CN112507356B - Centralized front-end ACL (access control list) authority control method based on Angular - Google Patents
Centralized front-end ACL (access control list) authority control method based on Angular Download PDFInfo
- Publication number
- CN112507356B CN112507356B CN202011409116.2A CN202011409116A CN112507356B CN 112507356 B CN112507356 B CN 112507356B CN 202011409116 A CN202011409116 A CN 202011409116A CN 112507356 B CN112507356 B CN 112507356B
- Authority
- CN
- China
- Prior art keywords
- authority
- acl
- setting
- service class
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Abstract
The invention provides a centralized front-end ACL permission control method based on Angular, which comprises the following steps: establishing an ACL service class; obtaining all ACL authority list information; setting a permission level; setting a change event; judging a version limit function; and acquiring functions of all version information. The invention has the beneficial effects that: through unified service class processing, only the service class of centralized processing needs to be injected in different scenes, and the functions of different angulars such as Directive, routegards, httpInterceptor and the like are matched, so that the authority control under different scenes can be automatically distinguished, and the final result only needs a developer to maintain one service class. The method is simple and intelligent to operate, facilitates debugging and maintenance in the later stage of software development, is good in performance in the application scene of multi-version management, improves the development efficiency of developers, and effectively reduces code redundancy.
Description
Technical Field
The invention relates to the field of software development, in particular to a centralized front-end ACL authority control method based on Angular.
Background
Traditional role authority control is dispersed, different technologies are used for different scenes, specific authority judgment is conducted in a targeted mode, and the method can be roughly divided into the following four aspects:
1. interface authority: verification is generally carried out in a jwt form, and authority control is set through an interceptor related to an http request;
2. button authority: the permission list returned by the back end is used as data input, and the hiding/enabling/disabling state of a single button for a single user is determined by a command or a pre-written js operation permission hiding related dom element;
3. page authority: the authority list returned by the back end is used as data input, and an accessible page list is dynamically generated;
4. routing authority: before route skipping, judging whether the skipped route is in a permission list or not;
for the different scenes, the traditional permission control mode is dispersed to the specific scene. Therefore, in the development process, a developer is required to write logic judgment in the codes, so that redundant codes appear in different scenes, and the workload of the developer is increased.
Disclosure of Invention
In order to solve the technical problem, the invention discloses a centralized front-end ACL authority control method based on Angular, and the technical scheme of the invention is implemented as follows:
an Angular-based centralized front-end ACL permission control method comprises the following steps:
s1: establishing an ACL service class:
writing a service class for processing all authority logics in a centralized manner, and injecting the service class into different scenes by using a design mode depending on injection in software development so that the different scenes have the characteristic of controlling the authority;
s2: obtaining all ACL permission list information:
and setting a data source for acquiring ACL authority list information. After data are pulled from a data source, the data are transmitted into an ACL service class for processing; the data source can be a back-end server or a front-end local or any other platform;
s3: setting authority level: according to the authority level given by the function, reading from data returned by the data source, after judging through the function, calling a configuration method in the service class of the ACL, and storing the authority list information in a variable;
s4: setting a change event: using an observer mode in a design mode, and providing an observer object for a Directive class for subscription;
s5: function to determine version restrictions: it is checked whether the incoming rule is available under the current version limit. A function receives parameters, the parameters provide authority information needing to be checked in a specific scene, and the data structure of the parameters uses a standard data type constrained by TypeScript;
s6: function to get all version information: this function returns all version information variables stored in the service class to facilitate debugging and viewing the status of the entire ACL.
Preferably, the step S3 includes setting role information, setting level information, and setting platform information.
Preferably, the method further comprises a explicit/implicit scene permission control process, and the process comprises the following steps:
d1: setting ACL direct which is mainly responsible for authority control in the template display and hiding scene;
d2: and (3) introducing a display and hidden rule: defining a display and hiding rule according to requirements, and setting display and hiding requirements under different authorities;
d3: judging whether the version limit condition is met: checking whether the currently-transmitted explicit and implicit rules conform to the stored version information or not according to the function in the step S5, if so, carrying out S4.4, and if not, carrying out S4.5;
d4: a reservation module;
d5: and removing the module.
Preferably, the role information includes four dimensions of 'normal', 'administrator', 'creator' and 'data administrator'.
Preferably, the level information is divided into: four dimensions of 'free', 'air', 'pro' and 'alpha'.
Preferably, the platform information comprises two or more versions.
Preferably, the step S5 includes the following steps: performing logic judgment in the function, if the input parameter is empty, directly returning to the verification success, or else performing detailed authority verification; firstly, setting the roles, the account registration and the platform types as verification pass, then respectively checking corresponding authority variable values stored in the service classes, and if the authority value in a certain scene is found to be inconsistent with the currently stored authority value, setting the authority verification in the scene as non-pass.
Preferably, the application scenarios of the method comprise web page development, software development, web page maintenance, web page upgrade and software upgrade.
The technical scheme of the invention can solve the problems that the traditional role authority control is relatively dispersed in the software development process in the prior art, different technologies are used for different scenes, specific authority judgment is carried out in a targeted manner, and then the authority control mode is dispersed to the specific scene. Therefore, in the development process, a developer is required to write logic judgment in the codes, so that redundant codes appear in different scenes, and the technical problem of workload of the developer is improved; by implementing the technical scheme of the invention, a plurality of service classes are integrated into one service class, and a worker maintains one service class together, so that the technical effects of improving the working efficiency, reducing the maintenance cost, improving the expansibility and avoiding the occurrence of technical barriers can be realized.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
Examples
In a specific embodiment, the developer uses the techniques of this patent: developers write a service class which processes all authority logics in a centralized mode, and the service class is injected into different scenes by using a design mode depending on injection in software development, so that the different scenes have the characteristic of controlling the authority. The service class comprises a permission function for increasing, deleting, modifying and checking accounts, roles, working areas and the like of the client and a function for judging the apparent or hidden permission of the system function under the current permission. The application scenes comprise web page development, software development, web page maintenance, web page upgrading and software upgrading.
Obtaining all ACL permission list information: and setting a data source for acquiring ACL authority list information. After data are pulled from a data source, the data are transmitted into an ACL service class for processing; the data source can be a back-end server or a front-end local or any other platform; and transmitting the acquired information into an ACL service class, and calling an initialization authority function in the service class. And the initialization authority function processes the received data, and after the data are split, the functions of increasing the authority, such as roles, account levels, platform types and the like are respectively called. Different types of authorities have corresponding variables for storing initialized data, and the initialized data is used for subsequent judgment under different scenes.
Setting authority level: comprises setting role information: setting different role information to give account passwords to different developers; setting level (account level) information: setting different account grades according to different developer departments and responsible modules, wherein the information obtained by different account grades is different; setting platform information: ten versions of the platform are selected in the embodiment, and different departments and different developers are responsible for different versions (such as WeChat versions, qq versions, microblog versions and the like);
setting conditions of permission level change, defining explicit and implicit rules, setting requirements of display and hiding under different permissions, for example, permission change when upper permission authorization is obtained or upper and lower permissions are handed over, along with development progress change, under the condition that the permissions of different developers are not changed, obtained information changes and along with development progress change, new developers obtain permission or change transfer increase of the permissions occurs, and the like;
function for judging version restriction: firstly, setting the types of roles, accounts and platforms as pass verification, then respectively checking whether the account number logged in by a developer corresponds to the authority information applied by the developer, and if the authority value in a certain scene is not consistent with the currently stored authority value, setting the authority verification in the scene as fail verification. And judging whether the currently transmitted explicit and implicit rules conform to the stored version information, for example, handing over the authority to a subordinate authority by a superior authority, and under the condition that the current version meets the explicit and implicit rules, acquiring the authority of the superior authority by the subordinate authority, and storing and updating the updated authority acquisition information. When the webpage or software development is carried out, the input parameters are null, the verification is directly returned successfully, an ACL service class is newly established, and the explicit-implicit rule, the authority level information, the authority level change function and the like are defined from the beginning. When the webpage or the software is upgraded, whether the input parameters meet the rules or not is judged. If the verification is successful, and if the verification is not successful, the verification is set to fail.
Function to get all version information: and returning all version information variables stored in the service class after the development is completed or a set value is reached, so as to debug and check the state of the whole ACL conveniently.
For example, when a user develops a private cloud, the member architecture complexity of the client may be high, the requirement on the complexity of the authority system may be very high, and the corresponding development period and cost may also be very high. 1. Authority control for routing; 2. interface authority control for a backend request; in the two control modes, developers need to have knowledge in related fields in traditional development and then exchange after development is completed, a technical barrier may exist in the middle, development cost and period are directly increased, all developers only need to maintain one service class jointly, different authority control modes can be achieved through the use of a design mode depending on injection in different scenes, the delivery speed of a private cloud is effectively improved, and later maintenance cost is reduced.
By using the method in the embodiment, for developers, code information acquired and maintained by each department is different, data needing to be managed and maintained is less, the acquired information is more targeted, the efficiency is greatly improved for the developers, and in subsequent upgrading, especially in multi-version upgrading, for example, when upgrading from 1.0 version to 1.1 version and from 2.0 version to 3.0 version, developers in charge of each version are different, developers in upgrading are also different, so that the problem of low working efficiency caused by the fact that each developer needs to acquire all information in the traditional version upgrading is greatly solved. The method is simple in operation and intelligent, facilitates debugging and maintenance in the later stage of software development, is good in performance in the application scene of multi-version management, improves the development efficiency of developers, and effectively reduces code redundancy.
The existing service class is that the back end acquires data and then calls refreshing, when the whole website is restarted, all configuration needs to be initialized, the path for calling the method is only refreshing, the service class in the patent can acquire the authority list to automatically replace or add the authority without refreshing, refreshing is not needed, and the use experience of a user is improved.
And when the user logs in the system, the system automatically transmits the authority attributes with different dimensionalities in the information of the user and the working area to the back end.
Taking the authority level of the work area upgraded by the user as an example, the method comprises the following steps: and four levels of free ', ' air ', ' pro ', ' alpha ', the user upgrades the free version to the air version by paying, and the corresponding attribute of the working area is changed and recorded into the level variable.
After the user logs in, the server automatically will: 1. a workspace level; 2. a user role level; 3. a platform version; the three attributes and the mode parameters aiming at specific functions are transmitted to the back end, the process is real-time, so that the system state can be automatically updated after the version is directly upgraded without re-login or page refreshing under the traditional mode.
The service class automatically judges the visibility of all functions after the account is logged in according to the received data, if the visibility is reserved after function verification, if the visibility is not passed, the view is removed, and the function of synchronizing the access list corresponding to the account authority level in real time is realized.
It should be understood that the above-described embodiments are merely exemplary of the present invention, and are not intended to limit the present invention, and that any modification, equivalent replacement, or improvement made without departing from the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (7)
1. A centralized front-end ACL permission control method based on Angular is characterized in that: the method comprises the following steps: s1: establishing an ACL service class: writing a service class for processing all authority logics in a centralized way, and injecting the service class into different scenes by using a design mode depending on injection in software development so that the service class has the authority logics of the service class in different scenes; s2: obtain all ACL rights list information: setting a data source for acquiring ACL authority list information, and transmitting data pulled from the data source into an ACL service class for processing; s3: setting authority level: according to the authority level given by the function, reading from the data returned by the data source, after judging through the function, calling a configuration method in the service class of the ACL, and storing the authority list information in a variable; s4: setting a change event: using an observer mode in a design mode, providing an observer object for a Directive class to subscribe; s5: function to determine version restrictions: checking whether the incoming rule is available under the limitation of the current version, wherein the function receives parameters, the parameters provide authority information needing to be checked in a specific scene, and the data structure of the parameters uses a standard data type constrained by TypeScript; s6: function to get all version information: the function returns all version information variables stored in the service class so as to debug and check the state of the whole ACL conveniently; the method also comprises a visible and invisible scene authority control process, and the process comprises the following steps: d1: setting ACL direct, and taking charge of authority control under the template visible and hidden scene; d2: and (3) introducing a display and hidden rule: defining a display and hiding rule according to requirements, and setting display and hiding requirements under different authorities; d3: judging whether the version limit condition is met: checking whether the currently-transmitted explicit-implicit rule accords with the stored version information or not according to the function in the step S5, if so, carrying out S4, and if not, carrying out S5; d4: a reservation module; d5: the module is removed.
2. The centralized front-end ACL authorization control method based on Angular of claim 1, characterized in that: and the S3 step comprises setting roll information, setting level information and setting platform information.
3. The centralized front-end ACL authority control method based on Angular of claim 2, wherein: the role information includes four dimensions of 'normal', 'administrator', 'creator', and 'data administrator'.
4. The centralized front-end ACL permission control method based on Angular of claim 3, characterized in that: the level information is divided into: the four dimensions of 'free', 'air', 'pro', and 'alpha'.
5. The centralized front-end ACL permission control method based on Angular of claim 4, wherein: the platform information comprises two or more versions.
6. The centralized front-end ACL permission control method based on Angular of claim 5, wherein: the S5 comprises the following specific steps: if the incoming parameter is null, the function directly returns to the verification success, otherwise, the function carries out detailed authority verification; firstly, setting the roles, the account registration and the platform types as verification pass, then respectively checking corresponding authority variable values stored in the service classes, and if the authority value in a certain scene is found to be inconsistent with the currently stored authority value, setting the authority verification in the scene as non-pass.
7. The centralized front-end ACL authority control method based on Angular of claim 1, wherein: the method is applied in the scenes of webpage development, software development, webpage maintenance, webpage upgrading and software upgrading.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011409116.2A CN112507356B (en) | 2020-12-04 | 2020-12-04 | Centralized front-end ACL (access control list) authority control method based on Angular |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011409116.2A CN112507356B (en) | 2020-12-04 | 2020-12-04 | Centralized front-end ACL (access control list) authority control method based on Angular |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112507356A CN112507356A (en) | 2021-03-16 |
| CN112507356B true CN112507356B (en) | 2023-01-03 |
Family
ID=74971744
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011409116.2A Active CN112507356B (en) | 2020-12-04 | 2020-12-04 | Centralized front-end ACL (access control list) authority control method based on Angular |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112507356B (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107948231B (en) * | 2016-10-13 | 2021-08-31 | 斑马智行网络(香港)有限公司 | Scene-based service providing method, system and operating system |
| CN106446292B (en) * | 2016-11-16 | 2019-11-05 | 北京集奥聚合科技有限公司 | A kind of implementation method and device of the two-way binding of front end data |
| US10394627B2 (en) * | 2017-12-28 | 2019-08-27 | Schneider Electric Software, Llc | Asynchronous C#-JS data binding bridge |
| US10848498B2 (en) * | 2018-08-13 | 2020-11-24 | Capital One Services, Llc | Systems and methods for dynamic granular access permissions |
| CN111209904A (en) * | 2018-11-21 | 2020-05-29 | 华为技术有限公司 | Service processing method and related device |
| CN111078220B (en) * | 2019-12-19 | 2023-04-21 | 浪潮云信息技术股份公司 | Method and system for realizing front-end state change management |
-
2020
- 2020-12-04 CN CN202011409116.2A patent/CN112507356B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112507356A (en) | 2021-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240045842A1 (en) | Integrated transition control center | |
| CN105474210A (en) | System for automating processes | |
| US20100318569A1 (en) | Populating a cache system based on privileges | |
| US20060161768A1 (en) | Method of managing software components that are integrated into an embedded system | |
| CN102142014B (en) | System and method for export and import of metadata located in metadata registries | |
| CN112149109B (en) | Modularized authority control management method and system | |
| CN113297550A (en) | Authority control method, device, equipment, storage medium and program product | |
| CN103581187A (en) | Method and system for controlling access rights | |
| US10891357B2 (en) | Managing the display of hidden proprietary software code to authorized licensed users | |
| CN102523102A (en) | Unified policy over heterogenous device types | |
| US9158932B2 (en) | Modeled authorization check implemented with UI framework | |
| US20220276878A1 (en) | Method and apparatus for generating image file and computer-readable storage medium | |
| CN102857537A (en) | Remote call method, device and system | |
| KR20200090784A (en) | How to start an application, startup device and computer readable storage medium | |
| US8887241B2 (en) | Virtual roles | |
| CN105320522A (en) | Service-oriented architecture based XBRL application platform | |
| CN111062028A (en) | Authority management method and device, storage medium and electronic equipment | |
| CN114218551A (en) | Authentication method, authentication device, electronic equipment and storage medium | |
| CN111368286A (en) | Authority control method, device, equipment and storage medium | |
| CN107438067A (en) | A kind of multi-tenant construction method and system based on mesos container cloud platforms | |
| CN112507356B (en) | Centralized front-end ACL (access control list) authority control method based on Angular | |
| CN113255000A (en) | Data access control method and device, electronic equipment and readable storage medium | |
| US9330276B2 (en) | Conditional role activation in a database | |
| CN111045725B (en) | Control method and device of code management system and storage medium | |
| CN117313050A (en) | Authority configuration, storage, distribution, authorization and authentication method suitable for low-code platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |