Disclosure of Invention
The invention mainly aims to provide a method and a system for managing data permission, and aims to solve the technical problems in the prior art.
In order to achieve the above object, an embodiment of the present invention provides a method for managing data permissions, where the method for managing data permissions includes:
updating the ID and first configuration information of the SQL statement to a Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information;
updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQL statement and the role ID, and the value is the second configuration information;
updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
when an execution command is received, intercepting an SQL statement to be executed corresponding to the execution command;
acquiring corresponding target first configuration information from the Redis cache by taking the ID of the SQL statement to be executed as a key value;
taking the ID of the currently logged-in user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
adding the target first configuration information and the target second configuration information to the SQL sentence to be executed to obtain a new SQL sentence;
and executing the new SQL statement.
Optionally, after the updating the ID of the SQL statement and the first configuration information to the Redis cache in the form of key-value or the updating the ID of the SQL statement, the role ID and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information;
and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In addition, to achieve the above object, an embodiment of the present invention further provides a system for managing data permissions, where the system for managing data permissions includes:
the system comprises a setting module, a display module and a display module, wherein the setting module is used for updating an ID and first configuration information of an SQL statement to a Redis cache in a key-value mode based on first operation on a visual operation interface, the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information; updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, a key value is the ID and the role ID of the SQL statement, and a value is the second configuration information; updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
the interception module is used for intercepting the SQL sentence to be executed corresponding to the execution command when the execution command is received;
the acquisition module is used for acquiring corresponding target first configuration information from the Redis cache by taking the ID of the SQL statement to be executed as a key value; taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache; acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
the generating module is used for adding the target first configuration information and the target second configuration information to the SQL statement to be executed to obtain a new SQL statement;
and the execution module is used for executing the new SQL statement.
Optionally, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
According to the method and the device, when the data viewing authority is set for the user account, the corresponding SQL script is not required to be written, the user only needs to operate on a visual operation interface, the association relation between the ID of the SQL statement and the first configuration information is set, the association relation between the ID of the SQL statement and the association relation between the role ID and the second configuration information is set, the association relation between the ID of the user account and the role ID is set, all the association relations are updated to Redis cache, when the SQL statement to be executed is intercepted, the corresponding target first configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed, the corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, then the corresponding target second configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed and the target role ID, finally the target first configuration information and the target second configuration information are added to the SQL statement to be executed, the corresponding alias data in a user account list can be simply managed, and the corresponding alias data in the SQL statement can be simply viewed, and the management of the data can be realized before the professional data is managed.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for managing data permissions according to an embodiment of the present invention. In one embodiment, as shown in fig. 1, a method for managing data rights includes:
step S10, updating the ID and first configuration information of the SQL statement to Redis cache in a key-value mode based on a first operation on a visual operation interface, wherein the first configuration information comprises a first filtering field and a first filtering condition, the key value is the ID of the SQL statement, and the value is the first configuration information;
in this embodiment, a visual operation interface is provided, and a user sets an ID of an SQL statement and a table alias corresponding to the ID by clicking, inputting, and the like. Wherein, the ID is the abbreviation of the corresponding SQL statement, and the table alias is the abbreviation of the corresponding data table. One or more IDs may be set, with a table alias for each ID.
For example, ID1, ID2, and ID3 are set, where ID1 corresponds to SQL statement 1, ID2 corresponds to SQL statement 2, and ID3 corresponds to SQL statement 3.
Referring to fig. 2, fig. 2 is a schematic view of a scenario in an embodiment of setting an ID of an SQL statement and a table alias corresponding to the ID. A user clicks the [ new ] button on the service object management menu interface (visual operation interface 1) to pop up a service object editing window (visual operation interface 2) shown in fig. 2, and the user operates on the service object editing window, fills in information and stores the information, thereby defining a service object. And then clicking (adding) or (batch adding) buttons in the service object editing window to open a declaration SQL editing window (a visual operation interface 3) and edit the declaration SQL. Wherein the corresponding input box [ ID ] is the ID of the SQL sentence input by the user, and the corresponding input box [ default filter body ] is the table alias input by the user. Therefore, based on the operation of the user on the visual operation interface, the ID of the SQL statement and the table alias corresponding to the ID can be set.
And then, the user continues to operate on the visual operation interface, and first configuration information is set, wherein the first configuration information comprises the first filtering field and the second filtering condition. For example, the first configuration information is set as age < 20, where "age" is the first filtering field and "< 20" is the first filtering condition. The user can set the first configuration information required by the user according to actual needs, and the specific content of the first configuration information is not limited herein.
Referring to fig. 3, fig. 3 is a schematic view of a scenario of setting the first configuration information in an embodiment. As shown in fig. 3, a user configures a filter rule in a rule editing window (visual operation interface 4), where configuring the filter rule is to configure a first filter field and a first filter condition, where [ ORG _ CODE ] shown in fig. 3 is the first filter field, a filter symbol is [ ]), a filter range [ 1122 ] is a specific condition value, and the filter symbol and the filter range constitute a first filter condition, "> 1122". After the information is edited, the first filtering field and the first filtering condition are set by clicking and storing, and the first configuration information is set.
After the ID and the first configuration information of the SQL statement are set, the ID and the first configuration information of the SQL statement are updated to a Redis cache in a key-value mode, wherein the key value is the ID of the SQL statement, and the value is the first configuration information. As shown in table 1, table 1 is an exemplary table in which the key value is the ID of the SQL statement, and the value is the first configuration information.
key
|
value
|
ID1 of SQL statement
|
First configuration information 1
|
ID2 of SQL statement
|
First configuration information 2
|
SQL languageSentence ID3
|
First configuration information 3 |
TABLE 1
Step S20, updating the ID, the role ID and second configuration information of the SQL statement to Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID and the role ID of the SQL statement, and the value is the second configuration information;
in this embodiment, similar to the embodiment of step S10, the user performs an operation on the visual operation interface, and sets the ID, the role ID, and the second configuration information of the SQL statement, where the second configuration information includes a second filtering field and a second filtering condition, and the second filtering field and the second filtering condition are set according to actual needs, which is not limited here.
After the ID, the role ID and the second configuration information of the SQL statement are set, the ID, the role ID and the second configuration information of the SQL statement are updated to a Redis cache in a key-value mode, wherein the key value is the ID and the role ID of the SQL statement, and the value is the second configuration information. As shown in table 2, table 2 is an indication table in which the key value is the ID of the SQL statement plus the role ID, and the value is the second configuration information.
key
|
value
|
ID1+ role ID1 of SQL statement
|
Second configuration information 1
|
ID1+ role ID2 of SQL statement
|
Second configuration information 2
|
ID2+ role ID1 of SQL statement
|
Second configuration information 3
|
ID2+ role ID2 of SQL statement
|
Second configuration information 4
|
ID3+ role ID1 of SQL statement
|
Second configuration information 5
|
ID3+ role ID2 of SQL statement
|
Second configuration information 6 |
TABLE 2
Step S30, updating the user account ID and the role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein the key value is the user account ID, and the value is the role ID;
in this embodiment, a user continues to operate on a visual operation interface, a user account ID determined by a mouse click operation or a keyboard input mode based on the user and a role ID corresponding to the user account ID are acquired, and then the user account ID and the role ID are updated to a Redis cache in a key-value form, where the key value is the user account ID and the value is the role ID. As shown in table 3, table 3 is an indication table in which the key value is the user account ID and the value is the role ID.
key
|
value
|
User account ID1
|
Role ID1
|
User account ID2
|
Role ID2
|
User account ID3
|
Role ID3 |
TABLE 3
Step S40, intercepting the SQL sentence to be executed corresponding to the execution command when the execution command is received;
in this embodiment, when the execution command is received, the interceptor intercepts the to-be-executed SQL statement corresponding to the execution command.
Step S50, taking the ID of the SQL statement to be executed as a key value, and acquiring corresponding target first configuration information from the Redis cache;
in this embodiment, as shown in table 1, when the ID of the SQL statement to be executed is ID1 of the SQL statement, the corresponding target first configuration information obtained from the Redis cache is first configuration information 1; when the ID of the SQL statement to be executed is ID2 of the SQL statement, acquiring corresponding target first configuration information from the Redis cache, wherein the target first configuration information is the first configuration information 2; when the ID of the SQL statement to be executed is ID3 of the SQL statement, the corresponding target first configuration information obtained from the Redis cache is the first configuration information 3.
Step S60, taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache;
in this embodiment, as shown in table 3, when the user account ID is the user account ID1, obtaining a corresponding target role ID from the Redis cache is the role ID1; when the user account ID is the user account ID2, acquiring a corresponding target role ID from the Redis cache as the role ID2; and when the user account ID is the user account ID3, acquiring the corresponding target role ID from the Redis cache, namely the role ID3.
Step S70, taking the ID of the SQL statement to be executed and the target role ID as key values, and acquiring corresponding target second configuration information from the Redis cache;
in an embodiment, as shown in table 2, if the ID of the to-be-executed SQL statement is ID3 of the SQL statement and the target role ID is role ID2, the corresponding target second configuration information is obtained from the Redis cache and is second configuration information 6; if the ID of the SQL statement to be executed is ID2 of the SQL statement and the target role ID is role ID2, then the corresponding target second configuration information obtained from the Redis cache is second configuration information 4.
Step S80, adding the target first configuration information and the target second configuration information to the SQL sentence to be executed to obtain a new SQL sentence;
and step S90, executing the new SQL statement.
In an embodiment, if the target first configuration information is the first configuration information 3 and the target second configuration information is the second configuration information 6, the first configuration information 3 and the second configuration information 6 are added to the executed SQL statement to obtain a new SQL statement, and then the new SQL statement is executed.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating information that can be queried by an SQL statement without additional configuration information in an embodiment. As shown in fig. 4, the SQL statement queries users in all organizations, the department to which the currently registered user account belongs is the personnel department (code 1122), and the user to which the currently registered user account belongs can query users in all departments by directly executing the SQL statement without adding configuration information.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating information that can be queried by an SQL statement with configuration information added in an embodiment. The SQL statement is used for querying users under all organizations, and the configuration information includes target first configuration information and target second configuration information, where a first filter field of the target first configuration information is department, a first filter condition is none, a second filter field of the target second configuration information is department, and a second filter condition is greater than 1122 (personnel department), and then the SQL statement to which the configuration information is added is a user who queries the personnel department and its subordinate departments, and as shown in fig. 5, the SQL statement to which the configuration information is added is executed, and then the user to which the currently logged-in user account belongs can only query users in the personnel department and its subordinate departments.
According to the embodiment, when the data viewing authority is set for the user account, a corresponding SQL script is not required to be written, the user only needs to operate on a visual operation interface, the association relationship between the ID of the SQL statement and the first configuration information is set, the association relationship between the ID of the SQL statement and the association relationship between the role ID and the second configuration information are set, the association relationship between the ID of the user account and the role ID is set, all the association relationships are updated to the Redis cache, when the SQL statement to be executed is intercepted, the corresponding target first configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed, the corresponding target role ID is obtained from the Redis cache according to the currently logged user account ID, then the corresponding target second configuration information is obtained from the Redis cache according to the ID of the SQL statement to be executed and the target role ID, finally the target first configuration information and the target second configuration information are added to the SQL statement to be executed to obtain a new SQL statement, and the corresponding alias data management table of the corresponding data can be simply managed before the login of the user account data is viewed, and the professional data management can be realized.
Further, in an embodiment, after the updating the ID of the SQL statement and the first configuration information to the Redis cache in the form of key-value or the updating the ID of the SQL statement, the role ID and the second configuration information to the Redis cache in the form of key-value, the method further includes:
when a modification instruction is received, modifying the first or second configuration information to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
In this embodiment, the first configuration information or the second configuration information may be modified based on actual conditions to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information, thereby realizing the modification of the data viewing permission corresponding to the user ID.
The invention further provides a management system of data permissions, and referring to fig. 6, fig. 6 is a functional module schematic diagram of an embodiment of the management system of data permissions. In one embodiment, a system for managing data rights includes:
the setting module 10 is configured to update an ID of an SQL statement and first configuration information to a Redis cache in a key-value form based on a first operation on a visual operation interface, where the first configuration information includes a first filtering field and a first filtering condition, a key value is the ID of the SQL statement, and a value is the first configuration information; updating the ID, the role ID and second configuration information of the SQL statement to a Redis cache in a key-value mode based on a second operation on a visual operation interface, wherein the second configuration information comprises a second filtering field and a second filtering condition, the key value is the ID of the SQL statement and the role ID, and the value is the second configuration information; updating a user account ID and a role ID to a Redis cache in a key-value mode based on a third operation on a visual operation interface, wherein a key value is the user account ID, and a value is the role ID;
the interception module 20 is configured to intercept, when an execution command is received, an SQL statement to be executed corresponding to the execution command;
an obtaining module 30, configured to obtain, with the ID of the to-be-executed SQL statement as a key value, corresponding target first configuration information from the Redis cache; taking the ID of the currently logged user account as a key value, and acquiring a corresponding target role ID from the Redis cache; acquiring corresponding target second configuration information from the Redis cache by taking the ID of the SQL statement to be executed and the target role ID as key values;
a generating module 40, configured to add the target first configuration information and the target second configuration information to the to-be-executed SQL statement to obtain a new SQL statement;
and the execution module 50 is used for executing the new SQL statement.
Further, in an embodiment, the system for managing data rights further includes:
the modification module is used for modifying the first or second configuration information when a modification instruction is received to obtain new first or second configuration information; and replacing the first configuration information in the Redis cache with the new first configuration information, or replacing the second configuration information in the Redis cache with the new second configuration information.
The specific embodiment of the data right management system of the present invention is basically the same as the embodiments of the data right management method, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for causing a terminal device to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all equivalent structures or equivalent processes performed by the present invention or directly or indirectly applied to other related technical fields are also included in the scope of the present invention.