includes a processor and a memory;
所述存储器用于存储计算机程序,并将所述计算机程序传输给所述处理器;the memory is used to store a computer program and transmit the computer program to the processor;
所述处理器用于根据所述计算机程序中的指令执行如第一方面所述的一种云平台权限设置方法。The processor is configured to execute the cloud platform authority setting method as described in the first aspect according to the instructions in the computer program.
第四方面,本发明实施例提供了一种存储计算机可执行指令的存储介质,所述计算机可执行指令在由计算机处理器执行时用于执行如第一方面所述的一种云平台权限设置方法。In a fourth aspect, an embodiment of the present invention provides a storage medium storing computer-executable instructions, and the computer-executable instructions are used to perform a cloud platform permission setting as described in the first aspect when executed by a computer processor method.
上述,本发明实施例提供了一种云平台权限设置方法、装置、终端设备及存储介质,方法包括以下步骤:获取云平台页面上的功能模块的模块数据,根据模块数据配置页面功能表,页面功能表中包括有每个功能模块的每个功能的功能信息;获取云平台上所有接口的接口数据,根据接口数据配置系统功能接口表,系统功能接口表中包括有每个接口的接口信息;根据页面功能表中的功能信息以及系统功能接口表中的接口信息,配置页面功能依赖接口表,页面功 能依赖接口表中包括有每个功能和每个接口之间的对应关系;根据每个角色的权限以及页面功能表,配置角色功能授权表,角色功能权限表中包括有每个角色所能够使用的功能;确定当前登录云平台的第一角色,当第一角色调用第一接口时,根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,确定第一角色是否有权限调用第一接口。As mentioned above, the embodiment of the present invention provides a cloud platform permission setting method, device, terminal equipment and storage medium, the method includes the following steps: obtain the module data of the functional modules on the cloud platform page, configure the page function table according to the module data, page The function table includes the function information of each function of each function module; obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and the system function interface table includes the interface information of each interface; According to the function information in the page function table and the interface information in the system function interface table, configure the page function dependent interface table, which includes the correspondence between each function and each interface; according to each role Permission and page function table, configure the role function authorization table, the role function permission table includes the functions that each role can use; determine the first role currently logged into the cloud platform, when the first role calls the first interface, according to The page function relies on the interface table, the role function authorization table and the system function interface table to determine whether the first role has permission to call the first interface.
本发明实施例通过分别配置包括有每个功能模块的每个功能的功能信息的页面功能表以及配置包括有每个接口的接口信息的系统功能接口表,之后根据功能和接口的对应关系,配置页面功能依赖接口表,最后配置了包括有每个角色所能够使用的功能的角色功能授权表,当在某个角色登陆云平台调用某个接口时,根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,即可确定该角色是否有权限调用接口。从而在为每个角色配置权限的过程中,只需要确定每个角色所能够使用的功能即可,不用过于关注功能和接口之间的依赖关系,提高了权限的设置效率,解决了现有技术中权限设置效率低下的技术问题。In the embodiment of the present invention, the page function table including the function information of each function of each function module and the system function interface table including the interface information of each interface are respectively configured, and then according to the corresponding relationship between the function and the interface, the configuration The page function depends on the interface table, and finally configures the role function authorization table including the functions that each role can use. When a certain role logs in to the cloud platform to call a certain interface, the page function depends on the interface table and the role function authorization table. And the system function interface table, you can determine whether the role has permission to call the interface. Therefore, in the process of configuring permissions for each role, it is only necessary to determine the functions that each role can use, without paying too much attention to the dependencies between functions and interfaces, which improves the efficiency of setting permissions and solves the problem of existing technologies. A technical problem with low efficiency in permission setting.
附图说明Description of drawings
图1为本发明实施例提供的一种云平台权限设置方法的流程图。FIG. 1 is a flow chart of a method for setting permissions on a cloud platform provided by an embodiment of the present invention.
图2为本发明实施例提供的一种系统功能接口表中的接口信息示意图。FIG. 2 is a schematic diagram of interface information in a system function interface table provided by an embodiment of the present invention.
图3为本发明实施例提供的一种页面功能依赖接口表的示意图。FIG. 3 is a schematic diagram of a page function dependency interface table provided by an embodiment of the present invention.
图4为本发明实施例提供的一种为不同角色分配权限界面示意图。FIG. 4 is a schematic diagram of an interface for assigning permissions to different roles provided by an embodiment of the present invention.
图5为本发明实施例提供的一种云平台权限设置装置的结构示意图。FIG. 5 is a schematic structural diagram of a cloud platform permission setting device provided by an embodiment of the present invention.
图6为本发明实施例提供的一种终端设备的结构示意图。FIG. 6 is a schematic structural diagram of a terminal device provided by an embodiment of the present invention.
具体实施方式Detailed ways
以下描述和附图充分地示出本申请的具体实施方案,以使本领域的技术人员能够实践它们。实施例仅代表可能的变化。除非明确要求,否则单独的部件和功能是可选的,并且操作的顺序可以变化。一些实施方案的部分和特征可以被包括在或替换其他实施方案的部分和特征。本申请的实施方案的范围包括权利要求书的整个范围,以及权利要求书的所有可获得的等同物。在本文中,各 实施方案可以被单独地或总地用术语“发明”来表示,这仅仅是为了方便,并且如果事实上公开了超过一个的发明,不是要自动地限制该应用的范围为任何单个发明或发明构思。本文中,诸如第一和第二等之类的关系术语仅仅用于将一个实体或者操作与另一个实体或操作区分开来,而不要求或者暗示这些实体或操作之间存在任何实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素。本文中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的结构、产品等而言,由于其与实施例公开的部分相对应,所以描述的比较简单,相关之处参见方法部分说明即可。The following description and the accompanying drawings sufficiently illustrate specific embodiments of the application to enable those skilled in the art to practice them. The examples merely represent possible variations. Individual components and functions are optional unless explicitly required, and the order of operations may vary. Portions and features of some embodiments may be included in or substituted for those of other embodiments. The scope of embodiments of the present application includes the full scope of the claims, and all available equivalents of the claims. Herein, various embodiments may be referred to individually or collectively by the term "invention", which is for convenience only and is not intended to automatically limit the scope of this application if in fact more than one invention is disclosed. A single invention or inventive concept. Herein, relational terms such as first and second etc. are used only to distinguish one entity or operation from another without requiring or implying any actual relationship or relationship between these entities or operations. order. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method or end-equipment comprising a set of elements includes not only those elements but also items not expressly listed other elements. Various embodiments herein are described in a progressive manner, each embodiment focuses on the differences from other embodiments, and the same and similar parts of the various embodiments may be referred to each other. As for the structures, products, etc. disclosed in the embodiments, since they correspond to the parts disclosed in the embodiments, the description is relatively simple, and for relevant parts, please refer to the description of the method part.
实施例一Embodiment one
如图1所示,图1为本发明实施例提供的一种云平台权限设置方法的流程图。本发明实施例提供的云平台权限设置方法可以由云平台权限设置设备执行,该云平台权限设置设备可以通过软件和/或硬件的方式实现,该云平台权限设置设备可以是两个或多个物理实体构成,也可以由一个物理实体构成。例如云平台权限设置设备可以是电脑、上位机、平板等设备。方法包括以下步骤:As shown in FIG. 1 , FIG. 1 is a flowchart of a method for setting permissions on a cloud platform provided by an embodiment of the present invention. The cloud platform permission setting method provided by the embodiment of the present invention can be executed by a cloud platform permission setting device, which can be implemented by software and/or hardware, and the cloud platform permission setting device can be two or more It is composed of physical entities, and can also be composed of a physical entity. For example, the permission setting device of the cloud platform can be a computer, a host computer, a tablet and other devices. The method includes the following steps:
步骤101、获取云平台页面上的功能模块的模块数据,根据模块数据配置页面功能表,页面功能表中包括有每个功能模块的每个功能的功能信息。 Step 101. Obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and the page function table includes function information of each function of each function module.
在本实施例中,首先需要获取云平台页面上各个功能模块的模块数据,模块数据的具体内容可根据实际需要进行设置,在本实施例中不对模块数据的具体内容进行限定,示例性的,在一个实施例中,模块数据包括功能模块的各个功能的功能名称以及各个功能的功能中文描述等数据。在获取到各个功能模块的模块数据后,即可在页面功能表中对每个功能模块的每个功能的功能信息进行配置。示例性的,在一个实施例中,功能信息包括功能ID、功能名称、功能中文描述、是否禁用、是否菜单项、是否公共功能等字段。其中,功能ID表示功能在页面功能表中的ID、功能名称表示功能的名称,例如创建云服务器等,功能中文描述表示功能的中文描述信息,是否禁用代表功能是否禁用、是否菜单项表示该功能在云平台页面上的菜单栏是否展示、是否公共功能代表该功能 是否默认授权。In this embodiment, it is first necessary to obtain the module data of each functional module on the cloud platform page. The specific content of the module data can be set according to actual needs. In this embodiment, the specific content of the module data is not limited. For example, In one embodiment, the module data includes data such as the function name of each function of the function module and the function Chinese description of each function. After obtaining the module data of each function module, the function information of each function of each function module can be configured in the page function table. Exemplarily, in one embodiment, the function information includes fields such as function ID, function name, function Chinese description, whether it is disabled, whether it is a menu item, whether it is a public function or not. Among them, the function ID indicates the ID of the function in the page function table, the function name indicates the name of the function, such as creating a cloud server, etc., the Chinese description of the function indicates the Chinese description information of the function, whether it is disabled indicates whether the function is disabled, and whether the menu item indicates the function Whether the menu bar on the cloud platform page is displayed and whether it is a public function indicates whether the function is authorized by default.
在上述实施例的基础上,获取云平台页面上功能模块的功能数据,根据功能数据配置页面功能表的具体过程为:On the basis of the above-mentioned embodiments, the specific process of obtaining the functional data of the functional modules on the cloud platform page and configuring the page function table according to the functional data is as follows:
获取云平台页面的功能模块的功能数据以及云平台页面的页面布局结构,根据页面布局结构以及功能数据配置页面功能表。The function data of the function modules of the cloud platform page and the page layout structure of the cloud platform page are obtained, and the page function table is configured according to the page layout structure and the function data.
在一个实施例中,在获取功能模块的功能数据时,需要同时获取云平台页面的页面布局结构,页面布局结构中包含了各个功能模块的每个功能在页面上的实际显示层级,根据每个功能的实际显示层级,即可确定出每个功能的上下位关系,之后,即可根据各个功能的上下位关系以及每个功能模块的功能数据,对页面功能表进行配置。示例性的,在一个实施例中,若在一个功能模块中的的某个功能的实际显示层级为最顶级时,在页面功能表中配置该功能的功能信息时,即可在功能信息中将是否菜单项字段设置为是。In one embodiment, when acquiring the functional data of the functional modules, the page layout structure of the cloud platform page needs to be acquired at the same time. The page layout structure includes the actual display level of each function of each functional module on the page, according to each The actual display level of the function can determine the upper and lower relationship of each function, and then, the page function table can be configured according to the upper and lower relationship of each function and the function data of each functional module. Exemplarily, in one embodiment, if the actual display level of a certain function in a function module is the topmost, when configuring the function information of the function in the page function table, the function information can be set to Is the menu item field set to Yes.
在上述实施例的基础上,功能包括有N级功能,且第i级功能为第i-1级功能的子功能,第i级功能为第i+1级功能的父功能,其中2≤i≤N-1,N为正整数。On the basis of the above embodiments, the functions include N-level functions, and the i-th level function is a sub-function of the i-1th level function, and the i-th level function is the parent function of the i+1-th level function, where 2≤i ≤N-1, N is a positive integer.
需要进一步说明的是,在本实施例中,各个功能模块中的功能包括父功能以及与父功能相对应的子功能,父功能是子功能的上位概念。示例性的,在一个实施例中,资源管理模块的资源管理功能包括云服务器管理功能,云服务管理功能包括云服务器列表管理、云服务器详情查看、创建云服务器、重启云服务器等功能,则在云服务器管理模块中,资源管理功能为第1级功能,云服务器管理功能为第2级功能,云服务器列表管理、云服务器详情查看、创建云服务器以及重启云服务器等功能为第3级功能。It should be further explained that, in this embodiment, the functions in each functional module include a parent function and a sub-function corresponding to the parent function, and the parent function is a superordinate concept of the sub-function. Exemplarily, in one embodiment, the resource management function of the resource management module includes cloud server management functions, and the cloud service management functions include functions such as cloud server list management, cloud server details viewing, creating cloud servers, and restarting cloud servers. In the cloud server management module, the resource management function is a level 1 function, the cloud server management function is a level 2 function, and the functions such as cloud server list management, cloud server details viewing, creating a cloud server, and restarting a cloud server are level 3 functions.
相应的,根据页面布局结构以及功能数据配置页面功能表的具体过程为:Correspondingly, the specific process of configuring the page function table according to the page layout structure and function data is as follows:
根据页面布局结构确定每个功能模块中的N级功能,根据功能数据以及N级功能配置页面功能表。Determine the N-level functions in each function module according to the page layout structure, and configure the page function table according to the function data and the N-level functions.
在本实施例中,功能信息还包括父功能ID字段,父功能ID即为与子功能相对应的父功能的功能ID。在获取页面布局结构后,即可确定功能模块中每个功能的实际显示层级,并根据实际显示层级确定出每个功能模块中的第1级功能、第2级功能……第N级功能,在配置页面功能表时,即可根据功能数据以 及N级功能配置页面功能表。在一个实施例中,在页面功能表中配置功能信息时,除了第1级功能外,在其他级功能的父功能ID字段中设置与每个子功能相对应的父功能的功能ID,例如将第2级功能的父功能ID字段设置为对应第1级功能的功能ID,并将是否菜单项设置为否。可理解,则第1级功能的功能信息中不对父功能ID字段进行设置。In this embodiment, the function information further includes a parent function ID field, where the parent function ID is the function ID of the parent function corresponding to the sub-function. After obtaining the page layout structure, the actual display level of each function in the function module can be determined, and the first-level function, second-level function...N-level function in each function module can be determined according to the actual display level. When configuring the page function table, the page function table can be configured according to the function data and N-level functions. In one embodiment, when configuring the function information in the page function table, except for the first-level function, the function ID of the parent function corresponding to each sub-function is set in the parent function ID field of other level functions, for example, the first The parent function ID field of the level 2 function is set to correspond to the function ID of the level 1 function, and the whether menu item is set to No. It can be understood that the parent function ID field is not set in the function information of the first-level function.
在上述实施例的基础上,根据功能数据以及N级功能配置页面功能表的具体过程为:On the basis of the foregoing embodiments, the specific process of configuring the page function table according to function data and N-level functions is as follows:
根据功能数据以及第1级功能,在页面功能表中配置第1级功能的功能信息,在第1级功能的功能信息中设置第一下拉列表。According to the function data and the first-level function, the function information of the first-level function is configured in the page function table, and the first drop-down list is set in the function information of the first-level function.
首先,根据功能数据以及第1级功能,在页面功能表中先配置第1级功能的功能信息,即设置第1级功能的功能ID、功能父ID、功能名称、功能中文描述、是否禁用、是否菜单项、是否公共功能等字段,并在在每个第1级功能的功能信息中设置第一下拉列表。First, according to the function data and the first-level function, first configure the function information of the first-level function in the page function table, that is, set the function ID, function parent ID, function name, function Chinese description, whether to disable, Whether it is a menu item, whether it is a public function, etc., and set the first drop-down list in the function information of each first-level function.
设置参数X,2≤X≤N-1,初始化X,令X=2。Set parameter X, 2≤X≤N-1, initialize X, let X=2.
根据功能数据以及第X级功能,在页面功能表中的第X-1下拉列表中,配置第X级功能的功能信息,在第X级功能的功能信息中设置第X下拉列表,令X=X+1,重新执行此步骤,直至得到第N-1下拉列表为止。According to the function data and the X-level function, configure the function information of the X-level function in the X-1 drop-down list in the page function table, set the X-th drop-down list in the function information of the X-level function, and make X= X+1, repeat this step until the N-1th drop-down list is obtained.
之后,即可根据功能数据以及第2级功能,在第1下拉列表中设置第2级功能的功能信息,并在第2级功能的功能信息下设置第2下拉列表,之后,根据功能数据以及第3级功能,在第2下拉列表中设置第3级功能的功能信息……,重复执行此步骤,直至设置了第N-1下拉列表为止。After that, according to the functional data and the second-level function, the function information of the second-level function can be set in the first drop-down list, and the second drop-down list can be set under the function information of the second-level function, and then, according to the function data and Level 3 function, set the function information of the level 3 function in the 2nd drop-down list..., repeat this step until the N-1th drop-down list is set.
根据功能数据以及第N级功能,在第N-1下拉列表中,设置第N级功能的功能信息。According to the function data and the Nth level function, in the N-1th drop-down list, set the function information of the Nth level function.
之后,即可在第N-1下拉列表中,根据功能数据以及第N级功能,设置第N级功能的功能信息,至此,页面功能表配置完毕。After that, in the N-1 drop-down list, according to the function data and the N-level function, the function information of the N-level function can be set. So far, the configuration of the page function table is completed.
示例性的,在本实施例中,云平台页面上的功能模块包括有资源管理模块,获取资源管理模块的模块数据以及云平台页面的页面布局结构,根据页面布局结构可以获知,资源管理模块的资源管理功能位于显示层级的最顶级,云服务器管理功能、存储管理功能以及网络管理功能位于资源管理功能的下一显示层 级,云服务器列表管理、云服务器详情查看、创建云服务器、重启云服务器等功能位于云服务器管理功能的下一显示层级。即可确定出资源管理功能为第1级功能,云服务器管理功能、存储管理功能以及网络管理功能为第2级功能,云服务器列表管理、云服务器详情查看、创建云服务器、重启云服务器等功能为第3级功能。Exemplarily, in this embodiment, the functional modules on the cloud platform page include a resource management module, obtain the module data of the resource management module and the page layout structure of the cloud platform page, according to the page layout structure, the resource management module The resource management function is located at the top of the display layer, and the cloud server management function, storage management function, and network management function are located at the next display layer of the resource management function, such as cloud server list management, cloud server details view, cloud server creation, cloud server restart, etc. Functions are located at the next display level of cloud server management functions. It can be determined that the resource management function is the first-level function, the cloud server management function, storage management function, and network management function are the second-level functions, and the cloud server list management, cloud server details view, cloud server creation, cloud server restart and other functions It is a level 3 function.
在确定个各个功能模块中的各级功能后,首先根据模块数据以及资源管理功能,在页面功能表中配置资源管理功能的功能信息,将功能信息中的功能ID设置为01,功能父ID设置为无以及是否菜单项设置为是等。之后,在资源管理功能的功能信息中设置第1下拉列表,在第一下拉列表中设置云服务器管理功能、存储管理功能以及网络管理功能的功能信息,其中,需要将云服务器管理功能的功能信息中的功能ID设置为02,功能父ID设置01以及是否菜单项设置为否等,将存储管理功能的功能信息中的功能ID设置为03,功能父ID设置01以及是否菜单项设置为否等,将网络管理功能的功能信息中的功能ID设置为04,功能父ID设置01,以及是否菜单项设置为否等;之后,在云服务器管理功能的功能信息中设置第2下拉列表,在第2下拉列表中设置云服务器列表管理、云服务器详情查看、创建云服务器、重启云服务器等功能的功能信息,其中,云服务器列表管理、云服务器详情查看、创建云服务器、重启云服务器等功能的功能信息中功能ID均设置为02,是否菜单项均设置为否,即可完成页面功能表的配置。After determining the functions at all levels in each function module, first configure the function information of the resource management function in the page function table according to the module data and resource management function, set the function ID in the function information to 01, and set the function parent ID to to None and if the menu item is set to Yes etc. Afterwards, set the first drop-down list in the function information of the resource management function, and set the function information of the cloud server management function, the storage management function and the network management function in the first drop-down list, wherein, the function of the cloud server management function needs to be The function ID in the information is set to 02, the function parent ID is set to 01 and whether the menu item is set to No, etc., the function ID in the function information of the storage management function is set to 03, the function parent ID is set to 01 and whether the menu item is set to No etc., set the function ID in the function information of the network management function to 04, the function parent ID to 01, and whether the menu item is set to No, etc.; after that, set the second drop-down list in the function information of the cloud server management function, in In the second drop-down list, set the function information of cloud server list management, cloud server details view, create cloud server, restart cloud server and other functions, among which, cloud server list management, cloud server details view, create cloud server, restart cloud server and other functions In the function information, the function ID is set to 02, and whether the menu items are all set to No, the configuration of the page function table can be completed.
步骤102、获取云平台上所有接口的接口数据,根据接口数据配置系统功能接口表,系统功能接口表中包括有每个接口的接口信息。Step 102: Obtain interface data of all interfaces on the cloud platform, configure a system function interface table according to the interface data, and the system function interface table includes interface information of each interface.
在配置了页面功能表后,需要进一步配置系统功能接口表,具体过程为:获取云平台上所有接口的接口数据,并根据接口数据,来配置系统功能接口表,系统功能接口表中包括有每个接口的接口信息。示例性的,在一个实施例中,云平台包括有云服务器管理接口,云服务器管理接口下包括有多个子接口,例如云服务器列表管理接口、云服务器详情查看接口、创建云服务器接口、重启云服务器接口、关闭云服务器接口、删除云服务器接口、挂载光盘接口、卸载光盘接口等等。获取各个接口的接口数据,之后,根据接口数据配置系统功能接口表。在一个实施例中,系统功能接口表中的接口信息包括接口ID、父接口 ID、请求路径、功能中文描述、是否公共接口、是否叶子项、是否参与权限检测等字段。如图2所示,图2为创建虚拟机接口的接口信息,图2中功能接口id:id,功能接口父ID:parent_id,请求路径:path,功能中文描述:description,是否公共接口:commo_func,是否叶子项:leaf口,是否参与权限检测:uncheck。其中,commo_func为0表示不是公共接口,uncheck为0代表不参与权限检测。After configuring the page function table, you need to further configure the system function interface table. The specific process is: obtain the interface data of all interfaces on the cloud platform, and configure the system function interface table according to the interface data. The system function interface table includes each Interface information of an interface. Exemplarily, in one embodiment, the cloud platform includes a cloud server management interface, and the cloud server management interface includes multiple sub-interfaces, such as the cloud server list management interface, the cloud server details view interface, the creation cloud server interface, and the restart cloud server interface. Server interface, close cloud server interface, delete cloud server interface, mount CD interface, unmount CD interface, etc. Obtain the interface data of each interface, and then configure the system function interface table according to the interface data. In one embodiment, the interface information in the system function interface table includes fields such as interface ID, parent interface ID, request path, function Chinese description, whether it is a public interface, whether it is a leaf item, and whether it participates in permission detection. As shown in Figure 2, Figure 2 is the interface information for creating a virtual machine interface. In Figure 2, the function interface id: id, the function interface parent ID: parent_id, the request path: path, the function Chinese description: description, public interface: commo_func, Whether leaf item: leaf port, whether to participate in permission detection: uncheck. Among them, commo_func is 0, which means it is not a public interface, and uncheck is 0, which means it does not participate in permission detection.
步骤103、根据页面功能表中的功能信息以及系统功能接口表中的接口信息,配置页面功能依赖接口表,页面功能依赖接口表中包括有每个功能和每个接口之间的对应关系。Step 103 : Configure a page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table. The page function dependent interface table includes the correspondence between each function and each interface.
在配置了页面功能表和系统功能接口表后,即可根据页面功能表中的功能信息以及系统功能接口表中的接口信息,对页面功能依赖接口表进行配置,在页面功能依赖表中设置每一个功能和每个接口之间的对应关系,从而后续根据功能即可在页面功能依赖接口表中查询到与功能相对应的接口。After configuring the page function table and system function interface table, you can configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table, and set each The corresponding relationship between a function and each interface, so that the interface corresponding to the function can be queried in the page function dependent interface table according to the function.
在上述实施例的基础上,根据页面功能表中的功能信息以及系统功能接口表中的接口信息,配置页面功能依赖接口表的具体过程为:On the basis of the above embodiments, according to the function information in the page function table and the interface information in the system function interface table, the specific process of configuring the page function dependent interface table is as follows:
根据页面功能表中每一个功能所对应的所有接口,确定页面功能表中的功能与系统功能接口表中的接口之间的对应关系,根据功能信息、接口信息以及对应关系,配置页面功能依赖接口表。According to all the interfaces corresponding to each function in the page function table, determine the corresponding relationship between the functions in the page function table and the interfaces in the system function interface table, and configure the page function dependent interface according to the function information, interface information and corresponding relationship surface.
首先,获取页面功能表中的每一个功能,确定和每一个功能相对应的接口,之后,确定页面功能表中的功能与系统功能接口表中的接口之间的对应关系,获取具有对应关系的功能的功能信息和接口的接口信息,在页面功能依赖接口表中,将功能信息和接口信息进行绑定关联,从而完成页面功能依赖接口表的配置。示例性的,在一个实施例中,页面功能依赖表中包括有关联信息,关联信息包括自增ID、功能ID以及接口ID等字段,根据每个功能和接口之间的对应关系,创建一条关联信息,设置该关联信息的自增ID,并获取功能的功能ID和以及与功能相对应的接口的接口ID,分别将功能ID和接口ID写入该关联信息的功能ID以及接口ID中,完成功能和接口的绑定。First, obtain each function in the page function table, determine the interface corresponding to each function, and then determine the corresponding relationship between the function in the page function table and the interface in the system function interface table, and obtain the corresponding The function information of the function and the interface information of the interface are bound and associated in the page function dependent interface table, so as to complete the configuration of the page function dependent interface table. Exemplarily, in one embodiment, the page function dependency table includes association information, and the association information includes fields such as auto-increment ID, function ID, and interface ID, and an association is created according to the correspondence between each function and interface Information, set the auto-increment ID of the associated information, and obtain the function ID of the function and the interface ID of the interface corresponding to the function, respectively write the function ID and interface ID into the function ID and interface ID of the associated information, and complete Binding of functions and interfaces.
在一个实施例中,创建虚拟机功能的功能ID为01020101,创建虚拟机功能对应的接口为创建虚拟机接口,创建虚拟机接口依赖的子接口包括接口有可用区列表接口、节点列表接口、规格列表接口、磁盘类型列表接口、私有网络列 表接口、外部网络列表接口、私有网络子网列表接口、外部网络子网列表接口、安全组列表接口、镜像列表接口以及映像列表接口等。则在页面功能依赖接口表中创建虚拟机功能和对应接口的关联信息如图3所示,图3中function_id为功能ID,api_id为接口ID,major字段为1的代表的是与创建虚拟机功能相对应的创建虚拟机接口,创建虚拟机接口的ID为010101,其余对应子接口的major字段为0。In one embodiment, the function ID of creating a virtual machine function is 01020101, and the interface corresponding to creating a virtual machine function is creating a virtual machine interface. List interface, disk type list interface, private network list interface, external network list interface, private network subnet list interface, external network subnet list interface, security group list interface, mirror list interface, image list interface, etc. Then create the virtual machine function and the associated information of the corresponding interface in the page function dependent interface table as shown in Figure 3. In Figure 3, function_id is the function ID, api_id is the interface ID, and the major field is 1, which represents the function related to the creation of the virtual machine Correspondingly create a virtual machine interface, the ID of the created virtual machine interface is 010101, and the major field of other corresponding sub-interfaces is 0.
步骤104、根据每个角色的权限以及页面功能表,配置角色功能授权表,角色功能权限表中包括有每个角色所能够使用的功能。 Step 104 , according to the authority of each role and the page function table, configure a role function authorization table, and the role function authorization table includes the functions that each role can use.
之后,需要进一步设置每个角色的权限,具体的,根据每个角色的权限,在页面功能表上选择该角色所能够使用的功能,并将每个角色所能够使用的功能记录在角色功能权限表中,完成角色功能权限表的配置。After that, you need to further set the permissions of each role. Specifically, according to the permissions of each role, select the functions that the role can use on the page function table, and record the functions that each role can use in the role function permission In the table, complete the configuration of the role function permission table.
在上述实施例的基础上,根据每个角色的权限以及页面功能表,配置角色功能授权表的具体过程为:On the basis of the above embodiments, according to the authority of each role and the page function table, the specific process of configuring the role function authorization table is as follows:
根据每个角色的权限,基于页面功能表确定每个角色在不同区域中所能够使用的功能,根据每个角色在不同区域中所能够使用的功能配置角色功能授权表。According to the authority of each role, determine the functions that each role can use in different areas based on the page function table, and configure the role function authorization table according to the functions that each role can use in different areas.
在一个实施例中,根据每个角色的权限以及页面功能表中功能,确定出每个角色在不同区域中所能够使用的功能,之后,根据每个角色在不同区域中所能够使用的功能配置角色功能授权表,示例性的,在一个实施例中,角色功能授权表的字段包括角色ID、区域ID以及功能ID,在配置界面中,首先根据页面功能表中的功能信息的功能ID以及父功能ID,生成功能列表,在功能列表中每个父功能的下拉列表中包括有对应的子功能,示例性的,如图4所示,确定当前的角色为管理员,需要分配权限的区域为regionA,子系统为云主机服务,在功能列表上按照实际需要选取功能,例如图4中每个功能前的勾选框,勾选上表示将该权限授予管理员,设置完成后点击确定即可,从而为当前角色在对应区域中分配相应的功能。之后,即可根据不同角色在不同区域中的权限生成角色功能授权表,角色功能授权表中不同的角色配置有不同的角色ID,区域ID用于记录角色所在的区域,功能ID用于记录角色在不同区域ID下所能够使用功能,可理解,同一个功能在角色功能授权表中的功能ID与在页面功能表中的 功能ID一致。In one embodiment, according to the authority of each role and the functions in the page function table, the functions that each role can use in different areas are determined, and then, according to the function configuration that each role can use in different areas Role function authorization table. Exemplarily, in one embodiment, the fields of the role function authorization table include role ID, area ID and function ID. In the configuration interface, firstly, according to the function ID and parent The function ID generates a function list, and the drop-down list of each parent function in the function list includes corresponding sub-functions. For example, as shown in Figure 4, the current role is determined to be an administrator, and the area that needs to be assigned permissions is regionA, the subsystem is the cloud host service, select the function according to the actual needs in the function list, such as the check box in front of each function in Figure 4, if the check box is checked, it means that the authority is granted to the administrator, and click OK after the setting is completed , so as to assign corresponding functions to the current role in the corresponding area. After that, the role function authorization table can be generated according to the permissions of different roles in different areas. Different roles in the role function authorization table are configured with different role IDs. The area ID is used to record the area where the role is located, and the function ID is used to record the role. For functions that can be used under different area IDs, it can be understood that the function ID of the same function in the role function authorization table is consistent with the function ID in the page function table.
步骤105、确定当前登录云平台的第一角色,当第一角色调用第一接口时,根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,确定第一角色是否有权限调用第一接口。 Step 105. Determine the first role currently logged into the cloud platform. When the first role calls the first interface, determine whether the first role has permission to call the first interface according to the page function dependency interface table, role function authorization table, and system function interface table. interface.
在本实施例中,当有角色到登陆云平台时,确定当前登陆云平台的第一角色,当第一角色需要调用第一接口来实现某个功能时,则根据第一角色,在与第一角色相对应的角色功能授权表查询第一角色所能够使用的目标功能,判断目标功能中是否包括第一功能,若是,则第一角色具有权限使用第一功能,若否,则在页面功能依赖接口表中根据目标功能,查询与目标功能相对应的目标接口,并根据系统功能接口表确定目标接口是否包含有第一接口,若是,则第一角色具有权限调用第一接口,反之,则第一角色没有权限调用第一接口。In this embodiment, when a role logs into the cloud platform, determine the first role currently logged into the cloud platform, and when the first role needs to call the first interface to realize a certain function, then according to the first role, the first The role function authorization table corresponding to a role queries the target functions that the first role can use, and judges whether the target functions include the first function. If yes, the first role has the authority to use the first function; In the dependent interface table, query the target interface corresponding to the target function according to the target function, and determine whether the target interface contains the first interface according to the system function interface table. If so, the first role has the authority to call the first interface, otherwise, then The first role does not have permission to call the first interface.
在上述实施例的基础上,根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,确定第一角色是否有权限调用第一接口的具体过程为:On the basis of the above embodiments, according to the page function dependent interface table, role function authorization table and system function interface table, the specific process of determining whether the first role has the right to call the first interface is as follows:
获取第一接口的第一接口信息,根据第一接口信息判断系统功能接口表中是否包括有第一接口;Obtaining first interface information of the first interface, and judging whether the system function interface table includes the first interface according to the first interface information;
若不包括有第一接口,结束流程;If the first interface is not included, end the process;
若包括有第一接口,根据系统功能接口表中第一接口的接口信息,判断第一接口是否参与权限检测;If the first interface is included, judge whether the first interface participates in authority detection according to the interface information of the first interface in the system function interface table;
若不参与权限检测,则第一角色有权限调用第一接口;If it does not participate in the authority detection, the first role has the authority to call the first interface;
若参与权限检测,确定第一角色所在第一区域,根据第一角色以及第一区域,在角色功能授权表查找第一角色所能够使用的目标功能;If participating in authority detection, determine the first area where the first role is located, and look up the target functions that the first role can use in the role function authorization table according to the first role and the first area;
根据页面功能依赖接口表中的对应关系,查找出与目标功能相对应的目标接口,判断目标接口中是否包括有第一接口;Find out the target interface corresponding to the target function according to the corresponding relationship in the page function dependent interface table, and judge whether the target interface includes the first interface;
若是,则第一角色有权限调用第一接口;若否,则第一角色没有权限调用第一接口。If yes, the first role has the right to call the first interface; if not, the first role has no right to call the first interface.
在本实施例中,当第一角色调用云平台上的第一接口时,首先在云平台中获取第一接口的第一接口信息,之后,根据第一接口信息在系统功能接口表中进行检索,判断系统功能接口表中是否包括有第一接口,若没有包括第一接口,则说明云平台中不存在第一接口,结束流程。若包括第一接口,则进一步根据 系统功能接口表中第一接口的接口信息,判断第一接口是否需要参与权限检测,若不参与权限检测,则第一角色有权限调用第一接口,若参与权限检测,则确定第一角色所在第一区域,根据第一角色以及第一区域,在角色功能授权表查找第一角色所能够使用的目标功能;根据页面功能依赖接口表中的对应关系,查找出与目标功能相对应的目标接口,判断目标接口中是否包括有第一接口;若是,则第一角色有权限调用第一接口;若否,则第一角色没有权限调用第一接口。In this embodiment, when the first role invokes the first interface on the cloud platform, the first interface information of the first interface is first obtained on the cloud platform, and then the system function interface table is searched according to the first interface information , judging whether the first interface is included in the system function interface table, if the first interface is not included, it means that the first interface does not exist in the cloud platform, and the process ends. If the first interface is included, further judge whether the first interface needs to participate in the authority detection according to the interface information of the first interface in the system function interface table. If it does not participate in the authority detection, the first role has the authority to call the first interface. Permission detection determines the first area where the first role is located. According to the first role and the first area, look up the target functions that the first role can use in the role function authorization table; according to the corresponding relationship in the page function dependency interface table, look up Output the target interface corresponding to the target function, and judge whether the target interface includes the first interface; if yes, the first role has the right to call the first interface; if not, the first role does not have the right to call the first interface.
在一个实施例中,系统功能接口表中的接口信息包括接口ID、父接口ID、请求路径、功能中文描述、是否公共接口、是否叶子项、是否参与权限检测等字段。当第一角色调用第一接口时,首先在云平台中获取第一接口的第一接口信息,根据第一接口信息在系统功能接口表进行查找,判断系统功能接口表中是否包括有第一接口。示例性的,在一个实施例中,第一接口信息包括有第一接口的第一接口ID,根据第一接口ID在系统功能接口表查找是否包含有相同接口ID的接口,从而判断系统功能接口表中是否包括有第一接口。若系统功能接口表中不包括有第一接口,则弹出包含有“不支持此功能”的异常窗口;若系统功能接口表中包括有第一接口,则进一步根据系统功能接口表中的接口信息,判断第一接口是否需要参与检测,在本实施例可根据第一接口的接口信息中是否参与权限检测字段确定第一接口是否参与权限检测,若参与权限检测字段为否,则第一角色有权限调用第一接口,若是否参与权限检测字段为是,则进一步确定第一角色的第一角色ID以及第一角色所在云平台中的第一区域ID,之后,根据第一角色ID以及第一区域ID,在角色功能授权表查找第一角色ID在第一区域ID中所对应的第一功能ID,之后,根据第一功能ID,在根据页面功能依赖接口表中每个功能和接口的对应关系,查找出与第一功能ID相对应的目标接口ID,确定目标接口ID中是否包括有第一接口ID,若是,则第一角色有权限调用第一接口,若否,则第一角色没有权限调用第一接口。In one embodiment, the interface information in the system function interface table includes fields such as interface ID, parent interface ID, request path, function Chinese description, whether it is a public interface, whether it is a leaf item, and whether it participates in permission detection. When the first role calls the first interface, first obtain the first interface information of the first interface in the cloud platform, search the system function interface table according to the first interface information, and judge whether the system function interface table includes the first interface . Exemplarily, in one embodiment, the first interface information includes the first interface ID of the first interface, and according to the first interface ID, it is searched in the system function interface table whether an interface with the same interface ID is included, so as to determine the system function interface Whether the first interface is included in the table. If the first interface is not included in the system function interface table, an exception window containing "this function is not supported" pops up; if the first interface is included in the system function interface table, then further according to the interface information in the system function interface table , to determine whether the first interface needs to participate in the detection. In this embodiment, whether the first interface participates in the authority detection field can be determined according to whether the first interface participates in the authority detection field in the interface information of the first interface. If the participation authority detection field is No, the first role has The authority calls the first interface. If the whether to participate in the authority detection field is Yes, then further determine the first role ID of the first role and the first area ID of the cloud platform where the first role is located. After that, according to the first role ID and the first Area ID, look up the first function ID corresponding to the first role ID in the first area ID in the role function authorization table, and then, according to the first function ID, in the page function dependent interface table, the correspondence between each function and interface relationship, find out the target interface ID corresponding to the first function ID, determine whether the target interface ID includes the first interface ID, if yes, the first role has the right to call the first interface, if not, the first role does not The authority calls the first interface.
上述,本发明提供了一种云平台权限设置方法,通过分别配置包括有每个功能模块的每个功能的功能信息的页面功能表以及配置包括有每个接口的接口信息的系统功能接口表,之后根据功能和接口的对应关系,配置页面功能依赖接口表,最后配置了包括有每个角色所能够使用的功能的角色功能授权表,当 在某个角色登陆云平台调用某个接口时,根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,即可确定该角色是否有权限调用接口。从而在为每个角色配置权限的过程中,只需要确定每个角色所能够使用的功能即可,不用过于关注功能和接口之间的依赖关系,提高了权限的设置效率,解决了现有技术中权限设置效率低下的技术问题。As mentioned above, the present invention provides a cloud platform permission setting method, by respectively configuring the page function table including the function information of each function of each function module and configuring the system function interface table including the interface information of each interface, Afterwards, according to the corresponding relationship between functions and interfaces, configure the page function dependent interface table, and finally configure the role function authorization table including the functions that can be used by each role. When a role logs in to the cloud platform to call a certain interface, according to Page functions rely on the interface table, role function authorization table, and system function interface table to determine whether the role has permission to call the interface. Therefore, in the process of configuring permissions for each role, it is only necessary to determine the functions that each role can use, without paying too much attention to the dependencies between functions and interfaces, which improves the efficiency of setting permissions and solves the problem of existing technologies. A technical problem with inefficient permissions settings.
实施例二Embodiment two
如图5所示,本实施例提供了一种云平台权限设置装置,包括页面功能表配置模块201、系统功能接口表配置模块202、页面功能依赖接口表配置模块203、角色功能授权表配置模块204以及权限判断模块205;As shown in Figure 5, this embodiment provides a cloud platform permission setting device, including a page function table configuration module 201, a system function interface table configuration module 202, a page function dependent interface table configuration module 203, and a role function authorization table configuration module 204 and authority judging module 205;
页面功能表配置模块201用于获取云平台页面上的功能模块的模块数据,根据模块数据配置页面功能表,页面功能表中包括有每个功能模块的每个功能的功能信息;The page function table configuration module 201 is used to obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and the page function table includes the function information of each function of each function module;
系统功能接口表配置模块202用于获取云平台上所有接口的接口数据,根据接口数据配置系统功能接口表,系统功能接口表中包括有每个接口的接口信息;The system function interface table configuration module 202 is used to obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each interface in the system function interface table;
页面功能依赖接口表配置模块203用于根据页面功能表中的功能信息以及系统功能接口表中的接口信息,配置页面功能依赖接口表,页面功能依赖接口表中包括有每个功能和每个接口之间的对应关系;The page function dependent interface table configuration module 203 is used to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table. The page function dependent interface table includes each function and each interface Correspondence between;
角色功能授权表配置模块204用于根据每个角色的权限以及页面功能表,配置角色功能授权表,角色功能权限表中包括有每个角色所能够使用的功能;The role function authorization table configuration module 204 is used to configure the role function authorization table according to the authority of each role and the page function table, and the role function authorization table includes the functions that each role can use;
权限判断模块205用于确定当前登录云平台的第一角色,当第一角色调用第一接口时,根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,确定第一角色是否有权限调用第一接口。The authority judging module 205 is used to determine the first role currently logged into the cloud platform. When the first role calls the first interface, it determines whether the first role has authority according to the page function dependency interface table, role function authorization table and system function interface table. Call the first interface.
在上述实施例的基础上,页面功能表配置模块201用于获取云平台页面上功能模块的功能数据,根据功能数据配置页面功能表的具体为:On the basis of the foregoing embodiments, the page function table configuration module 201 is used to obtain the function data of the function modules on the cloud platform page, and according to the function data configuration page function table is specifically:
用于获取云平台页面的功能模块的功能数据以及云平台页面的页面布局结构,根据页面布局结构以及功能数据配置页面功能表。It is used to obtain the function data of the function modules of the cloud platform page and the page layout structure of the cloud platform page, and configure the page function table according to the page layout structure and the function data.
在上述实施例的基础上,功能包括有N级功能,且第i级功能为第i-1级功 能的子功能,第i级功能为第i+1级功能的父功能,其中2≤i≤N-1,N为正整数;On the basis of the above embodiments, the functions include N-level functions, and the i-th level function is a sub-function of the i-1th level function, and the i-th level function is the parent function of the i+1-th level function, where 2≤i ≤N-1, N is a positive integer;
相应的,页面功能表配置模块201用于根据页面布局结构以及功能数据配置页面功能表具体为:Correspondingly, the page function table configuration module 201 is used to configure the page function table according to the page layout structure and function data, specifically:
用于根据页面布局结构确定每个功能模块中的N级功能,根据功能数据以及N级功能配置页面功能表。It is used to determine the N-level functions in each function module according to the page layout structure, and configure the page function table according to the function data and the N-level functions.
在上述实施例的基础上,页面功能表配置模块201用于根据功能数据以及N级功能配置页面功能表具体为:On the basis of the foregoing embodiments, the page function table configuration module 201 is configured to configure the page function table according to function data and N-level functions, specifically:
用于根据功能数据以及第1级功能,在页面功能表中配置第1级功能的功能信息,在第1级功能的功能信息中设置第一下拉列表;设置参数X,2≤X≤N-1,初始化X,令X=2;根据功能数据以及第X级功能,在页面功能表中的第X-1下拉列表中,配置第X级功能的功能信息,在第X级功能的功能信息中设置第X下拉列表,令X=X+1,重新执行此步骤,直至得到第N-1下拉列表为止;根据功能数据以及第N级功能,在第N-1下拉列表中,设置第N级功能的功能信息。It is used to configure the function information of the first-level function in the page function table according to the function data and the first-level function, and set the first drop-down list in the function information of the first-level function; set the parameter X, 2≤X≤N -1, initialize X, let X=2; according to the function data and the X-level function, in the X-1 drop-down list in the page function table, configure the function information of the X-level function, the function of the X-level function Set the Xth drop-down list in the information, let X=X+1, re-execute this step until the N-1th drop-down list is obtained; according to the function data and the N-level function, set the N-1th drop-down list Feature information for N-level features.
在上述实施例的基础上,页面功能依赖接口表配置模块203用于根据页面功能表中的功能信息以及系统功能接口表中的接口信息,配置页面功能依赖接口表具体为:On the basis of the foregoing embodiments, the page function dependent interface table configuration module 203 is configured to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table as follows:
用于根据页面功能表中每一个功能所对应的所有接口,确定页面功能表中的功能与系统功能接口表中的接口之间的对应关系,根据功能信息、接口信息以及对应关系,配置页面功能依赖接口表。It is used to determine the corresponding relationship between the functions in the page function table and the interfaces in the system function interface table according to all the interfaces corresponding to each function in the page function table, and configure the page functions according to the function information, interface information and corresponding relationship Dependent interface table.
在上述实施例的基础上,角色功能授权表配置模块204用于根据每个角色的权限以及页面功能表,配置角色功能授权表具体为:On the basis of the above-mentioned embodiments, the role function authorization table configuration module 204 is used to configure the role function authorization table according to the authority of each role and the page function table, specifically:
用于根据每个角色的权限,基于页面功能表确定每个角色在不同区域中所能够使用的功能,根据每个角色在不同区域中所能够使用的功能配置角色功能授权表。It is used to determine the functions that each role can use in different areas based on the page function table based on the permissions of each role, and configure the role function authorization table according to the functions that each role can use in different areas.
在上述实施例的基础上,权限判断模块205用于根据页面功能依赖接口表、角色功能授权表以及系统功能接口表,确定第一角色是否有权限调用第一接口具体为:On the basis of the above embodiments, the authority judging module 205 is used to determine whether the first role has the authority to call the first interface according to the page function dependent interface table, role function authorization table and system function interface table, specifically:
用于获取第一接口的第一接口信息,根据第一接口信息判断系统功能接口表中是否包括有第一接口;若不包括有第一接口,结束流程;若包括有第一接口,根据系统功能接口表中第一接口的接口信息,判断第一接口是否参与权限检测;若不参与权限检测,则第一角色有权限调用第一接口;若参与权限检测,确定第一角色所在第一区域,根据第一角色以及第一区域,在角色功能授权表查找第一角色所能够使用的目标功能;根据页面功能依赖接口表中的对应关系,查找出与目标功能相对应的目标接口,判断目标接口中是否包括有第一接口;若是,则第一角色有权限调用第一接口;若否,则第一角色没有权限调用第一接口。It is used to obtain the first interface information of the first interface, and judge whether the first interface is included in the system function interface table according to the first interface information; if the first interface is not included, the process ends; if the first interface is included, according to the system The interface information of the first interface in the function interface table determines whether the first interface participates in the authority detection; if it does not participate in the authority detection, the first role has the authority to call the first interface; if it participates in the authority detection, determine the first area where the first role is located , according to the first role and the first area, look up the target function that the first role can use in the role function authorization table; according to the corresponding relationship in the page function dependent interface table, find out the target interface corresponding to the target function, and judge the target Whether the interface includes the first interface; if yes, the first role has the right to call the first interface; if not, the first role does not have the right to call the first interface.
实施例三Embodiment Three
本实施例还提供了一种终端设备,如图6所示,一种终端设备30,所述终端设备包括处理器300以及存储器301;This embodiment also provides a terminal device, as shown in FIG. 6 , a terminal device 30, the terminal device includes a processor 300 and a memory 301;
所述存储器301用于存储计算机程序302,并将所述计算机程序302传输给所述处理器;The memory 301 is used to store a computer program 302, and transmit the computer program 302 to the processor;
所述处理器300用于根据所述计算机程序302中的指令执行上述的一种云平台权限设置方法实施例中的步骤。The processor 300 is configured to execute the steps in the above embodiment of a cloud platform authority setting method according to the instructions in the computer program 302 .
示例性的,所述计算机程序302可以被分割成一个或多个模块/单元,所述一个或者多个模块/单元被存储在所述存储器301中,并由所述处理器300执行,以完成本申请。所述一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序302在所述终端设备30中的执行过程。Exemplarily, the computer program 302 may be divided into one or more modules/units, and the one or more modules/units are stored in the memory 301 and executed by the processor 300 to complete this application. The one or more modules/units may be a series of computer program instruction segments capable of accomplishing specific functions, and the instruction segments are used to describe the execution process of the computer program 302 in the terminal device 30 .
所述终端设备30可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述终端设备30可包括,但不仅限于,处理器300、存储器301。本领域技术人员可以理解,图6仅仅是终端设备30的示例,并不构成对终端设备30的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述终端设备30还可以包括输入输出设备、网络接入设备、总线等。The terminal device 30 may be a computing device such as a desktop computer, a notebook, a palmtop computer, or a cloud server. The terminal device 30 may include, but not limited to, a processor 300 and a memory 301 . Those skilled in the art can understand that FIG. 6 is only an example of the terminal device 30, and does not constitute a limitation on the terminal device 30. It may include more or less components than those shown in the figure, or combine certain components, or different components. For example, the terminal device 30 may also include an input and output device, a network access device, a bus, and the like.
所称处理器300可以是中央处理单元(Central Processing Unit,CPU),还可 以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 300 may be a central processing unit (Central Processing Unit, CPU), and may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), Off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
所述存储器301可以是所述终端设备30的内部存储单元,例如终端设备30的硬盘或内存。所述存储器301也可以是所述终端设备30的外部存储终端设备,例如所述终端设备30上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器301还可以既包括所述终端设备30的内部存储单元也包括外部存储设备。所述存储器301用于存储所述计算机程序以及所述终端设备30所需的其他程序和数据。所述存储器301还可以用于暂时地存储已经输出或者将要输出的数据。The storage 301 may be an internal storage unit of the terminal device 30 , for example, a hard disk or a memory of the terminal device 30 . The memory 301 can also be an external storage terminal device of the terminal device 30, such as a plug-in hard disk equipped on the terminal device 30, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD ) card, flash memory card (Flash Card), etc. Further, the memory 301 may also include both an internal storage unit of the terminal device 30 and an external storage device. The memory 301 is used to store the computer program and other programs and data required by the terminal device 30 . The memory 301 can also be used to temporarily store data that has been output or will be output.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device and method can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元 中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储计算机程序的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on such an understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc and other media that can store computer programs. .
实施例四Embodiment four
本发明实施例还提供一种包含计算机可执行指令的存储介质,所述计算机可执行指令在由计算机处理器执行时用于执行一种云平台权限设置方法,该方法包括以下步骤:The embodiment of the present invention also provides a storage medium containing computer-executable instructions, the computer-executable instructions are used to execute a cloud platform authority setting method when executed by a computer processor, and the method includes the following steps:
获取云平台页面上的功能模块的模块数据,根据模块数据配置页面功能表,页面功能表中包括有每个功能模块的每个功能的功能信息;Obtain the module data of the functional modules on the cloud platform page, configure the page function table according to the module data, and include the function information of each function of each function module in the page function table;
获取云平台上所有接口的接口数据,根据接口数据配置系统功能接口表,系统功能接口表中包括有每个接口的接口信息;Obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and the system function interface table includes the interface information of each interface;
根据页面功能表中的功能信息以及系统功能接口表中的接口信息,配置页面功能依赖接口表,页面功能依赖接口表中包括有每个功能和每个接口之间的对应关系;According to the function information in the page function table and the interface information in the system function interface table, configure the page function dependent interface table, and the page function dependent interface table includes the corresponding relationship between each function and each interface;
根据每个角色的权限以及页面功能表,配置角色功能授权表,角色功能权限表中包括有每个角色所能够使用的功能;According to the permissions of each role and the page function table, configure the role function authorization table, which includes the functions that each role can use;
确定当前登录云平台的第一角色,当所述第一角色调用第一接口时,根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口。Determine the first role currently logged into the cloud platform, and when the first role calls the first interface, determine the first role according to the page function dependency interface table, the role function authorization table, and the system function interface table. Whether the role has permission to call the first interface.
注意,上述仅为本发明实施例的较佳实施例及所运用技术原理。本领域技 术人员会理解,本发明实施例不限于这里所述的特定实施例,对本领域技术人员来说能够进行各种明显的变化、重新调整和替代而不会脱离本发明实施例的保护范围。因此,虽然通过以上实施例对本发明实施例进行了较为详细的说明,但是本发明实施例不仅仅限于以上实施例,在不脱离本发明实施例构思的情况下,还可以包括更多其他等效实施例,而本发明实施例的范围由所附的权利要求范围决定。Note that the above are only preferred embodiments and technical principles used in the embodiments of the present invention. Those skilled in the art will understand that the embodiments of the present invention are not limited to the specific embodiments described here, and those skilled in the art can make various obvious changes, readjustments and substitutions without departing from the protection scope of the embodiments of the present invention . Therefore, although the embodiments of the present invention have been described in detail through the above embodiments, the embodiments of the present invention are not limited to the above embodiments, and may include more other equivalents without departing from the concept of the embodiments of the present invention. embodiment, and the scope of the embodiments of the present invention is determined by the scope of the appended claims.

Claims (10)

  1. 一种云平台权限设置方法,其特征在于,包括以下步骤:A cloud platform authority setting method, is characterized in that, comprises the following steps:
    获取云平台页面上的功能模块的模块数据,根据所述模块数据配置页面功能表,所述页面功能表中包括有每个功能模块的每个功能的功能信息;Obtain the module data of the functional module on the cloud platform page, configure the page function table according to the module data, and include the function information of each function of each function module in the described page function table;
    获取云平台上所有接口的接口数据,根据所述接口数据配置系统功能接口表,所述系统功能接口表中包括有每个所述接口的接口信息;Obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each described interface in the system function interface table;
    根据所述页面功能表中的功能信息以及所述系统功能接口表中的接口信息,配置页面功能依赖接口表,所述页面功能依赖接口表中包括有每个所述功能和所述每个所述接口之间的对应关系;According to the function information in the page function table and the interface information in the system function interface table, configure the page function-dependent interface table, and the page function-dependent interface table includes each of the functions and each of the Correspondence between the above interfaces;
    根据每个角色的权限以及所述页面功能表,配置角色功能授权表,所述角色功能权限表中包括有所述每个角色所能够使用的功能;According to the authority of each role and the page function table, a role function authorization table is configured, and the function that each role can use is included in the role function authorization table;
    确定当前登录云平台的第一角色,当所述第一角色调用第一接口时,根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口。Determine the first role currently logged into the cloud platform, and when the first role calls the first interface, determine the first role according to the page function dependency interface table, the role function authorization table, and the system function interface table. Whether the role has permission to call the first interface.
  2. 根据权利要求1所述的一种云平台权限设置方法,其特征在于,所述获取云平台页面上功能模块的功能数据,根据所述功能数据配置页面功能表的具体过程为:A kind of cloud platform authority setting method according to claim 1, it is characterized in that, described acquisition the function data of function module on the cloud platform page, according to the concrete process of described function data configuration page function table is:
    获取所述云平台页面的功能模块的功能数据以及所述云平台页面的页面布局结构,根据所述页面布局结构以及所述功能数据配置页面功能表。Obtain the function data of the function modules of the cloud platform page and the page layout structure of the cloud platform page, and configure a page function table according to the page layout structure and the function data.
  3. 根据权利要求2所述的一种云平台权限设置方法,其特征在于,所述功能包括有N级功能,且第i级功能为第i-1级功能的子功能,第i级功能为第i+1级功能的父功能,其中2≤i≤N-1,N为正整数;A kind of cloud platform authority setting method according to claim 2, it is characterized in that, described function comprises N level function, and i-th level function is the sub-function of i-1 level function, and i-th level function is the sub-function of the i-th level function The parent function of the i+1 level function, where 2≤i≤N-1, N is a positive integer;
    相应的,所述根据所述页面布局结构以及所述功能数据配置页面功能表的具体过程为:Correspondingly, the specific process of configuring the page function table according to the page layout structure and the function data is as follows:
    根据所述页面布局结构确定每个所述功能模块中的N级功能,根据所述功能数据以及所述N级功能配置页面功能表。N-level functions in each of the function modules are determined according to the page layout structure, and a page function table is configured according to the function data and the N-level functions.
  4. 根据权利要求3所述的一种云平台权限设置方法,其特征在于,所述根据所述功能数据以及所述N级功能配置页面功能表的具体过程为:A kind of cloud platform authority setting method according to claim 3, it is characterized in that, the specific process of described according to described function data and described N level function configuration page function table is:
    根据所述功能数据以及第1级功能,在页面功能表中配置第1级功能的功能信息,在所述第1级功能的功能信息中设置第一下拉列表;According to the function data and the first-level function, the function information of the first-level function is configured in the page function table, and the first drop-down list is set in the function information of the first-level function;
    设置参数X,2≤X≤N-1,初始化X,令X=2;Set parameter X, 2≤X≤N-1, initialize X, let X=2;
    根据所述功能数据以及第X级功能,在所述页面功能表中的第X-1下拉列表中,配置所述第X级功能的功能信息,在所述第X级功能的功能信息中设置第X下拉列表,令X=X+1,重新执行此步骤,直至得到第N-1下拉列表为止;According to the function data and the X-level function, configure the function information of the X-level function in the X-1 drop-down list in the page function table, and set it in the function information of the X-level function The Xth drop-down list, let X=X+1, re-execute this step until the N-1th drop-down list is obtained;
    根据所述功能数据以及第N级功能,在第N-1下拉列表中,设置第N级功能的功能信息。According to the function data and the Nth level function, the function information of the Nth level function is set in the N-1th drop-down list.
  5. 根据权利要求1所述的一种云平台权限设置方法,其特征在于,所述根据所述页面功能表中的功能信息以及所述系统功能接口表中的接口信息,配置页面功能依赖接口表的具体过程为:A kind of cloud platform permission setting method according to claim 1, it is characterized in that, according to the function information in the described page function table and the interface information in the described system function interface table, configuration page function depends on the interface table The specific process is:
    根据所述页面功能表中每一个功能所对应的所有接口,确定所述页面功能表中的功能与所述系统功能接口表中的接口之间的对应关系,根据所述功能信息、所述接口信息以及所述对应关系,配置页面功能依赖接口表。According to all interfaces corresponding to each function in the page function table, determine the corresponding relationship between the functions in the page function table and the interfaces in the system function interface table, according to the function information, the interface Information and the corresponding relationship, the configuration page function depends on the interface table.
  6. 根据权利要求1所述的一种云平台权限设置方法,其特征在于,所述根据每个角色的权限以及所述页面功能表,配置角色功能授权表的具体过程为:A kind of cloud platform authority setting method according to claim 1, it is characterized in that, described according to the authority of each role and described page function table, the specific process of configuring role function authorization table is:
    根据每个角色的权限,基于所述页面功能表确定所述每个角色在不同区域中所能够使用的功能,根据所述每个角色在所述不同区域中所能够使用的功能配置角色功能授权表。According to the authority of each role, determine the functions that each role can use in different areas based on the page function table, and configure role function authorization according to the functions that each role can use in the different areas surface.
  7. 根据权利要求6所述的一种云平台权限设置方法,其特征在于,所述根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口的具体过程为:The method for setting permissions on a cloud platform according to claim 6, wherein the first role is determined according to the page function dependency interface table, the role function authorization table, and the system function interface table The specific process of whether there is permission to call the first interface is:
    获取所述第一接口的第一接口信息,根据所述第一接口信息判断所述系统功能接口表中是否包括有所述第一接口;Acquiring first interface information of the first interface, and judging whether the system function interface table includes the first interface according to the first interface information;
    若不包括有所述第一接口,结束流程;If the first interface is not included, end the process;
    若包括有所述第一接口,根据所述系统功能接口表中第一接口的接口信息,判断所述第一接口是否参与权限检测;If the first interface is included, judge whether the first interface participates in authority detection according to the interface information of the first interface in the system function interface table;
    若不参与权限检测,则所述第一角色有权限调用第一接口;If not participating in the authority detection, the first role has the authority to call the first interface;
    若参与权限检测,确定所述第一角色所在第一区域,根据所述第一角色以及所述第一区域,在所述角色功能授权表查找所述第一角色所能够使用的目标功能;If participating in authority detection, determine the first area where the first role is located, and look up the target functions that the first role can use in the role function authorization table according to the first role and the first area;
    根据所述页面功能依赖接口表中的对应关系,查找出与所述目标功能相对应的目标接口,判断所述目标接口中是否包括有所述第一接口;Find out the target interface corresponding to the target function according to the corresponding relationship in the page function dependent interface table, and judge whether the first interface is included in the target interface;
    若是,则所述第一角色有权限调用所述第一接口;若否,则所述第一角色没有权限调用所述第一接口。If yes, the first role has permission to call the first interface; if not, the first role has no permission to call the first interface.
  8. 一种云平台权限设置装置,其特征在于,包括页面功能表配置模块、系统功能接口表配置模块、页面功能依赖接口表配置模块、角色功能授权表配置模块以及权限判断模块;A cloud platform permission setting device, characterized in that it includes a page function table configuration module, a system function interface table configuration module, a page function dependent interface table configuration module, a role function authorization table configuration module and a permission judgment module;
    所述页面功能表配置模块用于获取云平台页面上的功能模块的模块数据,根据所述模块数据配置页面功能表,所述页面功能表中包括有每个功能模块的每个功能的功能信息;The page function table configuration module is used to obtain the module data of the function modules on the cloud platform page, configure the page function table according to the module data, and include the function information of each function of each function module in the page function table ;
    所述系统功能接口表配置模块用于获取云平台上所有接口的接口数据,根据所述接口数据配置系统功能接口表,所述系统功能接口表中包括有每个所述接口的接口信息;The system function interface table configuration module is used to obtain the interface data of all interfaces on the cloud platform, configure the system function interface table according to the interface data, and include the interface information of each of the interfaces in the system function interface table;
    所述页面功能依赖接口表配置模块用于根据所述页面功能表中的功能信息以及所述系统功能接口表中的接口信息,配置页面功能依赖接口表,所述页面功能依赖接口表中包括有每个所述功能和所述每个所述接口之间的对应关系;The page function dependent interface table configuration module is used to configure the page function dependent interface table according to the function information in the page function table and the interface information in the system function interface table, and the page function dependent interface table includes The corresponding relationship between each of the functions and each of the interfaces;
    所述角色功能授权表配置模块用于根据每个角色的权限以及所述页面功能表,配置角色功能授权表,所述角色功能权限表中包括有所述每个角色所能够使用的功能;The role function authorization table configuration module is used to configure a role function authorization table according to the authority of each role and the page function table, and the role function authorization table includes the functions that can be used by each role;
    所述权限判断模块用于确定当前登录云平台的第一角色,当所述第一角色调用第一接口时,根据所述页面功能依赖接口表、所述角色功能授权表以及所述系统功能接口表,确定所述第一角色是否有权限调用所述第一接口。The authority judging module is used to determine the first role currently logged into the cloud platform, and when the first role calls the first interface, according to the page function dependent interface table, the role function authorization table and the system function interface table to determine whether the first role has permission to call the first interface.
  9. 一种终端设备,其特征在于,所述终端设备包括处理器以及存储器;A terminal device, characterized in that the terminal device includes a processor and a memory;
    所述存储器用于存储计算机程序,并将所述计算机程序传输给所述处理器;the memory is used to store a computer program and transmit the computer program to the processor;
    所述处理器用于根据所述计算机程序中的指令执行如权利要求1-7中任一项所述的一种云平台权限设置方法。The processor is configured to execute a cloud platform permission setting method according to any one of claims 1-7 according to instructions in the computer program.
  10. 一种存储计算机可执行指令的存储介质,其特征在于,所述计算机可执行指令在由计算机处理器执行时用于执行如权利要求1-7中任一项所述的一种云平台权限设置方法。A storage medium for storing computer-executable instructions, characterized in that the computer-executable instructions are used to perform a cloud platform permission setting according to any one of claims 1-7 when executed by a computer processor method.
PCT/CN2021/131905 2021-11-19 2021-11-19 Cloud platform permission setting method and apparatus, terminal device, and storage medium WO2023087278A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/131905 WO2023087278A1 (en) 2021-11-19 2021-11-19 Cloud platform permission setting method and apparatus, terminal device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/131905 WO2023087278A1 (en) 2021-11-19 2021-11-19 Cloud platform permission setting method and apparatus, terminal device, and storage medium

Publications (1)

Publication Number Publication Date
WO2023087278A1 true WO2023087278A1 (en) 2023-05-25

Family

ID=86396022

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/131905 WO2023087278A1 (en) 2021-11-19 2021-11-19 Cloud platform permission setting method and apparatus, terminal device, and storage medium

Country Status (1)

Country Link
WO (1) WO2023087278A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117667951A (en) * 2024-01-31 2024-03-08 杭州海康威视数字技术股份有限公司 Data processing method and device for characteristic data of camera

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499906A (en) * 2008-02-02 2009-08-05 厦门雅迅网络股份有限公司 Method for implementing subscriber authority management based on role function mapping table
US20140096237A1 (en) * 2011-05-24 2014-04-03 Nec Corporation Information processing system, access right management method, information processing apparatus and control method and control program therefor
CN107992767A (en) * 2017-11-29 2018-05-04 国云科技股份有限公司 A kind of authority control method based on more cloud platforms
CN110780876A (en) * 2019-10-29 2020-02-11 北京北纬通信科技股份有限公司 Web development front-end and back-end separation authority control method and system
CN111581633A (en) * 2020-03-31 2020-08-25 浪潮通用软件有限公司 Function authority control method, device and medium based on cloud computing
CN112580079A (en) * 2020-12-25 2021-03-30 平安银行股份有限公司 Authority configuration method and device, electronic equipment and readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499906A (en) * 2008-02-02 2009-08-05 厦门雅迅网络股份有限公司 Method for implementing subscriber authority management based on role function mapping table
US20140096237A1 (en) * 2011-05-24 2014-04-03 Nec Corporation Information processing system, access right management method, information processing apparatus and control method and control program therefor
CN107992767A (en) * 2017-11-29 2018-05-04 国云科技股份有限公司 A kind of authority control method based on more cloud platforms
CN110780876A (en) * 2019-10-29 2020-02-11 北京北纬通信科技股份有限公司 Web development front-end and back-end separation authority control method and system
CN111581633A (en) * 2020-03-31 2020-08-25 浪潮通用软件有限公司 Function authority control method, device and medium based on cloud computing
CN112580079A (en) * 2020-12-25 2021-03-30 平安银行股份有限公司 Authority configuration method and device, electronic equipment and readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117667951A (en) * 2024-01-31 2024-03-08 杭州海康威视数字技术股份有限公司 Data processing method and device for characteristic data of camera
CN117667951B (en) * 2024-01-31 2024-05-03 杭州海康威视数字技术股份有限公司 Data processing method and device for characteristic data of camera

Similar Documents

Publication Publication Date Title
WO2021051878A1 (en) Cloud resource acquisition method and apparatus based on user permission, and computer device
CN102938039B (en) For the selectivity file access of application
JP5922149B2 (en) Providing security boundaries
RU2667713C2 (en) Virtual machine manager facilitated selective code integrity enforcement
US8806576B1 (en) Managing hardware reboot and reset in shared environments
JP6306055B2 (en) Using free-form metadata for access control
US11640477B2 (en) Restrictions on virtualized sessions using risk factor assessment
US20140214922A1 (en) Method of providing virtual machine and service gateway for real-time virtual desktop service
JP2016527608A (en) Process authentication and resource permissions
WO2013097655A1 (en) Storage service method and storage server applying the method
EP2924947B1 (en) Method and apparatus for controlling access
US11775632B2 (en) Credential manager integration
KR101478801B1 (en) System and method for providing cloud computing service using virtual machine
WO2023087278A1 (en) Cloud platform permission setting method and apparatus, terminal device, and storage medium
US10437760B2 (en) Virtual universal serial bus peripheral controller
US20140101719A1 (en) Systems and methods for providing a network storage system
US20150242599A1 (en) Cluster license server
US8949930B1 (en) Template representation of security resources
US20140297953A1 (en) Removable Storage Device Identity and Configuration Information
WO2023092316A1 (en) Third-party service login method and apparatus, terminal device, and storage medium
US20230098536A1 (en) Dynamic security challenge authentication
CN114124524A (en) Cloud platform permission setting method and device, terminal equipment and storage medium
US20180324161A1 (en) Domain authentication
TWI528210B (en) Synchronization apparatus, method, and computer program product thereof
WO2019237538A1 (en) Method for configuring monitoring instance, server, and computer-readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21964432

Country of ref document: EP

Kind code of ref document: A1