CN106650500B - User permission modification method and system - Google Patents

User permission modification method and system Download PDF

Info

Publication number
CN106650500B
CN106650500B CN201611237983.6A CN201611237983A CN106650500B CN 106650500 B CN106650500 B CN 106650500B CN 201611237983 A CN201611237983 A CN 201611237983A CN 106650500 B CN106650500 B CN 106650500B
Authority
CN
China
Prior art keywords
user
configuration
permission
role
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611237983.6A
Other languages
Chinese (zh)
Other versions
CN106650500A (en
Inventor
温云龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GCI Science and Technology Co Ltd
Original Assignee
GCI Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GCI Science and Technology Co Ltd filed Critical GCI Science and Technology Co Ltd
Priority to CN201611237983.6A priority Critical patent/CN106650500B/en
Publication of CN106650500A publication Critical patent/CN106650500A/en
Application granted granted Critical
Publication of CN106650500B publication Critical patent/CN106650500B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Document Processing Apparatus (AREA)

Abstract

The invention discloses a method and a system for modifying user permission, wherein the method comprises the following steps: determining the role of the current request user according to the current login request; receiving an authority configuration item to be modified corresponding to the role of the current request user; determining the authority configuration item of a target user authority configuration segment corresponding to the current request user role according to the user role and the authority configuration item of each user authority configuration segment in a user authority configuration file stored in a preset structured document format and the current request user role; and modifying the authority configuration item of the target user authority configuration fragment according to the authority configuration item to be modified. According to the invention, the user authority configuration file is stored in the preset structured document format, so that the user authority configuration file does not need to be stored in the database, the expense and maintenance of the database are saved, different configuration information corresponding to different user roles is obtained, the configuration information corresponding to the current requesting user role is rapidly obtained, and the speed of modifying the user authority is improved.

Description

User permission modification method and system
Technical Field
The invention relates to the technical field of authority management, in particular to a user authority modification method and a user authority modification system.
Background
In a practical management system, the system has an allocation of user roles and configuration information. In order to modify the user configuration information, the conventional method stores the configuration information in a database, and obtains corresponding configuration information from the database to modify the configuration information. However, the data size of the user roles and the configuration information is generally not large, and the database itself is huge, so that the overhead and maintenance of the database are increased.
Disclosure of Invention
Based on this, it is necessary to provide a user right modification method and system for solving the problem that the conventional method increases the database overhead and maintenance.
In order to achieve the above purpose, the embodiment of the technical scheme of the invention is as follows:
a user authority modification method comprises the following steps:
determining the role of the current request user according to the current login request;
receiving an authority configuration item to be modified corresponding to the current request user role;
determining the authority configuration item of the target user authority configuration segment corresponding to the current request user role according to the user role and the authority configuration item of each user authority configuration segment in the user authority configuration file stored in a preset structured document format and the current request user role;
and modifying the authority configuration item of the target user authority configuration fragment according to the authority configuration item to be modified.
A user rights modification system comprising:
the current request user role determining module is used for determining the role of the current request user according to the current login request;
a to-be-modified permission configuration item receiving module, configured to receive a to-be-modified permission configuration item corresponding to the role of the current requesting user;
the permission configuration item determining module is used for determining the permission configuration item of the target user permission configuration segment corresponding to the current request user role according to the user role and the permission configuration item of each user permission configuration segment in the user permission configuration file stored in the preset structured document format and the current request user role;
and the user permission modification module is used for modifying the permission configuration item of the target user permission configuration fragment according to the permission configuration item to be modified.
Compared with the prior art, the invention has the beneficial effects that: the invention relates to a user permission modification method and a user permission modification system, which are characterized in that firstly, the role of a current request user is determined according to a current login request; receiving an authority configuration item to be modified corresponding to the role of the current request user; determining an authority configuration item of a target user authority configuration segment corresponding to the current request user role according to the current request user role and a user authority configuration file stored in a preset structured document format; and modifying the authority configuration item of the target user authority configuration fragment according to the to-be-modified authority configuration item. The user authority configuration file is stored in the preset structured document format, so that the user authority configuration file does not need to be stored in the database, the expense and maintenance of the database are saved, different user roles are stored in the user authority configuration file stored in the preset structured document format, different user roles correspond to different configuration information, the configuration information corresponding to the user role currently requested can be quickly acquired in the user authority configuration file, and the speed of modifying the user authority is improved.
Drawings
FIG. 1 is a flow diagram of a method for user rights modification in one embodiment;
FIG. 2 is a flow chart of a method for modifying user permissions based on a specific example of the method shown in FIG. 1;
FIG. 3 is a diagram illustrating a system for modifying user permissions according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the scope of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
The method for modifying the user right in one embodiment, as shown in fig. 1, includes the following steps:
step S101: determining the role of the current request user according to the current login request;
here, the user roles include admin (administrator), everyone (any user), user (ordinary user), and the like.
Specifically, a current requesting user role corresponding to the current login request is determined according to a corresponding relationship between a pre-stored login request and the user role.
Step S102: receiving an authority configuration item to be modified corresponding to the current request user role;
here, the user inputs the right configuration item to be modified, and issues a request for modifying the configuration to the background.
Specifically, the permission configuration item to be modified can adopt a JSON dictionary format or an xml document format with high readability.
Step S103: determining the authority configuration item of the target user authority configuration segment corresponding to the current request user role according to the user role and the authority configuration item of each user authority configuration segment in the user authority configuration file stored in a preset structured document format and the current request user role;
here, the preset structured document format is set according to actual needs, for example, the xml document format.
Specifically, the user authority configuration file includes a plurality of user authority configuration segments, each of which includes a user role and an authority configuration item, and in one embodiment, one user authority configuration segment stored in an xml document format is:
<normal role='admin'>
<network>10.1.166</network>
<controllerserver>10.1.xx.xxx</controllerserver>
<delayon>60</delayon>
<delayoff>5</delayoff>
<authkey>1YO4r5w8TAAk</authkey>
<expiration>3600</expiration>
<rdpkey>sq7c2b2PtnbtqKLB</rdpkey>
</normal>
in the embodiment, the user role is admin, and the authority configuration items are configuration items between normal and normal.
Step S104: and modifying the authority configuration item of the target user authority configuration fragment according to the authority configuration item to be modified.
Firstly, finding an authority configuration item corresponding to the authority configuration item to be modified in the authority configuration item of the target user authority configuration segment;
judging whether the found authority configuration item is the same as the authority configuration item to be modified;
and when the judgment is different, modifying the found authority configuration item according to the authority configuration item to be modified.
From the above description, it can be seen that, in the user permission modification method of the present invention, since the user permission configuration file is stored in the preset structured document format, the user permission configuration file does not need to be stored in the database, thereby saving the overhead and maintenance of the database, and meanwhile, the user permission configuration file stored in the preset structured document format stores different user roles, and the different user roles correspond to different configuration information, so that the configuration information corresponding to the currently requested user role can be quickly obtained in the user permission configuration file, thereby improving the speed of user permission modification.
In addition, in a specific example, the manner of determining the permission configuration item of the target user permission configuration segment corresponding to the current requesting user role includes:
according to the user role of each user permission configuration segment, acquiring a target user permission configuration segment corresponding to the current request user role in each user permission configuration segment;
and determining the authority configuration item of the target user authority configuration segment according to the authority configuration item of each user authority configuration segment.
Matching the current request user role with the user roles in each user permission configuration segment in the user permission configuration file, and acquiring a target user permission configuration segment corresponding to the current request user role after the role matching is passed; otherwise, the process is stopped and a null value or any value without substantive content is returned.
Specifically, the manner of obtaining the target user permission configuration segment corresponding to the current requesting user role includes:
determining the role grade of the current request user role and the role grade of the user role of each user permission configuration segment according to the corresponding relation between the pre-stored user role and the role grade;
and acquiring a target user permission configuration segment corresponding to the current request user role in each user permission configuration segment according to the role grade of the user role of each user permission configuration segment, wherein the target user permission configuration segment is a user permission configuration segment corresponding to the user role with the role grade smaller than or equal to the current request user role.
Here, the pre-stored user authority configuration file is filtered to obtain a target user authority configuration segment corresponding to the current request user role.
Here, a target user permission configuration segment corresponding to a user role smaller than or equal to the role level of the currently requested user role is obtained in each user permission configuration segment, for example, the user permission configuration file includes 3 user permission configuration segments, the user role of the first user permission configuration segment is admin, the user role of the second user permission configuration segment is user, the user role of the third user permission configuration segment is everyone, where the role level corresponding to admin is greater than the role level corresponding to user, the role level corresponding to user is greater than the role level corresponding to everyone, and the currently requested user role is user, the target user permission configuration segment is the user permission configuration segment corresponding to user role user and the user permission configuration segment corresponding to user role everne.
In addition, in a specific example, each user permission configuration segment further includes an operation attribute;
the method further comprises the steps of:
determining the operation attribute of the target user authority configuration fragment according to the operation attribute of each user authority configuration fragment;
judging whether the operation attribute of the target user permission configuration segment is read-write;
and when the operation attribute of the target user permission configuration segment is judged to be read-write, the step of modifying the permission configuration item of the target user permission configuration segment according to the permission configuration item to be modified is carried out.
Specifically, when the operation attribute of the target user permission configuration segment is read-write or read-only, the permission configuration item of the target user permission configuration segment is modified according to the permission configuration item to be modified, otherwise, the modification is stopped.
Here, the permission configuration item and the operation attribute hook prevent a user with low permission from accessing important configuration information, and simultaneously prevent the user with low permission from tampering the important configuration information, so that the configuration information is configurable and protected with a larger degree of freedom, and the requirement of multi-user/multi-tenant scene application is met.
Further, in one specific example, the method further comprises the steps of:
and performing json formatting treatment on the permission configuration item to be modified and the permission configuration item of the target user permission configuration fragment respectively.
Specifically, the json formatting the authority configuration item of the target user authority configuration fragment includes:
analyzing the target user authority configuration segment into a tree structure, namely analyzing the target user authority configuration segment into child nodes, and analyzing authority configuration items contained in the target user authority configuration segment into leaf nodes;
and iterating the child nodes, and determining the keywords and the values of all leaf nodes contained in the child nodes.
The original structured file is converted into a json format after being analyzed, and the basic format is { "keyword": and a mapping dictionary of the value is used for finally forming a value with stronger readability, so that the subsequent processing is facilitated.
And similarly, performing json formatting on the permission configuration item to be modified.
Further, in one specific example, the method further comprises the steps of:
detecting whether the grammar format of the permission configuration item to be modified is correct;
and when detecting that the grammar format of the permission configuration item to be modified is correct, entering a step of determining the permission configuration item of the target user permission configuration segment corresponding to the current request user role.
Specifically, whether the grammar format of the authority configuration item to be modified is correct is detected according to a preset grammar format, and the preset grammar format is determined according to the authority configuration item of each user authority configuration segment in a user authority configuration file stored in a preset structured document format.
And when detecting that the syntactic format of the permission configuration item to be modified is correct, determining the permission configuration item of the target user permission configuration segment corresponding to the current request user role, otherwise, stopping the subsequent processing.
In order to better understand the above method, an application example of the user right modification method of the present invention is described in detail below.
As shown in fig. 2, the following steps may be included:
step S201: storing a user authority configuration file in an xml document format, wherein each user authority configuration fragment in the user authority configuration file comprises a user role, an operation attribute and an authority configuration item;
each type of configuration is identified using a pair of parentheses, and the document structure in one embodiment is as follows:
Figure BDA0001195731400000061
Figure BDA0001195731400000071
here, the user authority configuration file in the above embodiment has two user authority configuration segments normal and log, where a user role of the user authority configuration segment normal is admin, an operation attribute opt is r/w, and authority configuration items are each configuration item between normal and normal; the role of the user authority configuration segment log is everyone, the operation attribute opt is r, and the authority configuration items are all configuration items between the log and the log.
Specifically, the user roles include admin (administrator), everyone (any user), user (ordinary user), and the like. The operation attribute includes r/w (read/write), r (read only), and the like.
Step S202: receiving a current login request sent by a client, wherein the current login request comprises a login user name and a login password;
step S203: determining the role of the current request user according to the current login request;
specifically, according to the correspondence between the pre-stored user name and password and the user role, the current requesting user role corresponding to the login user name and the login password is determined.
Step S204: receiving a permission configuration item to be modified corresponding to the current request user role sent by the client;
here, the user inputs the right configuration item to be modified, and issues a request for modifying the configuration to the background.
Specifically, the permission configuration item to be modified can adopt a JSON dictionary format or an xml document format with high readability.
Step S205: detecting whether the grammar format of the permission configuration item to be modified is correct or not;
specifically, whether the grammar format of the authority configuration item to be modified is correct is detected according to a preset grammar format, and the preset grammar format is determined according to the authority configuration item of each user authority configuration segment in a user authority configuration file stored in a preset structured document format.
Step S206: when the grammar format of the permission configuration item to be modified is detected to be correct, determining the role grade of the current requesting user role and the role grade of the user role of each user permission configuration segment in the user permission configuration file according to the corresponding relation between the pre-stored user role and the role grade, otherwise, stopping the subsequent processing;
step S207: according to the role grade of the user role of each user permission configuration segment in the user permission configuration file, acquiring a target user permission configuration segment corresponding to the current request user role in each user permission configuration segment, wherein the target user permission configuration segment is a user permission configuration segment corresponding to the user role with the role grade smaller than or equal to the current request user role;
specifically, the role grade corresponding to admin is greater than the role grade corresponding to user, and the role grade corresponding to user is greater than the role grade corresponding to everyone.
Here, if the current requesting user role is admin, the target user permission configuration segment is a user permission configuration segment corresponding to the user role admin and a user permission configuration segment corresponding to the user role evenyone.
Step S208: determining the authority configuration item of the target user authority configuration segment according to the authority configuration item of each user authority configuration segment in the user authority configuration file;
step S209: determining the operation attribute of the target user authority configuration fragment according to the operation attribute of each user authority configuration fragment in the user authority configuration file;
step S210: judging whether the operation attribute of the target user permission configuration segment is read-write;
step S211: when the operation attribute of the target user authority configuration fragment is judged to be read-write, json formatting processing is respectively carried out on the authority configuration item to be modified and the authority configuration item of the target user authority configuration fragment;
here, the permission configuration item and the operation attribute hook prevent a user with low permission from accessing important configuration information, and simultaneously prevent the user with low permission from tampering the important configuration information, so that the configuration information is configurable and protected with a larger degree of freedom, and the requirement of multi-user/multi-tenant scene application is met.
Specifically, the json formatting the authority configuration item of the target user authority configuration fragment includes:
analyzing the target user authority configuration segment into a tree structure, namely analyzing the target user authority configuration segment into child nodes, and analyzing authority configuration items contained in the target user authority configuration segment into leaf nodes;
and iterating the child nodes, and determining the keywords and the values of all leaf nodes contained in the child nodes.
The original structured file is converted into a json format after being analyzed, and the basic format is { "keyword": and a mapping dictionary of the value is used for finally forming a value with stronger readability, so that the subsequent processing is facilitated.
And similarly, performing json formatting on the permission configuration item to be modified.
Here, the json formatting process is performed on the user authority configuration file stored in the xml document format and the authority configuration item to be modified;
specifically, the json formatting processing of the user authority configuration file stored in the xml document format includes:
reading the user authority configuration file stored in the xml document format line by line and splicing the user authority configuration file into a large-scale character string variable;
after the configuration file is converted into the character string, the parenthesis at the head and the tail of the character string are marked '< config > and </config >' to indicate the beginning and the end of the file, which is the complete configuration information.
Then analyzing the user authority configuration file into a tree structure, analyzing each user authority configuration segment in the user authority configuration file into child nodes, analyzing authority configuration items contained in the user authority configuration segments into leaf nodes, iterating each child node, and determining keywords and values of each leaf node contained in each child node;
specifically, taking the document structure embodiment in step S201 as an example, parsing to obtain a root node config, deriving two child nodes normal and log, which in turn derive a plurality of child nodes, respectively iterating different child nodes, and finally obtaining a value of each leaf node, where the original structured file, after being parsed, is converted into json format, and the basic format is { "keyword": and a mapping dictionary of the value is used for finally forming a value with stronger readability, so that the subsequent processing is facilitated.
Here, both child nodes normal and log include user roles, operation attributes, and authority configuration items.
Step S212: finding out an authority configuration item corresponding to the authority configuration item to be modified from the authority configuration item of the target user authority configuration segment;
specifically, the permission configuration item to be modified comprises { "keyword": and finding a permission configuration item which is the same as a keyword of the permission configuration item to be modified in the permission configuration item of the target user permission configuration fragment, wherein the permission configuration item comprises the { "keyword": "value" };
step S213: and modifying the value of the authority configuration item found in the step S212 according to the value of the authority configuration item to be modified.
Here, it is determined whether the value of the authority configuration item to be modified is the same as the value of the authority configuration item found in step S212;
and when the judgment is different, modifying the value of the authority configuration item found in the step S212 into the value of the authority configuration item to be modified.
For example, the value of the authority configuration item to be modified is 20, the value of the authority configuration item found in step S212 is 10, and the value of the authority configuration item found in step S212 is modified to 20.
As can be seen from the above description, this embodiment stores the user permission configuration file in an xml document format, determines the role of the currently requested user according to the current login request after receiving the current login request, receives the permission configuration item to be modified input by the role of the currently requested user, detects whether the syntactic format of the permission configuration item to be modified is correct, and when the syntax format is correct, obtains the target user permission configuration segment corresponding to the target user role matched with the currently requested user role according to the user roles of the user permission configuration segments in the user permission configuration file, further determines the permission configuration item and the operation attribute of the target user permission configuration segment, and performs json formatting on the permission configuration item to be modified and the permission configuration item of the target user permission configuration segment when the operation attribute of the target user permission configuration segment is read-write, and finding the authority configuration item corresponding to the authority configuration item to be modified in the authority configuration item of the target user authority configuration segment, and modifying the found authority configuration item according to the authority configuration item to be modified. In the embodiment, the user authority configuration file is stored in the xml document format, so that the user authority configuration file does not need to be stored in the database, and the expense and maintenance of the database are saved; the user authority configuration file stored in the xml document format stores different user roles, the different user roles correspond to different configuration information, the configuration information corresponding to the current requested user role can be quickly acquired from the user authority configuration file, and the speed of modifying the user authority is improved; the permission configuration item and the operation attribute hook prevent a user with low permission from accessing important configuration information, and prevent the user with low permission from tampering the important configuration information, so that the configuration information is configurable and protected with greater freedom, and the requirement of multi-user/multi-tenant scene application is met.
In one embodiment, the system for modifying user rights, as shown in fig. 3, comprises:
a current request user role determination module 301, configured to determine a current request user role according to a current login request;
a to-be-modified permission configuration item receiving module 302, configured to receive a to-be-modified permission configuration item corresponding to the role of the current requesting user;
an authority configuration item determining module 303, configured to determine, according to the user role and the authority configuration item of each user authority configuration segment in the user authority configuration file stored in the preset structured document format, and the current requesting user role, an authority configuration item of a target user authority configuration segment corresponding to the current requesting user role;
and the user permission modification module 304 is configured to modify the permission configuration item of the target user permission configuration segment according to the permission configuration item to be modified.
As shown in fig. 3, in a specific embodiment, the permission configuration item determining module 303 includes:
a target user permission configuration segment obtaining unit 3031, configured to obtain, in each user permission configuration segment, a target user permission configuration segment corresponding to the currently requested user role according to the user role of each user permission configuration segment;
an authority configuration item determining unit 3032, configured to determine, according to the authority configuration item of each user authority configuration segment, an authority configuration item of the target user authority configuration segment.
In addition, in a specific example, each user permission configuration segment further includes an operation attribute;
as shown in fig. 3, in a specific embodiment, the system further comprises:
an operation attribute determining module 305, configured to determine an operation attribute of the target user permission configuration segment according to an operation attribute of each user permission configuration segment;
an operation attribute determining module 306, configured to determine whether the operation attribute of the target user permission configuration segment is read-write;
when the operation attribute determining module 306 determines that the operation attribute of the target user permission configuration segment is read-write, the user permission modifying module 304 modifies the permission configuration item of the target user permission configuration segment according to the permission configuration item to be modified.
As shown in fig. 3, in a specific embodiment, the system further comprises:
a json formatting module 307, configured to perform json formatting on the permission configuration item to be modified and the permission configuration item of the target user permission configuration segment, respectively.
As shown in fig. 3, in a specific embodiment, the system further comprises:
a syntax format detecting module 308, configured to detect whether a syntax format of the permission configuration item to be modified is correct;
when the syntax format detecting module 308 detects that the syntax format of the permission configuration item to be modified is correct, the permission configuration item determining module 303 determines the permission configuration item of the target user permission configuration segment corresponding to the currently requested user role according to the user role and the permission configuration item of each user permission configuration segment in the user permission configuration file stored in the preset structured document format and the currently requested user role.
From the above description, it can be seen that, in the user permission modification system of the present invention, since the user permission configuration file is stored in the preset structured document format, the user permission configuration file does not need to be stored in the database, thereby saving the overhead and maintenance of the database, and meanwhile, the user permission configuration file stored in the preset structured document format stores different user roles, and the different user roles correspond to different configuration information, so that the configuration information corresponding to the currently requested user role can be quickly obtained in the user permission configuration file, thereby improving the speed of user permission modification.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (8)

1. A user right modification method is characterized by comprising the following steps:
determining the role of the current request user according to the current login request;
receiving an authority configuration item to be modified corresponding to the current request user role;
determining the authority configuration item of the target user authority configuration segment corresponding to the current request user role according to the user role and the authority configuration item of each user authority configuration segment in the user authority configuration file stored in a preset structured document format and the current request user role;
modifying the authority configuration item of the target user authority configuration fragment according to the authority configuration item to be modified;
the user authority configuration file stored in the preset structured document format comprises a plurality of user authority configuration segments, and each user authority configuration segment comprises a user role and an authority configuration item;
the mode for determining the permission configuration item of the target user permission configuration segment corresponding to the current request user role comprises the following steps:
matching the current requesting user role with the user roles of the user permission configuration segments according to the user roles of the user permission configuration segments, if the role matching is passed, acquiring a target user permission configuration segment corresponding to the current requesting user role from the user permission configuration segments, and if not, stopping the processing;
and determining the authority configuration item of the target user authority configuration segment according to the authority configuration item of each user authority configuration segment.
2. The method according to claim 1, wherein each of the user right configuration segments further comprises an operation attribute;
the method further comprises the steps of:
determining the operation attribute of the target user authority configuration fragment according to the operation attribute of each user authority configuration fragment;
judging whether the operation attribute of the target user permission configuration segment is read-write;
and when the operation attribute of the target user permission configuration segment is judged to be read-write, the step of modifying the permission configuration item of the target user permission configuration segment according to the permission configuration item to be modified is carried out.
3. The method of claim 1, wherein the method further comprises the steps of:
and performing json formatting treatment on the permission configuration item to be modified and the permission configuration item of the target user permission configuration fragment respectively.
4. The method of claim 1, wherein the method further comprises the steps of:
detecting whether the grammar format of the permission configuration item to be modified is correct;
and when detecting that the grammar format of the permission configuration item to be modified is correct, entering a step of determining the permission configuration item of the target user permission configuration segment corresponding to the current request user role.
5. A user right modification system, comprising:
the current request user role determining module is used for determining the role of the current request user according to the current login request;
a to-be-modified permission configuration item receiving module, configured to receive a to-be-modified permission configuration item corresponding to the role of the current requesting user;
the permission configuration item determining module is used for determining the permission configuration item of the target user permission configuration segment corresponding to the current request user role according to the user role and the permission configuration item of each user permission configuration segment in the user permission configuration file stored in the preset structured document format and the current request user role;
the user authority modification module is used for modifying the authority configuration item of the target user authority configuration segment according to the authority configuration item to be modified;
the user authority configuration file stored in the preset structured document format comprises a plurality of user authority configuration segments, and each user authority configuration segment comprises a user role and an authority configuration item;
the permission configuration item determination module comprises:
a target user authority configuration segment obtaining unit, configured to match a current requesting user role with user roles of each user authority configuration segment according to the user roles of each user authority configuration segment, obtain a target user authority configuration segment corresponding to the current requesting user role in each user authority configuration segment if the role matching is passed, and otherwise, stop the processing;
and the authority configuration item determining unit is used for determining the authority configuration item of the target user authority configuration segment according to the authority configuration item of each user authority configuration segment.
6. The system of claim 5, wherein each of the user rights configuration fragments further comprises an operational attribute;
the system further comprises:
an operation attribute determining module, configured to determine an operation attribute of the target user permission configuration segment according to an operation attribute of each user permission configuration segment;
the operation attribute judging module is used for judging whether the operation attribute of the target user permission configuration segment is read-write;
when the operation attribute judging module judges that the operation attribute of the target user authority configuration segment is read-write, the user authority modifying module modifies the authority configuration item of the target user authority configuration segment according to the authority configuration item to be modified.
7. The system of claim 5, further comprising:
and the json formatting module is used for performing json formatting treatment on the permission configuration item to be modified and the permission configuration item of the target user permission configuration fragment respectively.
8. The system of claim 5, further comprising:
the grammar format detection module is used for detecting whether the grammar format of the permission configuration item to be modified is correct;
when the grammar format detection module detects that the grammar format of the permission configuration item to be modified is correct, the permission configuration item determination module determines the permission configuration item of the target user permission configuration segment corresponding to the current request user role according to the user role and the permission configuration item of each user permission configuration segment in the user permission configuration file stored in the preset structured document format and the current request user role.
CN201611237983.6A 2016-12-28 2016-12-28 User permission modification method and system Active CN106650500B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611237983.6A CN106650500B (en) 2016-12-28 2016-12-28 User permission modification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611237983.6A CN106650500B (en) 2016-12-28 2016-12-28 User permission modification method and system

Publications (2)

Publication Number Publication Date
CN106650500A CN106650500A (en) 2017-05-10
CN106650500B true CN106650500B (en) 2020-04-14

Family

ID=58832364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611237983.6A Active CN106650500B (en) 2016-12-28 2016-12-28 User permission modification method and system

Country Status (1)

Country Link
CN (1) CN106650500B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284602A (en) * 2018-09-13 2019-01-29 广东电网有限责任公司 A kind of authority configuring method and system
CN111949613A (en) * 2020-08-11 2020-11-17 深圳市前海手绘科技文化有限公司 Method for editing and saving JSON configuration file

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773413A (en) * 2004-11-10 2006-05-17 中国人民解放军国防科学技术大学 Character constant weight method
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN103034790A (en) * 2011-09-30 2013-04-10 上海博泰悦臻网络技术服务有限公司 Service system and user permission activation method
CN104036166A (en) * 2014-06-11 2014-09-10 中国人民解放军国防科学技术大学 User privilege escalation method supporting mandatory access control
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104732123A (en) * 2015-03-24 2015-06-24 浪潮集团有限公司 Function operation authority control method based on JSON format

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773413A (en) * 2004-11-10 2006-05-17 中国人民解放军国防科学技术大学 Character constant weight method
CN1967560A (en) * 2006-11-09 2007-05-23 华为技术有限公司 Controlling method of business operations competence and generating method of relational database
CN103034790A (en) * 2011-09-30 2013-04-10 上海博泰悦臻网络技术服务有限公司 Service system and user permission activation method
CN104036166A (en) * 2014-06-11 2014-09-10 中国人民解放军国防科学技术大学 User privilege escalation method supporting mandatory access control
CN105488431A (en) * 2015-11-30 2016-04-13 布比(北京)网络技术有限公司 Authority management method and device for block chain system

Also Published As

Publication number Publication date
CN106650500A (en) 2017-05-10

Similar Documents

Publication Publication Date Title
US8955120B2 (en) Flexible fingerprint for detection of malware
US9456229B2 (en) Parsing single source content for multi-channel publishing
TWI526825B (en) Web page link detection method, device and system
CN108718298B (en) Malicious external connection flow detection method and device
US20170083495A1 (en) Method for Modifying Webpage and Apparatus for Modifying Webpage
US8176555B1 (en) Systems and methods for detecting malicious processes by analyzing process names and process characteristics
WO2018145546A1 (en) Authentication method, device and storage medium
CN108881138B (en) Webpage request identification method and device
US20170351510A1 (en) Method for recognizing application type
WO2017167208A1 (en) Method and apparatus for recognizing malicious website, and computer storage medium
CN106650414B (en) User authority management method and system
US10423495B1 (en) Deduplication grouping
US20170309298A1 (en) Digital fingerprint indexing
CN106650500B (en) User permission modification method and system
CN110008462B (en) Command sequence detection method and command sequence processing method
CN107786529B (en) Website detection method, device and system
WO2022001944A1 (en) Method for modifying linux kernel, and terminal device and storage medium
US10956659B1 (en) System for generating templates from webpages
CN108229137B (en) Method and device for distributing document permission
CN109446052B (en) Verification method and device for application program
WO2020073493A1 (en) Sql injection vulnerability detection method, apparatus and device, and readable storage medium
CN105099996B (en) Website verification method and device
EP2819054B1 (en) Flexible fingerprint for detection of malware
WO2020019515A1 (en) Injection vulnerability detection method and device
WO2020019514A1 (en) Injection vulnerability detection method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant