CN110457891B - Permission configuration interface display method, device, terminal and storage medium - Google Patents

Permission configuration interface display method, device, terminal and storage medium Download PDF

Info

Publication number
CN110457891B
CN110457891B CN201910660702.5A CN201910660702A CN110457891B CN 110457891 B CN110457891 B CN 110457891B CN 201910660702 A CN201910660702 A CN 201910660702A CN 110457891 B CN110457891 B CN 110457891B
Authority
CN
China
Prior art keywords
control
authority
permission
role
displaying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910660702.5A
Other languages
Chinese (zh)
Other versions
CN110457891A (en
Inventor
程跃斌
甘松云
李羊
尹程程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Zhihengxin Technology Co ltd
Original Assignee
Anhui Zhihengxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Zhihengxin Technology Co ltd filed Critical Anhui Zhihengxin Technology Co ltd
Priority to CN201910660702.5A priority Critical patent/CN110457891B/en
Publication of CN110457891A publication Critical patent/CN110457891A/en
Application granted granted Critical
Publication of CN110457891B publication Critical patent/CN110457891B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/248Presentation of query results
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/04812Interaction techniques based on cursor appearance or behaviour, e.g. being affected by the presence of displayed objects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2203/00Indexing scheme relating to G06F3/00 - G06F3/048
    • G06F2203/048Indexing scheme relating to G06F3/048
    • G06F2203/04804Transparency, e.g. transparent or translucent windows
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Human Computer Interaction (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a permission configuration interface display method, a permission configuration interface display device, a permission configuration interface display terminal and a storage medium. The method comprises the following steps: receiving current user login information; displaying the permission control in a first area of a software interface; and visually configuring the permission control to the role. The method can enable non-technical personnel to carry out visual authority configuration on the page, really enables demanders or actual managers of the system to carry out visual and convenient authority configuration, and accordingly detaches technical personnel from the picnic of authority management and concentrates on development of business functions. The problems that the prior authority configuration requires a technical developer of the system to modify code adjustment in the background, so that the efficiency of the authority configuration is low, the process is redundant, the operation is inconvenient and the like in the system operation process are solved.

Description

Permission configuration interface display method, device, terminal and storage medium
Technical Field
The invention relates to the technical field of computer application, in particular to a permission configuration interface display method, a permission configuration interface display device, a permission configuration interface display terminal and a storage medium.
Background
Role-based access control (RBAC), which is the most studied and well-conceived data rights management mechanism in recent years, is considered as an ideal candidate for replacing the traditional Mandatory Access Control (MAC) and autonomous access control (DAC). The basic idea of role-based access control (RBAC) is to divide different roles according to different functional posts in an enterprise organization view, encapsulate the access authority of a data resource in the roles, and indirectly access the database resource by endowing different roles to users. The user authority management method can authorize one user to have a plurality of roles, and one role can be formed by a plurality of users; each role may have multiple permissions, and each permission may also be granted to multiple different roles. Each operation may be applied to multiple users, and each user may also accept multiple operations, with access to the user being controlled by the different roles that the user is assigned.
However, rights management and configuration currently requires maintenance in the background or databases by technicians or maintenance personnel who are very familiar with the system. The method is characterized in that technicians are enabled to configure role permissions in an information management system, and the role permissions are 'hard bones' which are troublesome and cautious, and the trouble is that each function module is newly built, the permissions are manually increased one by one, and then the roles are authorized; cautious is because different users have different processing rights to data, and once rights assignment is wrong, information is revealed by people with serious consequences. This is a serious problem in modern information management systems, and specific permissions for specific roles must be performed with a demander or a user, but software developers generally do not know the company architecture and precisely configure the permissions for different roles. Therefore, a new authorization method for rights is urgently needed to be developed to solve the problems ubiquitous in the current management system.
The prior art discloses a visual permission configuration method for Web application development, which comprises the following steps: step 1: selecting an object given by the web application development authority; step 2: determining the relation between the permission endowing object and the corresponding resource in a visual mode, wherein the resource corresponding to the permission endowing object is a dom element in html, and controlling a mouse to select the dom element on an html page in a visual window mode; and step 3: and establishing a mapping relation between the permission endowing object and the corresponding resource, and configuring a permission rule, wherein the position of the dom element in the current html page is positioned through an ID attribute or a self-defined unique identifier in html, or the position of the dom element in the current html page is positioned through a class attribute or a plurality of self-defined non-unique identifiers in html. The method sets the authority to endow the object with the accuracy only to the elements on the html page, but the data fields in the list are difficult to be more finely configured.
Disclosure of Invention
1. Problems to be solved
The invention provides a permission configuration interface display method, a permission configuration interface display device, a permission configuration interface display terminal and a storage medium, and aims to solve the problems that the permission configuration efficiency is low, the flow redundancy is caused, the operation is inconvenient and the like in the system operation process due to the fact that the current permission configuration needs a technical developer of a system to adjust codes through backstage. Displaying the permission control in a first area of a software interface; and visually configuring the permission control to the role. The method can enable non-technical personnel to carry out visual authority configuration on the page, really enables demanders or actual managers of the system to carry out visual and convenient authority configuration, and accordingly detaches technical personnel from the picnic of authority management and concentrates on development of business functions.
2. Technical scheme
In order to solve the above problems, the present invention adopts the following technical solutions.
In a first aspect, the present invention provides a method for displaying an authority configuration interface, including the steps of:
receiving current user login information;
displaying an authority control in a first area of a software interface;
and visually configuring the permission control to the role.
Further, the visually configuring the permission control to the role includes:
displaying a first control at a position corresponding to the authority control of the software interface;
responding to the operation of the first control, popping up a dialog box main body and a dialog box sub-control, wherein the dialog box sub-control correspondingly displays different role identifications;
and configuring the authority by checking different role identifiers.
Further, the step of displaying the first control at the position corresponding to the permission control of the software interface further includes:
displaying a second control in a second area of the software interface;
and responding to the operation of the second control, and displaying or hiding the first control at a position corresponding to the authority control of the software interface.
Further, when responding to the operation of the first control, the first control generates a semi-transparent mask layer which covers the display area controlled by the first control.
Further, the permission controls include a third control and a fourth control, and the first area includes a third area and a fourth area;
displaying a third control in a third area;
responding to an operation instruction of any one of the third controls;
and displaying a fourth control in a fourth sub-area of the software interface.
Further, the third control comprises a routing menu; the fourth control includes one or more of an action button, a page element, and a data field.
In a second aspect, the present invention provides an authority configuration interface display device, including:
the first receiving unit is used for receiving the current user login information;
the first display unit is used for displaying the permission control in a first area of a software interface according to the data;
and the permission configuration unit is used for configuring the permission control in a role in a visual mode.
Further, the permission configuration unit includes:
the second display unit is used for displaying the first control at the position corresponding to the authority control of the software interface;
the second receiving unit is used for receiving the operation on the first control and popping up a dialog box main body and a sub-control of the dialog box;
and the dialog box unit is used for displaying different role identifiers corresponding to the dialog box sub-controls, and configuring the authority by checking different role identifiers.
In a third aspect, the present invention provides a terminal, including a processor, an input device, an output device, and a memory, where the processor, the input device, the output device, and the memory are connected in sequence, the memory is used to store a computer program, the computer program includes program instructions, and the processor is configured to call the program instructions to execute the above method.
In a fourth aspect, the invention provides a readable storage medium, the storage medium storing a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the above-described method.
3. Advantageous effects
Compared with the prior art, the invention has the beneficial effects that:
(1) the invention provides a display method of an authority configuration interface, which displays an authority control in a first area of a software interface; and visually configuring the permission control to the role. The visual permission configuration can be carried out on the page by non-technical personnel, and the intuitive and convenient permission configuration can be really carried out by a demander of the system or an actual manager, so that the technical personnel are separated from the bitter sea of the permission management and concentrate on the development of business functions;
(2) the authority configuration has higher fine granularity, and particularly can control menus, buttons, page elements and data fields on the page, and compared with the traditional authority, the authority configuration can only control the menus and the buttons, so that the accurate control distribution of the authority of the page elements and the data fields is realized, the authority is more reasonably distributed to roles, and the authority configuration is more suitable for business development;
(3) through the operation of clicking the first control by a mouse, the first control can automatically become a semitransparent shielding layer, and the shielding layer covers a display area controlled by the current first control; the personnel of the authority configuration can clearly know that the configuration is clearer and more visual due to the display range and the displayed data controlled by the authority control;
(4) before rendering a front-end page, the server preprocesses the data field sql query request according to the authority data table corresponding to the current user and returns the authority data field corresponding to the user instead of displaying and hiding page elements and data fields by comparing the authority owned by the user in the prior art, so that the safety of data is better ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart of a rights visualization configuration control method in an information system according to an embodiment of the present invention;
fig. 2 is a schematic diagram of constructing a mapping relationship between a user and a role according to an embodiment of the present invention;
fig. 3 is a schematic software interface diagram of an opening authority configuration mode according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for displaying an authority configuration interface according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a software interface of an unopened permission configuration mode according to an embodiment of the present invention;
fig. 6 is a schematic view of a display structure of a permission configuration interface according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and therefore are only examples, and the protection scope of the present invention is not limited thereby. It is to be noted that, unless otherwise specified, technical or scientific terms used herein shall have the ordinary meaning as understood by those skilled in the art to which the invention pertains.
In the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection".
In particular implementations, the terminals described in embodiments of the invention include, but are not limited to, other portable devices such as mobile phones, laptop computers, or tablet computers having touch sensitive surfaces (e.g., touch screen displays and/or touch pads). It should also be understood that in some embodiments, the device is not a portable communication device, but is a desktop computer having a touch-sensitive surface (e.g., a touch screen display and/or touchpad).
In the discussion that follows, a terminal that includes a display and a touch-sensitive surface is described. However, it should be understood that the terminal may include one or more other physical user interface devices such as a physical keyboard, mouse, and/or joystick.
The terminal supports various applications, such as one or more of the following: a drawing application, a presentation application, a word processing application, a website creation application, a disc burning application, a spreadsheet application, a gaming application, a telephone application, a video conferencing application, an email application, an instant messaging application, an exercise support application, a photo management application, a digital camera application, a web browsing application, a digital music player application, and/or a digital video player application.
Various applications that may be executed on the terminal may use at least one common physical user interface device, such as a touch-sensitive surface. One or more functions of the touch-sensitive surface and corresponding information displayed on the terminal can be adjusted and/or changed between applications and/or within respective applications. In this way, a common physical architecture (e.g., touch-sensitive surface) of the terminal can support various applications with user interfaces that are intuitive and transparent to the user.
The basic concept of the invention is that firstly, an authority control and an authority configuration identification control are configured in an information system; then constructing a mapping relation between the user and the role; configuring the authority in a visual mode to roles by responding to the operation of configuring an identification control for the authority, and synchronously forming an authority data table corresponding to each user; the method can enable non-technical personnel to carry out visual authority configuration on the page, really enables demanders or actual managers of the system to carry out visual and convenient authority configuration, thereby stripping technical personnel out of the bitter sea of authority management and concentrating on the development of business functions, and solving the problem of inconvenience in authority configuration in the prior art. The following is set forth in connection with specific embodiments.
Example 1
The following are some technical terms to be explained:
instructions for: instructions (Directives) are special features with v-prefixes. It is the responsibility of the instruction to act on the HTML element responsively to the associated effects of the expression as its value changes.
HTML elements: HTML uses "tags" (also known as tags) to denote text, pictures, and other content for display in a Web browser. HTML tags contain special "elements" such as<head>,<title>,<body>,<header >,<footer>,<article>,<section>,<p>,<div>,<span>,<img>,<aside>,<audio>,<canvas >,<datalist>,<details>,<embed>,<nav>,<output>,<progress>,<video>And the like.
Vuex: vuex is a state management schema developed specifically for vue.
Routing: routing (Router) is a program or module that finds a web address based on which to handle this web address.
Bit operation: all the numbers in the program are stored in a binary mode in a computer memory; bit operations are directed to operate on binary bits of integers in memory.
Based on the problems in the background art, the invention performs visual permission configuration based on the front-end framework of Vue, so that the permission definition of technical personnel is simple, the permission assignment of non-technical personnel is simpler, and the following improvements are mainly performed.
As shown in fig. 1, the present embodiment provides a method for controlling rights visualization configuration in an information system, where the method includes the following steps:
s102: configuring an authority control and an authority configuration identification control in an information system;
specifically, an RBAC-based access authority basic model is established in an information system, and an authority control is configured in a corresponding database table and comprises at least one of a routing menu, an operation button, a page element and a data field; and further configuring an authority configuration identification control, wherein the authority configuration identification control is displayed at a corresponding position of the authority control in the software interface, and the corresponding position can be at the upper left corner, the upper right corner, the lower left corner and the lower right corner of the authority control, which is not limited herein. And an opening authority configuration control for controlling the hiding or displaying of the authority configuration identification control is arranged at the other position of the software interface.
Wherein, the route menu authority in the information system determines that a certain user can not enter the page represented by the route;
the operation level authority refers to that when a user is endowed with a certain operation authority, corresponding operation buttons are displayed for the user, such as 'adding', 'editing', 'deleting' and 'inquiring';
the page element permission represents the permission of displaying a certain HTML element or a certain section of HTML page. For example, a username query condition (a div element on a page);
the authority of the data field indicates the authority to display the entity field, such as "name list data field" and "account status list data field", etc.
It should be noted that, the developer may also customize, manually add or modify the rights of the routing menu, the operation buttons, the page elements, and the data fields according to the actual needs.
Furthermore, corresponding unique route names are provided through different routes, and then a unique key identifier is given to corresponding different authority controls under the routes, so that each page is guaranteed to have a unique authority key, the authority required to be controlled under each page is guaranteed, such as at least one of a route menu, an operation button, a page element and a data field, the authority controls are uniquely identified through ID attributes in html or self-defining, and the traditional authority control is distinguished by taking url resources as unique identifiers; therefore, the authority control is further improved in implementation mode. The authority data are stored in the system configuration to the server side, and the user can simultaneously control the authority of the page access and the corresponding authority control through the system when logging in.
Those skilled in the art will appreciate that interaction with server-side data is necessary in this embodiment. And tools of the programming language are replaceable, such as routing, instructions and Vuex are replaceable, and the same function can be realized by replacing different tools.
S104: constructing a mapping relation between a user and a role;
specifically, as shown in fig. 2, first, user information is obtained, user group information is constructed according to the user information, and a one-to-many relationship is established for a user and a user group; and constructing the mapping relation between the user group information and the roles, and establishing a one-to-many relation between the user group and the roles.
It should be noted that, for steps S102 and S104, a base model based on RBAC access is established, that is, a user group, a role, and a permission base model are newly created, that is, a user is associated with a permission through a role, so as to obtain a usage permission of some functions. The authority is given to the role instead of the user, but one user can have a plurality of roles, one user belongs to a plurality of user groups, one user group can have a plurality of roles, and the user has a plurality of roles per se and the user group has the function authority contained in a plurality of roles (a union of a plurality of roles). In short, a user has several roles, each of which has several functional rights. The user is the final operator, the final user of the authority, and the control authority is actually the authority of the control user, but not the authority of the role or the user group; user groups are relatively vertical. For example, the user group of the purchasing part is actually composed of business persons (defined as users) of the purchasing part, and has a clear relationship between upper and lower levels; the purchasing department can only check the document belonging to the purchasing department, the selling department can only check the document belonging to the selling department, and the document has strong department property or group property, but the purchasing department staff members belong to the same department but do not necessarily have the same authority, for example, the authority of a manager and the general staff members is definitely different; the user group has a vertical property, namely from top to bottom, and the range of the roles does not have the dense vertical relation, but has a more obvious horizontal and cross property; say, a role is now defined in the system: the manager comprises managers of all departments, not only a purchasing department manager or a sales department manager, but also obviously has the authority of the managers of all the departments at the same time, namely if all the managers are only in the 'manager' role, the purchasing department manager not only has the operation authority of the purchasing department manager, at the same time, the authority of other department managers is given, and the authority of each department manager is consistent, but this tends to cause congestion or confusion in the rights, when the first object just mentioned, namely, the user is assigned with the field, and under the condition that several department managers belong to the role of manager, the authority of the department managers is different, each department manager (i.e., user) can be authorized individually, and you can also confirm the final authority of the user according to the association or exclusion relationship between the user group and the role of the user.
S106: responding to the operation of configuring an identification control for the authority, configuring the authority to the role in a visual mode, and synchronously forming an authority data table corresponding to each user;
as shown in fig. 3, specifically, when the authority is assigned, a user (generally, a super administrator of the system) having an authority to open the visual editing logs in to enter the system, and by clicking a "open authority configuration" control button, after an editing mode is opened, all roles, authority bases and related data are read from a background, and the user enters a front-end page, and displays all "authority configuration identifier" control buttons, so that the user can check whether all roles have the authority of menus, buttons, page elements and data fields on the page in a list, and can perform operations of assigning authorities to the menus, buttons, page elements, data fields and roles on the current page. When the mouse moves to the authority identification button, the control button of the 'authority configuration identification' becomes a semitransparent mask layer, and the mask covers the area controlled by the current authority identification button. Clicking an authority configuration identification control button, responding to the operation of the identification button, and popping up a dialog box main body and a sub-control of a dialog box; the dialog box sub-control correspondingly displays different role identifications, a user group with the authority is requested to the server side through the unique identifier corresponding to the authority control, the roles needing to be configured with the authority are selected, the authority data table corresponding to each user in the server side is synchronously modified after the authority data table is stored and edited, and visual configuration of the authority of the user is completed.
It should be noted that, in the prior art, the routing menu and the HTML element are provided with a fixed user group, and the authority for controlling the HTML element is achieved by dynamically configuring the user group to which the user belongs. The scheme cannot meet the dynamic configuration of the user group and the permission at the same time, and is not flexible enough to meet the permission control of a small system only because the source code needs to be modified to realize the configuration when the user group needs to be added. The embodiment is based on visual authority configuration, so that the authority management authorization of the system has higher flexibility and convenience. The more accurate authority configuration can be used for displaying different menus, operation buttons and page elements for different personnel, the authority of the data field is configured, all or selected partial fields of the same data can be displayed according to different personnel, and the authority control is more refined.
It should be further noted that, after a user having an administrator role or an operation and maintenance personnel role logs in the system, the user enters a user management page, and the administrator role and the operation and maintenance personnel role are automatically given with the authority of "data field of account status list", so that the account usage status data can be viewed on the data list. After a user without the authority logs in the system, the user enters a user management page, and the page data cannot display the list of data of the account state. By the arrangement, an administrator can know the use states of all user accounts more clearly, and permission is given more conveniently.
S108: and receiving login information of a current user, entering a front-end page, loading the permission information configured in the permission data table corresponding to the current user, and rendering the front-end page.
Specifically, when a common user logs in, the authority table owned by the user group to which the user belongs and all the authority tables of the system are issued, and when the user jumps over a page, whether the user is allowed to enter the corresponding page is controlled by comparing the authority owned by the user, when the user does not have the authority to enter the page, a routing menu entering the page cannot be displayed, and the user cannot access the page by manually inputting a corresponding routing address in an address bar of a browser.
When entering the page, the front-end system judges whether the corresponding route can be entered or not according to various authority information of the user, and whether corresponding controls such as a route menu, an operation button, a page element, a data field and the like are displayed or not; furthermore, before rendering a front-end page, the server preprocesses the query request of the data field sql according to the permission data table corresponding to the current user and returns the permission data field corresponding to the user, instead of displaying and hiding the page and html elements by comparing the permissions owned by the user in the prior art, the data security is better ensured.
Example 2
The difference from the embodiment 1 is that: what is needed isThe representation method of the authority adopts a binary value for storage. Further defining identification and word description of N kinds of authorities in a data dictionary, sequencing the N kinds of authorities, wherein the attribute value of the ith authority is 2i(ii) a Assigning a value to the authority attribute value of the corresponding role according to the checked authority, and converting the authority attribute value into a binary expression; if the value of the ith bit in the expression is 1, the role is indicated to have the ith bit authority.
Specifically, for example, N permissions need to be configured, identifiers and descriptions of the N permissions are defined in a data dictionary, the N permissions are sorted, and each permission is represented by a binary, for example, values of first to nth permissions owned by a certain role can be represented as: 20+21+22...2nThe corresponding binary representation is 111.. 1111 (n bits in total), and if there is no nth authority, the role has the first to nth-1 authorities as follows: 20+21+22...2n-1The method for inquiring whether the user has the nth authority can use the authority value owned by the user and the value (2) of the nth authorityn) Performing a bit and operation (&) If return 1 indicates that there is such a right, otherwise it indicates that there is no such right.
For the newly added user right, the corresponding 2 is usednThe value of (b) is stored in a database of permissions. For example, in an existing system where the administrator role (admin) has been granted all (n-1) permissions, the value of which can be identified as Padmin=20+21+22...2n-1,PadminThe authority condition owned by the administrator role (admin) is shown, and the newly added Nth authority value is shown as Vn=2nThe identification and the word description of the Nth authority are defined in the data dictionary, and the authority value of the role is stored in the role table. Then adding an nth privilege to the administrator role (admin) role with a value of:
Padmin=Padmin+Vn;
the delete administrator role (admin) role nth permission can be expressed in value as:
Padmin=Padmin-Vn;
inquiring whether the administrator role (admin) role contains the new nth authority formula expression can be expressed as follows:
Padmin&Vn
if returning to 1, it represents that the administrator role (admin) has authorization of the Nth authority; otherwise, there is no authority.
Will PadminThe value of (b) is converted into a binary expression: 1111.. 111111, counting from the lower bit to the upper bit, if the value of the nth bit is 1, it indicates that the administrator role (admin) has the authorization of the nth authority, and if the value of the nth bit is not N or the value of the nth bit is 0, it indicates that the administrator role (admin) does not have the authorization of the nth authority. The authority storage mode has high bit operation efficiency, has obvious advantages in the efficiency of adding, deleting and inquiring authorities, and greatly improves the performance if applied to a large-scale application system.
Example 3
As shown in fig. 3 to 5, on the basis of embodiment 1, this embodiment further provides a method for displaying an authority configuration interface, where the method includes:
s202: receiving current user login information;
specifically, the user refers to a user having a right assignment right, and is generally a super administrator of the system.
S204: displaying a permission control in a first area 1000 of a software interface;
as shown in fig. 5, after a hypervisor of the system logs in, all permission controls are displayed in a first area 1000 of a software interface, where the permission controls include a third control and a fourth control;
further, the first area 1000 of the software interface includes a third area and a fourth area, and a third control is displayed 3000 in the third area; the third control element comprises a routing menu, such as 'system management', 'user management' and 'user group management', etc.;
responding to an operation instruction of any one of the third controls; specifically, the super administrator clicks the third control through a mouse, and then displays the fourth control in the fourth sub-area 4000 of the software interface. The fourth control comprises an operation button, a page element and a data field, wherein the operation button can be an additional function, a deletion function, an editing function, an inquiry function and the like;
the page elements may be "user name query conditions", "account status query conditions", "login account query conditions", "gender query conditions", "mobile phone number query conditions", and the like.
The data field may be a "name list data field", an "account status list data field", a "login account list data field", a "gender list data field", a "mobile phone number list data field", and the like.
S206: configuring the permission control to the role in a visual mode, wherein the visual mode comprises the following steps:
(1) displaying a first control at a position corresponding to the authority control of the software interface;
specifically, as shown in fig. 3, the step of displaying the first control includes: and displaying a second control in a second area 2000 of the software interface, and displaying or hiding the first control at a position corresponding to the authority control of the software interface in response to the operation of the second control. The first control can be represented as a "rectangular button" and can be filled with a color, such as red, blue, green, or the like, which is conspicuous according to needs. The second control can be configured as "open permission configuration", and the first control is displayed or hidden at a position corresponding to the permission control of the software interface by clicking the second control with a mouse, and it should be understood by those skilled in the art that the corresponding position can be at the upper left corner, the upper right corner, the lower left corner and the lower right corner of the permission control, which is not limited herein; it should also be understood that the configuration, shape or color of the first control and the second control can be changed according to actual needs, but is not intended to limit the scope of the present invention.
When an administrator clicks an 'open permission configuration' button, namely a second control, and opens an editing mode, all roles, permission bases and related data are read from a background, all 'permission configuration identification' control buttons are displayed on a first interface 1000, the conditions of whether all roles have permissions of menus, buttons, page elements and data fields on the page can be checked in a list, and further, the operations of giving the roles permissions to permission controls such as the menus, the buttons, the page elements and the data fields on the current page are performed.
(2) Responding to the operation of the first control, and popping up a dialog box main body and a dialog box sub-control;
when responding to the operation of the first control, the first control can be changed into a semi-transparent mask layer, and the mask covers the display area controlled by the first control currently. Specifically, as shown in fig. 3, when configuring the "user management" authority in the routing menu, the administrator clicks the first control through a mouse to operate the first control, and the first control becomes a semitransparent mask layer to mask the display area controlled by the current authority control, so that the authority configuration personnel can know clearly, and the display range and the display data controlled by the authority control at this point make the configuration more clear and intuitive; and popping up a dialog box main body and a dialog box sub-control, wherein the dialog box sub-control correspondingly displays different role identifiers, and the role identifiers can be business personnel roles, operation and maintenance personnel roles, common user personnel roles, administrator roles and the like.
(3) Configuring the authority by checking different role identifiers;
specifically, the administrator checks the sub-controls corresponding to different role identifiers through a mouse, clicks a confirmation button of the dialog box main body, stores and edits the confirmation button, and synchronously modifies the permission data table corresponding to each role in the server side, so that the visual configuration of the permission of the role is completed.
Example 4
The embodiment provides a terminal, which includes a processor, an input device, an output device, and a memory, where the processor, the input device, the output device, and the memory are sequentially connected, the memory is used to store a computer program, the computer program includes program instructions, and the processor is configured to call the program instructions and execute the method described in embodiment 3.
Example 5
The present embodiment provides a computer-readable storage medium storing a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method of embodiment 3.
Specifically, the computer-readable storage medium may be an internal storage unit of the terminal according to the foregoing embodiment, for example, a hard disk or a memory of the terminal. The computer readable storage medium may also be an external storage device of the terminal, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the terminal. Further, the computer-readable storage medium may also include both an internal storage unit and an external storage device of the terminal. The computer-readable storage medium is used for storing the computer program and other programs and data required by the terminal. The computer readable storage medium may also be used to temporarily store data that has been output or is to be output.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the terminal and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed terminal and method can be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Example 6
As shown in fig. 6, the present embodiment provides a permission configuration interface display device, including:
a first receiving unit 50 for receiving data corresponding to personal information on a server to which a current user logs in;
the first display unit 60 is configured to display the permission control in the first area of the software interface according to the data;
and a permission visualization configuration module 70, configured to configure the permission control in a visualized manner to the role.
Specifically, the permission configuration unit 70 includes a second display unit 710, configured to display a first control at a position corresponding to a permission control of the software interface;
a second receiving unit 720, configured to receive an operation on the first control, and pop up a dialog body and a sub-control of the dialog;
and the dialog box unit 730 is configured to display different role identifiers corresponding to the dialog box sub-controls, and configure the permission by checking different role identifiers.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.

Claims (6)

1. A permission configuration interface display method is characterized by comprising the following steps:
receiving current user login information;
displaying an authority control in a first area of a software interface;
visually configuring the authority to the role;
wherein the visually configuring the rights to the roles comprises:
the construction of the mapping relationship between the user information and the roles comprises the following steps: constructing user group information according to the user information; constructing the mapping relation between the user group information and the role;
displaying a second control in a second area of the software interface; displaying all first controls on a first interface; responding to the operation of the second control, and displaying or hiding the first control at a position corresponding to the authority control of the software interface; displaying a first control at a position corresponding to the authority control of the software interface; responding to the operation of the first control, popping up a dialog box main body and a dialog box sub-control, wherein the dialog box sub-control correspondingly displays different role identifications;
when responding to the operation of the first control, the first control generates a mask layer which covers the display area controlled by the current first control;
the representing method of the authority adopts a binary value for storage; defining identification and word description of N kinds of authorities in a data dictionary, sequencing the N kinds of authorities, wherein the attribute value of the ith authority is 2i(ii) a Assigning a value to the authority attribute value of the corresponding role according to the checked authority, and converting the authority attribute value into a binary expression; if the value of the ith bit in the expression is 1, the role is indicated to have the ith bit authority.
2. The permission configuration interface display method according to claim 1, wherein the permission controls include a third control and a fourth control, and the first area includes a third area and a fourth area;
displaying a third control in a third area;
responding to an operation instruction of any one of the third controls;
and displaying a fourth control in a fourth sub-area of the software interface.
3. The privilege configuration interface display method of claim 2, wherein the third control comprises a routing menu; the fourth control includes one or more of an action button, a page element, and a data field.
4. An authority configuration interface display device, comprising:
the first receiving unit is used for receiving the current user login information;
the first display unit is used for displaying the permission control in a first area of the software interface;
the permission configuration unit is used for configuring the permission to the role in a visual mode;
wherein the visually configuring the rights to the roles comprises:
the construction of the mapping relationship between the user information and the roles comprises the following steps: constructing user group information according to the user information; constructing the mapping relation between the user group information and the role;
displaying a second control in a second area of the software interface; displaying all first controls on a first interface; responding to the operation of the second control, and displaying or hiding the first control at a position corresponding to the authority control of the software interface; displaying a first control at a position corresponding to the authority control of the software interface; responding to the operation of the first control, popping up a dialog box main body and a dialog box sub-control, wherein the dialog box sub-control correspondingly displays different role identifications;
when responding to the operation of the first control, the first control generates a mask layer which covers the display area controlled by the current first control;
the representing method of the authority adopts a binary value for storage; defining identification and word description of N kinds of authorities in a data dictionary, sequencing the N kinds of authorities, wherein the attribute value of the ith authority is 2i(ii) a Assigning a value to the authority attribute value of the corresponding role according to the checked authority, and converting the authority attribute value into a binary expression; if the value of the ith bit in the expression is 1, the role is indicated to have the ith bit authority.
5. A terminal comprising a processor, an input device, an output device and a memory, the processor, the input device, the output device and the memory being connected in series, the memory being for storing a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any of claims 1 to 3.
6. A storage medium, characterized in that the storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-3.
CN201910660702.5A 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium Active CN110457891B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910660702.5A CN110457891B (en) 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910660702.5A CN110457891B (en) 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium

Publications (2)

Publication Number Publication Date
CN110457891A CN110457891A (en) 2019-11-15
CN110457891B true CN110457891B (en) 2022-02-18

Family

ID=68481617

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910660702.5A Active CN110457891B (en) 2019-07-22 2019-07-22 Permission configuration interface display method, device, terminal and storage medium

Country Status (1)

Country Link
CN (1) CN110457891B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110941839B (en) * 2019-11-18 2022-10-14 中国经济信息社有限公司 User authority management method and system, equipment and storage medium
CN110955872A (en) * 2019-12-12 2020-04-03 北京金山云科技有限公司 Authority control method, device, terminal and medium
CN113312121B (en) * 2020-02-26 2024-08-16 京东科技控股股份有限公司 Interface matching method, device and system, storage medium and electronic device
CN113360813B (en) * 2020-03-02 2024-05-31 深圳中广核工程设计有限公司 Data interaction method, device and equipment of nuclear power design production management platform and storage medium
CN111679870A (en) * 2020-06-12 2020-09-18 中国银行股份有限公司 Menu generation method and device, electronic equipment and computer storage medium
CN111782261B (en) * 2020-06-29 2024-05-28 百度在线网络技术(北京)有限公司 Software configuration method, device, electronic equipment and storage medium
CN111783050A (en) * 2020-07-02 2020-10-16 浪潮云信息技术股份公司 Role and authority control system of website user
CN113114693B (en) * 2021-04-16 2023-06-16 北京天空卫士网络安全技术有限公司 Account state display method and device
CN115248933B (en) * 2021-04-26 2024-06-11 北京字跳网络技术有限公司 Authority setting method, device, equipment and medium
CN113806779A (en) * 2021-09-23 2021-12-17 深圳市商汤科技有限公司 System authority management method and device, electronic equipment and storage medium
CN114172727B (en) * 2021-12-07 2024-04-26 中国建设银行股份有限公司 Information processing method, information processing apparatus, electronic device, and storage medium
CN114240390A (en) * 2021-12-22 2022-03-25 中国建设银行股份有限公司大连市分行 Intelligent approval system based on user identity
CN114928537B (en) * 2022-05-17 2023-06-13 中国联合网络通信集团有限公司 Network equipment configuration method, device and storage medium
CN115167728A (en) * 2022-07-28 2022-10-11 深圳奇迹智慧网络有限公司 Menu bar merging and displaying method, device and computer readable storage medium
CN118468324B (en) * 2024-07-12 2024-09-27 宁波安得智联科技有限公司 Interface authority configuration method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930226A (en) * 2012-10-25 2013-02-13 无锡中科泛在信息技术研发中心有限公司 Method for controlling use permission of fine-grained client
CN103971036A (en) * 2013-01-28 2014-08-06 鸿富锦精密工业(深圳)有限公司 Page field access control system and method
CN105825146A (en) * 2016-03-18 2016-08-03 浪潮通用软件有限公司 Design and implementation of rapid data authority distribution under RBAC model
CN106471517A (en) * 2014-06-20 2017-03-01 微软技术许可有限责任公司 The visualization different because of user to display elements

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930226A (en) * 2012-10-25 2013-02-13 无锡中科泛在信息技术研发中心有限公司 Method for controlling use permission of fine-grained client
CN103971036A (en) * 2013-01-28 2014-08-06 鸿富锦精密工业(深圳)有限公司 Page field access control system and method
CN106471517A (en) * 2014-06-20 2017-03-01 微软技术许可有限责任公司 The visualization different because of user to display elements
CN105825146A (en) * 2016-03-18 2016-08-03 浪潮通用软件有限公司 Design and implementation of rapid data authority distribution under RBAC model

Also Published As

Publication number Publication date
CN110457891A (en) 2019-11-15

Similar Documents

Publication Publication Date Title
CN110457891B (en) Permission configuration interface display method, device, terminal and storage medium
CN110443010B (en) Authority visual configuration control method, device, terminal and storage medium in information system
US20170235467A1 (en) Data object extensibility
US7620647B2 (en) Hierarchy global management system and user interface
US9785903B2 (en) Metadata-configurable systems and methods for network services
EP3532923B1 (en) Rendering user-interface elements based on variation metamodels
US7730182B2 (en) System and method for integrating management of components of a resource
US20020083059A1 (en) Workflow access control
US12026275B2 (en) Systems and methods for semantic context enrichment and data masking
CN116974551A (en) Application construction method and device, electronic equipment and storage medium
US12034729B2 (en) System and method for computer system security authorization interfaces
CN116383804A (en) Authority management method, device, equipment, medium and program product
CN115964102A (en) Low code configuration platform based on archive service
US11880805B2 (en) Information processing device and non-transitory computer readable medium
JP2003030029A (en) Data managing device
CN111523909B (en) Hotel information display and management method and device, electronic equipment and storage medium
JP2009110241A (en) Electronic file management device
US8073716B2 (en) Methods for digital management of underwriting insurance contracts
JP2005285008A (en) Data security management system, program, and data security management method
JP6932819B2 (en) Information processing equipment and information processing programs
JP5499388B2 (en) Compiler for document, validation check and development document creation and deliberation system using it
US20240281506A1 (en) Customized controls for secure web session
JP2007257352A (en) Access control device, access control simulation method, and access control simulation program
KR100673615B1 (en) Apparatus and method for generating user defined item into content, and computer readable medium thereof
CN113282943A (en) Transcoding system and web front-end authority management method in transcoding system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant