A kind of authority control method that separates with applied business, system and device
Technical field
The present invention relates to the computer internet technology, relate in particular to the web application system, particularly a kind of authority control method that separates with applied business, system and device.
Background technology
Authority module all is the indispensable part of web application system all the time, and what most control of authority process adopted is following dual mode:
Mode one is to come the authority user is distributed with related through application module.
Mode two is to need to read active user's authority through authority management module in the module of control of authority at all, controls user's authority according to the attribute of authority.
Above-mentioned dual mode, application module and control of authority module relation get too tight, can't the control of authority module be multiplexed in other application systems effectively, cause the developer to repeat to do a large amount of similarly work.And,, when application system need increase the rights management function so afterwards, increase the design of authority module and the workload of realization again and just become quite huge and have very high risk if application system does not have the function of rights management when initial design.There are the problems referred to above too for the web application system.
Summary of the invention
The invention provides a kind of authority control method that separates with applied business, system and device, can realize the multiplexing of control of authority easily to reduce development cost and risk.
The authority control method that a kind of and applied business that the embodiment of the invention provides separates comprises the steps:
A, with at least one needs the function point of control of authority to send to server on the webpage;
B, server with receive that the function point that needs control of authority and current accessed person's authority compare, and judge whether to allow current accessed person to use said function point, and judged result is sent to client;
C, client show the function point that allows current accessed person to use according to said judged result, hide the function point that does not allow current accessed person to use.
Preferably, steps A comprises:
Store in first array comprising the label control that needs the function point of control of authority attribute on the webpage, the function point that needs control of authority in the webpage is stored in second array, and second array is sent to server.
Preferably, step B comprises:
B1, server obtain the authority element with inquiry and store in the 3rd array to data base querying current accessed person's authority, and create the 4th a total identical array with the element of second array at server;
B2, server compare each the authority element in each function point in second array and the 3rd array; When the function point of second certain position of array is identical with any one authority element comparing result in the 3rd array; The value of the relevant position of four array corresponding with the said position of second array is set to logical truth, otherwise the value of the relevant position of the 4th array is set to logical falsehood;
After B3, contrast were accomplished, server returned the 4th array to client.
Preferably, step C comprises:
Client with the hiding attribute of each element in first array be arranged to the 4th array in the logical value opposite logical value corresponding with said element.
The embodiment of the invention proposes a kind of authority control system that separates with applied business, and this authority control system comprises client and server,
Said client is used at least one needs the function point of control of authority to send to server on the webpage; And, show the function point that allows current accessed person to use according to judged result from server, hide the function point that does not allow current accessed person to use;
Said server with receive that the function point that needs control of authority and current accessed person's authority compare, and judge whether to allow current accessed person to use said function point, and judged result is sent to client.
Preferably, said client comprises:
The first array manipulation module is used for needing the label control of the function point of control of authority attribute to store first array into comprising on the webpage;
The second array manipulation module is used for needing the function point of control of authority to store in second array webpage, and second array is sent to server.
Preferably, said server comprises:
The 3rd array manipulation module is used for the authority to data base querying current accessed person, inquiry is obtained the authority element store in the 3rd array;
The 4th array manipulation module is used to create the 4th a total identical array with the element of second array, after the contrast of authority control module is accomplished, returns the 4th array to client;
The control of authority module; Be used for each the authority element in each function point of second array and the 3rd array is compared; When the function point of second certain position of array is identical with any one authority element comparing result in the 3rd array; The value of the relevant position of four array corresponding with the said position of second array is set to logical truth, otherwise the value of the relevant position of the 4th array is set to logical falsehood.
Preferably, said client comprises:
Display module, be used for the hiding attribute of first each element of array be arranged to the 4th array that is received from server in the logical value opposite logical value corresponding with said element.
The embodiment of the invention proposes a kind of client, comprising:
The first array manipulation module is used for needing the label control of the function point of control of authority attribute to store first array into comprising on the webpage;
The second array manipulation module is used for needing the function point of control of authority to store in second array webpage, and second array is sent to server;
Display module, be used for the hiding attribute of first each element of array be arranged to the 4th array that is received from server in the logical value opposite logical value corresponding with said element.
The embodiment of the invention also proposes a kind of server, comprising:
The 3rd array manipulation module is used for the authority to data base querying current accessed person, inquiry is obtained the authority element store in the 3rd array;
The 4th array manipulation module is used to create the 4th a total identical array with the element of second array, after the contrast of authority control module is accomplished, returns the 4th array to client;
The control of authority module; Be used for each the authority element in each function point of second array and the 3rd array is compared; When the function point of second certain position of array is identical with any one authority element comparing result in the 3rd array; The value of the relevant position of four array corresponding with the said position of second array is set to logical truth, otherwise the value of the relevant position of the 4th array is set to logical falsehood.
Can find out from above technical scheme, only need the function point of specify labels control, carry out control of authority through control of authority split-frame provided by the invention unification and handle, and then realize separating of control of authority and applied business at applied business.Like this, the structure that not only makes code is more clear and be easy to the management and the maintenance in later stage, the benefits such as easy autgmentability and low-risk that the ease for operation of control of authority also are provided and in not having the web application system of processing authority, increased authority module.
Description of drawings
Fig. 1 is the realization flow sketch map of the authority control method that separates with applied business of the present invention's proposition;
Fig. 2 is the present invention program's a deployment sketch map;
Fig. 3 realizes the flow chart of control authority separation logic for the embodiment of the invention.
Embodiment
The realization flow of the authority control method that separates with applied business that the present invention proposes is as shown in Figure 1, mainly may further comprise the steps:
Step 101: the label control that comprises the function point attribute on the webpage (comprising the interpolation attribute of user like button) is stored among the array A, function point is stored among the array B, and array B is sent to server.
Step 102: server obtains the authority element with inquiry and stores among the array C to data base querying current accessed person's authority, and creates a total identical array D with array B element at server.
Step 103: server compares each the authority element among each function point among the array B and the array C, to confirm whether the active user has the pairing authority of function point in database.
When the function point of certain position of array B is identical with any one authority element comparing result among the array C; The value of the relevant position of just corresponding with the said position of array B array D is set to logical truth (TRUE; Can represent with character 1); Otherwise just the value of the relevant position of array D is set to logical falsehood (FALSE can represent with character 0).
Step 104: contrast is returned array D (what return is the character string content of array D) by server to client after accomplishing.
Step 105: client will receive array D; Then the hiding attribute of n element (label control of function point) among the array A is arranged to the logical value (value that TRUE opposite be FALSE) opposite with n element of array D, thereby hides the relevant label control (like " button " on the webpage) of authority that does not possess with the active user on the webpage.
The present invention program's deployment is as shown in Figure 2, comprises the steps:
Step 201: the file of in webpage, introducing authority separating controlling framework.
Step 202: webpage loads the unified method of calling the interpolation function point and the respective labels control of control of authority split-frame in back; Its effect is that the label control that comprises function point and function point are stored in respectively among the array A, B of this framework, thus let authority control split-frame handles respective labels control on the webpage hidingly wait operation.
Step 203: on the label of needs separation control of authority, increase an additional attribute, its property value is the function corresponding point.
The embodiment of the invention exemplarily adopts script (for example javascript) to realize the control authority separation logic.Concrete steps are as shown in Figure 3, comprise the steps:
Step 301: the label control (like " interpolation user profile " on the webpage, " searching user's information " button) that will comprise function point stores among the array A, and function point (as: adding user, inquiring user) is stored among the array B correspondingly.
Step 302: send the HTTP request to server.Send the content of array B to server.
Step 303: server is stored in the result's (" browsing user profile ", " inquiring user " authority) who inquires about among the array C to data base querying current accessed person's authority information.Create the array D of onesize with array B (element total identical) at server.
Step 304: each element of each function point among the array B and array C is compared, the value of array D is set according to comparing result.
When the function point (as: second locational " inquiring user ") of certain position of array B is identical with any one element comparing result among the array C; Just array D and array B one to one the value of position (second position of array D) be set to TRUE, otherwise just it is set to FALSE (as: the locational value of first of array D just for FALSE).
Step 305: each function point in array B has all carried out after the contrast with each element of array C, and just obtaining one is the array D (as: [FALSE, TRUE]) of TRUE or FALSE with big or small identical and each element value of array B.Server just returns the character string content of array D to client.
Step 306: the character string content of the array D that client will receive from server converts array E into, then the hiding attribute of n element among the array A is arranged to the opposite value (value that TRUE is opposite is FALSE) with n element of array E.So just the relevant label control (like " adding the user " button) of authority that does not possess with the active user on the webpage has been carried out hiding operation.Thereby make the illegal operation of carrying out oneself not having authority of visitor, reach the effect that control of authority separates.
The embodiment of the invention also proposes a kind of authority control system that separates with applied business, and this authority control system comprises client and server,
Said client is used at least one needs the function point of control of authority to send to server on the webpage; And, show the function point that allows current accessed person to use according to judged result from server, hide the function point that does not allow current accessed person to use;
Said server with receive that the function point that needs control of authority and current accessed person's authority compare, and judge whether to allow current accessed person to use said function point, and judged result is sent to client.
Preferably, said client comprises:
The first array manipulation module is used for needing the label control of the function point of control of authority attribute to store first array into comprising on the webpage;
The second array manipulation module is used for needing the function point of control of authority to store in second array webpage, and second array is sent to server;
Display module, be used for the hiding attribute of first each element of array be arranged to the 4th array that is received from server in the logical value opposite logical value corresponding with said element.
Preferably, said server comprises:
The 3rd array manipulation module is used for the authority to data base querying current accessed person, inquiry is obtained the authority element store in the 3rd array;
The 4th array manipulation module is used to create the 4th a total identical array with the element of second array, after the contrast of authority control module is accomplished, returns the 4th array to client;
The control of authority module; Be used for each the authority element in each function point of second array and the 3rd array is compared; When the function point of second certain position of array is identical with any one authority element comparing result in the 3rd array; The value of the relevant position of four array corresponding with the said position of second array is set to logical truth, otherwise the value of the relevant position of the 4th array is set to logical falsehood.
The invention provides a kind of short-cut method that in the web application system, applied business is separated with control of authority; Only need the function point (as: adding the user) of specify labels control at applied business; Load the back at webpage and carry out control of authority through control of authority framework provided by the invention unification and handle, and then realize separating of control of authority and applied business.Like this, the structure that not only makes code is more clear and be easy to the management and the maintenance in later stage, the benefits such as easy autgmentability and low-risk that the ease for operation of control of authority also are provided and in not having the web application system of processing authority, increased authority module.And this control of authority split-frame can also be multiplexed in other the web application system effectively, has improved the durability of this framework.Thereby solved the problem that is proposed in the background technology effectively.
Description through above execution mode; Those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential hardware platform; Can certainly all implement, but the former is better execution mode under a lot of situation through hardware.Based on such understanding; All or part of can the coming out that technical scheme of the present invention contributes to background technology with the embodied of software product; This computer software product can be stored in the storage medium, like ROM/RAM, magnetic disc, CD etc., comprises that some instructions are with so that a computer equipment (can be a personal computer; Server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.