CN112883344A - Code operation authority control method and device - Google Patents

Code operation authority control method and device Download PDF

Info

Publication number
CN112883344A
CN112883344A CN202110147052.1A CN202110147052A CN112883344A CN 112883344 A CN112883344 A CN 112883344A CN 202110147052 A CN202110147052 A CN 202110147052A CN 112883344 A CN112883344 A CN 112883344A
Authority
CN
China
Prior art keywords
user
information
permission
authority
version library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110147052.1A
Other languages
Chinese (zh)
Inventor
钱奕兰
温建波
钱湘隆
方俊山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110147052.1A priority Critical patent/CN112883344A/en
Publication of CN112883344A publication Critical patent/CN112883344A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Abstract

The invention provides a method and a device for controlling code operation authority, and relates to the field of finance or other technologies. The method comprises the following steps: receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information; acquiring a permission configuration file of a corresponding version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library corresponding to the version library information and enabling the permission configuration file of the version library corresponding to the version library information to take effect; and returning the authority distribution result to the Web application server. The device is used for executing the method. The control method and the control device for the code operation authority, provided by the embodiment of the invention, improve the distribution efficiency of the code operation authority.

Description

Code operation authority control method and device
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for controlling code operation authority.
Background
With the expansion of software scale, more and more personnel participate in the development process of software products, and the safety of codes of the software products needs to be managed and controlled while the research and development efficiency is ensured.
The codes of the software products can be stored in the code management platform in the form of a version library, and project related personnel can obtain the codes and perform related operations only by having the operation authority of the version library. At present, a mainstream code management platform has a matched authority management function, but the function is very limited, for example, Gerrit only classifies various operations of a version library, and authority management completely depends on manual communication and manual distribution, so that steps are very complicated, and time cost is high.
Disclosure of Invention
For solving the problems in the prior art, embodiments of the present invention provide a method and an apparatus for controlling code operation permission, which can at least partially solve the problems in the prior art.
In one aspect, the present invention provides a method for controlling code operation permission, including:
receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information;
acquiring a permission configuration file of a corresponding version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library corresponding to the version library information and enabling the permission configuration file of the version library corresponding to the version library information to take effect;
and returning the authority distribution result to the Web application server.
In another aspect, the present invention provides a device for controlling code operation authority, including:
the device comprises a first receiving unit, a second receiving unit and a sending unit, wherein the first receiving unit is used for receiving an operation authority distribution request sent by a Web application server, and the operation authority distribution request comprises user information, version library information and authority information;
the writing unit is used for obtaining the authority configuration file of the corresponding version library according to the version library information, writing the user information and the authority information into the authority configuration file of the version library corresponding to the version library information and enabling the authority configuration file of the version library corresponding to the version library information to take effect;
and the return unit is used for returning the authority distribution result to the Web application server.
In another aspect, the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the method for controlling code operation authority described in any of the above embodiments.
In still another aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the method for controlling the operation authority of a code according to any one of the above embodiments.
The method and the device for controlling the code operation permission provided by the embodiment of the invention can receive the operation permission allocation request sent by the Web application server, obtain the permission configuration file of the corresponding version library according to the version library information, write the user information and the permission information into the permission configuration file of the version library corresponding to the version library information, enable the permission configuration file of the version library corresponding to the version library information to take effect, and return the permission allocation result to the Web application server, thereby realizing the automatic allocation of the operation permission of the version library and improving the allocation efficiency of the code operation permission.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a flowchart illustrating a method for controlling code operation authority according to a first embodiment of the present invention.
Fig. 2 is a flowchart illustrating a method for controlling code operation authority according to a second embodiment of the present invention.
Fig. 3 is a flowchart illustrating a method for controlling code operation authority according to a third embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a control system for code operation authority according to a fourth embodiment of the present invention.
Fig. 5 is a flowchart illustrating a method for controlling code operation authority according to a fifth embodiment of the present invention.
Fig. 6 is a flowchart illustrating rights management according to a sixth embodiment of the present invention.
Fig. 7 is a schematic structural diagram of a control device for code operation authority according to a seventh embodiment of the present invention.
Fig. 8 is a schematic structural diagram of a control device for code operation authority according to an eighth embodiment of the present invention.
Fig. 9 is a schematic structural diagram of a control device for code operation authority according to a ninth embodiment of the present invention.
Fig. 10 is a schematic structural diagram of a control device for code operation authority according to a tenth embodiment of the present invention.
Fig. 11 is a schematic physical structure diagram of an electronic device according to an eleventh embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
Fig. 1 is a schematic flow chart of a method for controlling code operation permission according to an embodiment of the present invention, and as shown in fig. 1, the method for controlling code operation permission according to the embodiment of the present invention includes:
s101, receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information;
specifically, the Web application server may transmit an operation authority allocation request including user information, version base information, and authority information to the code management platform. The user information may include a user identifier, the version base information may include at least one version base identifier, and the authority information may include authority roles, authority types, authority duration, authority expiration date, and the like. The operation right allocation request may be transmitted after approval of the user information, the version base information, and the right information is passed. The code management platform receives the operation authority allocation request. The code management platform may be a single server or a server cluster, and is set according to actual needs, which is not limited in the embodiments of the present invention.
The user corresponds to the user identification one by one, and the version library identification corresponds to the version library one by one. The authority roles include, but are not limited to, developers, code auditors, read-only personnel, and the like, and are set according to actual needs, and the embodiment of the present invention is not limited. The permission types include, but are not limited to, read-only permission, submission permission, merge permission, and the like, and are set according to actual needs, which is not limited in the embodiments of the present invention. The right role and the right type have a corresponding relationship, for example, a developer can configure read-only rights and submission rights, a code auditor can configure read-only rights, submission rights, merging rights, and the like, and the setting is performed according to actual needs, which is not limited in the embodiment of the present invention. The permission deadline is a deadline of a permission type owned by the permission role, and is set according to actual needs, and the embodiment of the invention is not limited. The execution main body of the control method of the code operation authority provided by the embodiment of the invention comprises but is not limited to a code management platform.
For example, a user may send an authority application request to a Web application server through a first terminal, and the Web application server may push the authority application request to a second terminal, and the authority application request is approved by an auditor corresponding to the second terminal. After receiving the approval pass information for the permission application request, the Web application server may send an operation permission allocation request to the code management platform. The permission application request may include user information, version library information, and permission information. The first terminal and the second terminal include, but are not limited to, a desktop computer, a notebook computer, a tablet computer, a smart phone, and the like.
S102, acquiring a corresponding permission configuration file of the version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library and enabling the permission configuration file to take effect;
specifically, after receiving the operation permission allocation request, the code management platform may obtain, according to the version library information, a permission configuration file of the version library corresponding to the version library information by querying. The version base information comprises at least one version base identification, so that the code management platform can obtain the authority configuration file of at least one version base. After obtaining the permission configuration file of the version base corresponding to the version base information, the code management platform writes the user information and the permission information into the permission configuration file of the version base corresponding to the version base information. If the version base information comprises a version base identifier, the code management platform writes the user information and the authority information into an authority configuration file of the version base corresponding to the version base identifier; if the version base information comprises a plurality of version base identifications, the code management platform writes the user information and the authority information into an authority configuration file of a version base corresponding to each of the plurality of version base identifications. After the permission configuration file of the version library corresponding to the version library information is modified, the code management platform enables the permission configuration file of the version library corresponding to the version library information to take effect.
For example, the code management platform may enable the authority configuration file of the version library corresponding to the version library information to take effect by using a code management tool, where the code management tool, such as Git, is selected according to actual needs, and the embodiment of the present invention is not limited.
And S103, returning the authority distribution result to the Web application server.
Specifically, after the permission configuration file of the version library corresponding to the version library information takes effect, the code management platform returns a permission allocation result to the Web application server. The permission allocation result may include a permission allocation success prompt message, and may also carry the user information, the version base information, and the permission allocation result is set according to actual needs, which is not limited in the embodiment of the present invention. It can be understood that if the permission configuration file of the version base corresponding to the version base information fails to take effect or cannot be queried, the code management platform may return permission assignment failure prompt information to the Web application server.
The method for controlling the code operation authority provided by the embodiment of the invention can receive the operation authority distribution request sent by the Web application server, obtain the authority configuration file of the corresponding version library according to the version library information, write the user information and the authority information into the authority configuration file of the version library corresponding to the version library information, enable the authority configuration file of the version library corresponding to the version library information to take effect, and return the authority distribution result to the Web application server, thereby realizing the automatic distribution of the operation authority of the version library and improving the distribution efficiency of the code operation authority.
Fig. 2 is a schematic flow chart of a method for controlling code operation permission according to a second embodiment of the present invention, and as shown in fig. 2, on the basis of the foregoing embodiments, further, the method for controlling code operation permission according to the embodiment of the present invention further includes:
s201, receiving a user authority deadline query request sent by a proxy server at regular time, and returning user operation authority information to the proxy server;
specifically, the proxy server sends a user authority limit inquiry request to the code management platform at regular time. The code management platform receives a user authority limit inquiry request, and then inquires authority configuration files of various version libraries to obtain authority information of various users, wherein the authority information comprises authority expiration dates. The code management platform returns user operation authority information to the proxy server, wherein the user operation authority information can comprise user identifications of all users, version library identifications corresponding to all the user identifications and authority information corresponding to the version library identifications. The permission information may further include a permission type and a permission role, and is set according to actual needs, which is not limited in the embodiments of the present invention. The timing is set according to actual needs, for example, 1 point every morning, and the embodiment of the invention is not limited.
For example, user A has read-only rights to version store B, the rights deadline expires to date x, user C has read-only rights to version store D and the commit rights, the read-only rights expires to date y, and the commit rights expires to date z. The user operation authority information returned to the proxy server by the code management platform comprises a user identifier of a user A, a version library identifier of a version library B, a read-only authority and an authority expiration date x, a user identifier of a user C, a version library identifier of a version library D, a read-only authority and a corresponding authority expiration date y, a submission authority and a corresponding authority expiration date z. Because the user a only has one operation authority for the version base B, the sent user operation authority information may not include the authority type of the user a for the version base B: read-only rights to reduce the amount of data transferred.
S202, receiving a first user permission cleaning request sent by the proxy server, wherein the first user permission cleaning request comprises permission cleaning information; the first user permission cleaning request is sent by the proxy server after the proxy server learns that the user with the expired permission exists based on the user operation permission information;
specifically, after receiving the user operation permission information, the proxy server may calculate whether the permission of the user expires according to the current time and permission expiration dates included in the permission information corresponding to each version library of the user, obtain a user identifier if the permission of the user expires, use the version library identifier of the version library in which the permission of the user expires as the cleaning information of the client in which the permission expires, and if the user has multiple permissions in the version library, further include the expired permission type in the cleaning information of the client in which the permission expires. After obtaining the cleaning information of all users with expired authorities based on the user operation authority information, the proxy server sends a first user authority cleaning request to the code management platform, wherein the first user authority cleaning request comprises authority cleaning information, and the authority cleaning information comprises cleaning information of each client with expired authorities. The code management platform receives the first user permission cleaning request.
For example, after receiving user operation permission information including the user identifier of the user a, the version base identifier of the version base B, the read-only permission, and the permission expiration date x, the user identifier of the user C, the version base identifier of the version base D, the read-only permission, the corresponding permission expiration date y, and the submission permission, and the corresponding permission expiration date z, the proxy server may determine whether the read-only permission of the user a to the version base B is expired according to the current date and the permission expiration date x, determine whether the read-only permission of the user C to the version base D is expired according to the current date and the permission expiration date y, and determine whether the submission permission of the user C to the version base D is expired according to the current date and the permission expiration date z. If the proxy server determines that the read-only permission of the user A to the version library B is expired, the cleaning information of the user A comprises the user identification of the user A, the version library identification of the version library B and the read-only permission. If the proxy server determines that the read-only right of the user C to the version library D is not expired, but the submission right of the user C to the version library D is expired, the cleaning information of the user C comprises the user identification of the user C, the version library identification of the version library D and the submission right.
S203, deleting the related information of the user with the authority expired in the authority configuration file of the corresponding version library according to the authority cleaning information.
Specifically, after receiving a first user permission cleaning request sent by the proxy server, the code management platform obtains permission cleaning information from the first user permission cleaning request, then searches for a permission configuration file of a version library corresponding to a version library identifier included in the cleaning information according to each piece of cleaning information included in the permission cleaning information, and then deletes relevant information of a user whose permission is expired included in the cleaning information from the permission configuration file of the corresponding version library. And after the code management platform finishes processing each piece of cleaning information included in the authority cleaning information, the cleaning of the operation authority of the user with the expired authority is finished. The related information of the user with the expired authority may include a user identifier, an authority type, an authority period, and the like, and is set according to actual needs.
For example, the authority clearing information obtained by the code management platform from the first user authority clearing request includes two pieces of clearing information, the clearing information of the user a includes a user identifier of the user a and a version library identifier of the version library B, and the clearing information of the user C includes a user identifier of the user C, a version library identifier of the version library D, and a submission authority. The code management platform queries and obtains the authority configuration file of the version base B according to the version base identification of the version base B included in the cleaning information of the user A, and then deletes the user identification of the user A, the read-only authority of the user A and the authority information corresponding to the read-only authority of the user A from the authority configuration file of the version base B. The code management platform queries and obtains the authority configuration file of the version library D according to the version library identification of the version library D included in the cleaning information of the user C, and then deletes the submission authority of the user C and the authority information corresponding to the submission authority of the user C from the authority configuration file of the version library D. Since the user C also has read-only rights in the version repository D, the user id of the user C is not deleted from the rights configuration file of the version repository D.
Fig. 3 is a schematic flow chart of a method for controlling code operation permission according to a third embodiment of the present invention, and as shown in fig. 3, on the basis of the foregoing embodiments, further, the method for controlling code operation permission according to the embodiment of the present invention further includes:
s301, receiving a second user permission cleaning request sent by a proxy server, wherein the second user permission cleaning request comprises user cleaning information; the second user permission cleaning request is sent by the proxy server after the proxy server inquires that the user leaves the job;
specifically, the proxy server may obtain user status information including that the user is on job or has left job from the user information management server query. After inquiring and knowing that the user leaves the job, the proxy server can send a second user permission cleaning request to the code management platform, wherein the second user permission cleaning request comprises user cleaning information, and the user cleaning information can comprise a user identifier of the user who leaves the job. The code management platform receives the second user permission cleaning request.
S302, deleting the related information of the user who has left the job from the authority configuration files of all the version libraries according to the user cleaning information.
Specifically, after receiving the second user permission cleaning request, the code management platform may obtain user cleaning information from the second user permission cleaning request, and may delete relevant information of the user who has left the job from the permission configuration file of each version library according to a user identifier included in the user cleaning information. The related information of the user who has left the job is the information such as the authority role, the authority type, the authority period and the like which are stored in the authority configuration file and correspond to the user identification of the user who has left the job.
For example, the code management platform obtains the user identifier of the user E who has left the job from the user cleaning information, then queries the relevant information corresponding to the user identifier of the user E in the authority configuration file of each version library according to the user identifier of the user E, deletes the queried relevant information corresponding to the user identifier of the user E if the relevant information corresponding to the user identifier of the user E is queried, and does not need to perform deletion operation if the relevant information corresponding to the user identifier of the user E is not queried.
On the basis of the foregoing embodiments, further, the method for controlling code operation permission provided in the embodiment of the present invention further includes:
and sending the permission cleaning result to the Web application server.
Specifically, after finishing the cleaning of the operation permission of the user with the expired permission according to the permission cleaning information, the code management platform may send a permission cleaning result to the Web application server, where the permission cleaning result may include permission expired user prompt information and the permission cleaning information.
After the code management platform finishes the cleaning of the operation permission of the user who leaves the job according to the user cleaning information, the code management platform can send a permission cleaning result to the Web application server, wherein the permission cleaning result can comprise prompting information of the user who leaves the job and a user identifier of the user who leaves the job.
Fig. 4 is a schematic structural diagram of a control system of code operation authority provided in a fourth embodiment of the present invention, and as shown in fig. 4, the control system of code operation authority provided in the embodiment of the present invention includes a code management platform 1, a Web application server 2, a proxy server 3, and a user information management server 4, where:
the code management platform 1 is respectively connected with the Web application server 2, the proxy server 3 and the user information management server 4 in a communication mode, the Web application server 2 is respectively connected with the proxy server 3 and the user information management server 4 in a communication mode, and the proxy server 3 is connected with the user information management server 4 in a communication mode.
The code management platform 1 may encapsulate various operation permissions of the version library into service interfaces, such as read-only permissions, submission permissions, merge permissions, and the like. The code management platform 1 receives an operation authority distribution request sent by the Web application server 2, wherein the operation authority distribution request comprises user information, version library information and authority information, the code management platform 1 obtains an authority configuration file of a corresponding version library according to the version library information, writes the user information and the authority information into the authority configuration file of the version library corresponding to the version library information and enables the authority configuration file of the version library corresponding to the version library information to take effect, and therefore the related operation authority of a user to the version library is achieved. The code management platform 1 returns the right assignment result to the Web application server 2.
The Web application server 2 is provided with Web applications, and can customize various authority roles according to the work requirements. The Web application server 2 stores all version libraries and user information, and a user can select a version library and an authority role which need to apply for the authority by logging in the Web application server 2 through a first terminal and send an authority application request to the Web application server 2. The auditor can log in the Web application server 2 through the second terminal to examine and approve the permission application request, and after the examination and approval is passed, the Web application server 2 can send an operation permission allocation request to the code management platform 1.
The proxy server 3 may periodically send a user permission term query request to the code management platform 1 every day to check whether the operation permission of the user to the version library expires, and after determining that the user operation permission expires, send a first user permission cleaning request to the code management platform 1 to delete the relevant information of the user whose permission expires, so as to clean the operation permission of the user whose permission expires. The proxy server 3 may send a user status query request to the user information management server 4 to query whether the user leaves the job, and after learning that the user leaves the job, send a second user permission cleaning request to the code management platform 1 to delete the relevant information of the user who has left the job, thereby cleaning the operation permission of the user who has left the job.
The user information management server 4 records all the basic user information, including the user name, the user identifier, the password, the user status, and other information. The code management platform 1, the Web application server 2 and the proxy server 3 can communicate with the user information management server 4 through an Ldap protocol, and a user logs in the code management platform 1 and the Web application server 2 through a unified user name and password.
Fig. 5 is a schematic flow chart of an authority application provided by a fifth embodiment of the present invention, and as shown in fig. 5, a flow chart of a control method of a code operation authority provided by an embodiment of the present invention is as follows:
the first step is to receive a request for permission application. The user sends an authority application request to the Web application server through the first terminal, and the Web application server receives the authority application request. The permission application request may include user information, version library information, and permission information.
And secondly, sending a permission approval request. And the Web application server sends a permission approval request to the second terminal so as to facilitate the approver to carry out permission approval. And the approver checks the permission approval request through the second terminal, determines whether the permission approval request passes or does not pass, and then returns a permission approval result to the Web application server through the second terminal. And the permission approval result is that the approval is passed or the approval is not passed. The permission approval request may include user information, version library information, and permission information.
And thirdly, receiving the authority approval result. And the Web application server receives the permission approval result sent by the second terminal.
And fourthly, judging whether the examination and approval is passed or not. The Web application server can obtain the information that the examination is approved or not approved from the result of the authorization examination, and if the examination is approved, the fifth step is entered. And if the examination and approval is not passed, entering a ninth step.
And step five, sending an operation authority distribution request. And the Web application server sends an operation authority distribution request to the code management platform, wherein the operation authority distribution request comprises user information, version library information and authority information.
And sixthly, distributing operation authority. And the code management platform acquires the authority configuration file of the corresponding version library according to the version library information, writes the user information and the authority information into the authority configuration file of the version library and enables the authority configuration file to take effect.
And step seven, returning an operation authority distribution result. And after the authority configuration file takes effect, the code management platform returns an operation authority distribution result to the Web application server, wherein the authority distribution result comprises authority distribution success prompt information and can also carry user information, version library information and authority information.
And step eight, storing the operation authority distribution result. And the Web application server receives the operation authority distribution result and stores the operation authority distribution result locally.
And step nine, sending distribution result information. And the Web application server sends the distribution result information to the first terminal. And if the examination and approval is not passed, the distribution result information carries prompt information of distribution failure. And if the Web application server receives the operation authority distribution result, the distribution result information carries prompt information of successful distribution.
Fig. 6 is a schematic flowchart of the permission cleaning provided by the sixth embodiment of the present invention, and as shown in fig. 6, the flow of the permission cleaning provided by the embodiment of the present invention is as follows:
firstly, sending a user authority deadline inquiry request. The proxy server can send the user authority limit inquiry request to the code management platform at regular time every day. The code management platform receives a user authority limit inquiry request, and then inquires and obtains authority information of each user in authority configuration files of each version library, wherein the authority information comprises authority expiration dates. The code management platform returns user operation authority information to the proxy server, wherein the user operation authority information can comprise user identifications of all users, version library identifications corresponding to all the user identifications and authority information corresponding to the version library identifications.
And secondly, judging whether the expired users exist. After receiving the user operation permission information, the proxy server can calculate whether the permission of the user is due according to the current time and permission expiration dates included in the permission information corresponding to each version library of the user. If it is expired, proceeding to the third step; if not, then proceed to the fifth step.
And thirdly, sending a first user permission cleaning request. The proxy server sends a first user permission cleaning request to the code management platform, wherein the first user permission cleaning request comprises permission cleaning information.
And fourthly, clearing the operation authority of the expired user. And the code management platform deletes the related information of the user with the expired authority in the authority configuration file of the corresponding version library according to the authority cleaning information so as to clean the operation authority of the user with the expired authority.
And step five, sending a user state query request. The proxy server sends a user state query request to the user information management server, and the user information management server returns user state information to the proxy server, wherein the user state information comprises the job or the off-job of the user.
And sixthly, judging whether the user who leaves the job exists. After the proxy server obtains the user state information, if the user state information indicates that the user leaves the job, obtaining the user information indicating that all the user state information leaves the job, and entering a seventh step; and if all the user state information is that the user is at work, indicating that no user is out of work, and terminating the operation.
And step seven, sending a second user permission cleaning request. The proxy server can send a second user permission cleaning request to the code management platform so as to clean the operation permission of the user who leaves the job. And the second user permission cleaning request comprises user cleaning information.
And eighth step, cleaning the user who leaves the job. And after receiving the second user permission cleaning request, the code management platform deletes the relevant information of the left-working user from the permission configuration files of all the version libraries according to the user cleaning information, and finishes cleaning the operation permission of the left-working user.
And step nine, sending an authority cleaning result. After the code management platform finishes the operation authority of the due user, the authority cleaning result carrying the authority due user prompt information and the authority cleaning information is sent to the Web application server. After the code management platform finishes the operation permission of the user who leaves the job, the code management platform sends a permission cleaning result carrying prompting information of the user who leaves the job and the user identification of the user who leaves the job to the Web application server.
After the code management platform clears the operation authority of the expired user and/or clears the operation authority of the user who leaves the job, the code management platform can also send an authority clearing result to the proxy server, and the proxy server can inform the authority clearing result to related users.
The control method of the code operation authority provided by the embodiment of the invention has the following advantages:
(1) the authority management of various code management platforms can be supported, and the flexibility and the high efficiency are realized;
(2) the whole process of authority management is automatically completed in an interface application mode, so that the safety problem caused by manual operation errors is avoided, and the communication cost is greatly reduced;
(3) the user-defined version library authority role is supported, the problem of solidification of the authority role in the code authority management process is solved, and the purpose of controlling the code safely is achieved;
(4) and an authority quitting mechanism is supported, the expired operation authority and the operation authority of the personnel who leave the office are cleared, and the risk of code leakage caused by using codes after the personnel fail is avoided.
Fig. 7 is a schematic structural diagram of a control apparatus for code operation authority according to a seventh embodiment of the present invention, and as shown in fig. 7, the control apparatus for code operation authority according to the embodiment of the present invention includes a first receiving unit 701, a writing unit 702, and a returning unit 703, where:
the first receiving unit 701 is configured to receive an operation authority allocation request sent by a Web application server, where the operation authority allocation request includes user information, version library information, and authority information; the writing unit 702 is configured to obtain the permission configuration file of the corresponding version library according to the version library information, write the user information and the permission information into the permission configuration file of the version library corresponding to the version library information, and enable the permission configuration file of the version library corresponding to the version library information to take effect; the returning unit 703 is configured to return the right assignment result to the Web application server.
Specifically, the Web application server may transmit an operation authority allocation request including user information, version base information, and authority information to the first receiving unit 701. The user information may include a user identifier, the version base information may include at least one version base identifier, and the authority information may include authority roles, authority types, authority duration, authority expiration date, and the like. The operation right allocation request may be transmitted after approval of the user information, the version base information, and the right information is passed. The first receiving unit 701 receives the operation right assignment request.
After receiving the operation permission allocation request, the writing unit 702 may obtain, according to the version library information, a permission configuration file of the version library corresponding to the version library information through querying. The version base information includes at least one version base identifier, so the writing unit 702 obtains the authority configuration file of at least one version base. After obtaining the permission configuration file of the version base corresponding to the version base information, the writing unit 702 writes the user information and the permission information into the permission configuration file of the version base corresponding to the version base information. If the version base information includes a version base identifier, the writing unit 702 writes the user information and the permission information into the permission configuration file of the version base corresponding to the version base identifier; if the version base information includes a plurality of version base identifiers, the writing unit 702 writes the user information and the permission information into the permission configuration file of the version base corresponding to each of the plurality of version base identifiers. After the permission configuration file of the version library corresponding to the version library information is modified, the writing unit 702 may validate the permission configuration file of the version library corresponding to the version library information.
After the permission configuration file of the version library corresponding to the version library information becomes effective, the returning unit 703 returns a permission allocation result to the Web application server. The permission allocation result may include a permission allocation success prompt message, and may also carry the user information, the version base information, and the permission allocation result is set according to actual needs, which is not limited in the embodiment of the present invention. It can be understood that, if the permission configuration file of the version base corresponding to the version base information fails to take effect or cannot be queried, the returning unit 703 may return permission assignment failure prompt information to the Web application server.
The control device for code operation permission provided by the embodiment of the invention can receive an operation permission allocation request sent by a Web application server, obtain the permission configuration file of the corresponding version library according to the version library information, write the user information and the permission information into the permission configuration file of the version library corresponding to the version library information, enable the permission configuration file of the version library corresponding to the version library information to take effect, and return a permission allocation result to the Web application server, thereby realizing the automatic allocation of the operation permission of the version library and improving the allocation efficiency of the code operation permission.
Fig. 8 is a schematic structural diagram of a control apparatus for code operation authority according to an eighth embodiment of the present invention, and as shown in fig. 8, on the basis of the foregoing embodiments, further, the control apparatus for code operation authority according to the embodiment of the present invention further includes a second receiving unit 704, a third receiving unit 705, and a first deleting unit 706, where:
the second receiving unit 704 is configured to receive a user permission deadline query request periodically sent by a proxy server, and return user operation permission information to the proxy server; the third receiving unit 705 is configured to receive a first user permission cleaning request sent by the proxy server, where the first user permission cleaning request includes permission cleaning information; the first user permission cleaning request is sent by the proxy server after the proxy server learns that the user with the expired permission exists based on the user operation permission information; the first deleting unit 706 is configured to delete, according to the permission cleaning information, related information of a user whose permission expires in the permission configuration file of the corresponding version library.
Specifically, the proxy server may periodically send a user permission term query request to the second receiving unit 704. The second receiving unit 704 receives the user authority deadline query request, and then queries the authority configuration file of each version base to obtain authority information of each user, wherein the authority information comprises an authority deadline date. The second receiving unit 704 returns user operation authority information to the proxy server, where the user operation authority information may include user identifiers of users, version library identifiers corresponding to the user identifiers, and authority information corresponding to the version library identifiers. The permission information may further include a permission type and a permission role, and is set according to actual needs, which is not limited in the embodiments of the present invention. The timing is set according to actual needs, for example, 1 point every morning, and the embodiment of the invention is not limited.
After receiving the user operation permission information, the proxy server can calculate whether the permission of the user is due according to the current time and permission expiration dates included in the permission information corresponding to each version library of the user, if the permission of the user is due, a user identifier is obtained, the version library identifier of the version library with the expired permission of the user is used as the cleaning information of the client with the expired permission, and if the user has multiple permissions in the version library, the cleaning information of the client with the expired permission can also include the expired permission types. After obtaining the cleaning information of all users with expired permissions based on the user operation permission information, the proxy server sends a first user permission cleaning request to a third receiving unit 705, where the first user permission cleaning request includes permission cleaning information, and the permission cleaning information includes cleaning information of each client with expired permissions. The third receiving unit 705 receives the first user right clearing request.
After receiving the first user permission cleaning request sent by the proxy server, the first deleting unit 706 obtains permission cleaning information from the first user permission cleaning request, then searches for a permission configuration file of a version library corresponding to a version library identifier included in the cleaning information according to each piece of cleaning information included in the permission cleaning information, and then deletes relevant information of a user whose permission is expired included in the cleaning information from the permission configuration file of the corresponding version library. After the first deletion unit 706 finishes processing each piece of cleaning information included in the authority cleaning information, the cleaning of the operation authority of the user whose authority expires is finished. The related information of the user with the expired authority may include a user identifier, an authority type, an authority period, and the like, and is set according to actual needs.
Fig. 9 is a schematic structural diagram of a control apparatus for code operation authority according to a ninth embodiment of the present invention, and as shown in fig. 9, on the basis of the foregoing embodiments, further, the control apparatus for code operation authority according to the embodiment of the present invention further includes a fourth receiving unit 707 and a second deleting unit 708, where:
the fourth receiving unit 707 is configured to receive a second user permission cleaning request sent by the proxy server, where the second user permission cleaning request includes user cleaning information; the second user permission cleaning request is sent by the proxy server after the proxy server inquires that the user leaves the job; the second deleting unit 708 is configured to delete the relevant information of the user who has left the job from the authority configuration files of all the version libraries according to the user cleaning information.
Specifically, the proxy server may obtain user status information including that the user is on job or has left job from the user information management server query. After inquiring that the user leaves the position, the proxy server may send a second user permission cleaning request to the fourth receiving unit 707, where the second user permission cleaning request includes user cleaning information, and the user cleaning information may include a user identifier of the user who leaves the position. The fourth receiving unit 707 receives the second user right clearing request.
After receiving the second user permission cleaning request, the second deleting unit 708 may obtain user cleaning information from the second user permission cleaning request, and may delete relevant information of the user who has left work from the permission configuration file of each version library according to a user identifier included in the user cleaning information. The related information of the user who has left the job is the information such as the authority role, the authority type, the authority period and the like which are stored in the authority configuration file and correspond to the user identification of the user who has left the job.
Fig. 10 is a schematic structural diagram of a control apparatus for code operation authority according to a tenth embodiment of the present invention, and as shown in fig. 10, on the basis of the foregoing embodiments, further, the control apparatus for code operation authority according to the embodiment of the present invention further includes a sending unit 709, where:
the sending unit 709 is configured to send the permission cleaning result to the Web application server.
Specifically, after the operation permission of the user with the expired permission is cleared according to the permission clearing information, the sending unit 709 may send a permission clearing result to the Web application server, where the permission clearing result may include permission expired user prompt information and the permission clearing information.
After the clearing of the operation permission of the left-job user is completed according to the user clearing information, the sending unit 709 may send a permission clearing result to the Web application server, where the permission clearing result may include prompt information of the left-job user and a user identifier of the left-job user.
The embodiment of the apparatus provided in the embodiment of the present invention may be specifically configured to execute the processing flows of the above method embodiments, and the functions of the apparatus are not described herein again, and refer to the detailed description of the above method embodiments.
It should be noted that the method and apparatus for controlling code operation permission provided in the embodiment of the present invention may be used in the financial field, and may also be used in any technical field other than the financial field.
Fig. 11 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 11, the electronic device may include: a processor (processor)1101, a communication Interface (Communications Interface)1102, a memory (memory)1103 and a communication bus 1104, wherein the processor 1101, the communication Interface 1102 and the memory 1103 are communicated with each other via the communication bus 1104. The processor 1101 may call logic instructions in the memory 1103 to perform the following method: receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information; acquiring a permission configuration file of a corresponding version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library corresponding to the version library information and enabling the permission configuration file of the version library corresponding to the version library information to take effect; and returning the authority distribution result to the Web application server.
In addition, the logic instructions in the memory 1103 can be stored in a computer readable storage medium when the logic instructions are implemented in the form of software functional units and sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the method provided by the above-mentioned method embodiments, for example, comprising: receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information; acquiring a permission configuration file of a corresponding version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library corresponding to the version library information and enabling the permission configuration file of the version library corresponding to the version library information to take effect; and returning the authority distribution result to the Web application server.
The present embodiment provides a computer-readable storage medium, which stores a computer program, where the computer program causes the computer to execute the method provided by the above method embodiments, for example, the method includes: receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information; acquiring a permission configuration file of a corresponding version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library corresponding to the version library information and enabling the permission configuration file of the version library corresponding to the version library information to take effect; and returning the authority distribution result to the Web application server.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description herein, reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A control method for code operation authority is characterized by comprising the following steps:
receiving an operation authority distribution request sent by a Web application server, wherein the operation authority distribution request comprises user information, version library information and authority information;
acquiring a permission configuration file of a corresponding version library according to the version library information, writing the user information and the permission information into the permission configuration file of the version library corresponding to the version library information and enabling the permission configuration file of the version library corresponding to the version library information to take effect;
and returning the authority distribution result to the Web application server.
2. The method of claim 1, further comprising:
receiving a user authority deadline query request sent by a proxy server at regular time, and returning user operation authority information to the proxy server;
receiving a first user permission cleaning request sent by the proxy server, wherein the first user permission cleaning request comprises permission cleaning information; the first user permission cleaning request is sent by the proxy server after the proxy server learns that the user with the expired permission exists based on the user operation permission information;
and deleting the related information of the user with the expired authority in the authority configuration file of the corresponding version library according to the authority cleaning information.
3. The method of claim 1, further comprising:
receiving a second user permission cleaning request sent by a proxy server, wherein the second user permission cleaning request comprises user cleaning information; the second user permission cleaning request is sent by the proxy server after the proxy server inquires that the user leaves the job;
and deleting the related information of the user who leaves the job from the authority configuration files of all the version libraries according to the user cleaning information.
4. The method of claim 2 or 3, further comprising:
and sending the permission cleaning result to the Web application server.
5. A control apparatus for controlling the authority of code operation, comprising:
the device comprises a first receiving unit, a second receiving unit and a sending unit, wherein the first receiving unit is used for receiving an operation authority distribution request sent by a Web application server, and the operation authority distribution request comprises user information, version library information and authority information;
the writing unit is used for obtaining the authority configuration file of the corresponding version library according to the version library information, writing the user information and the authority information into the authority configuration file of the version library corresponding to the version library information and enabling the authority configuration file of the version library corresponding to the version library information to take effect;
and the return unit is used for returning the authority distribution result to the Web application server.
6. The apparatus of claim 5, further comprising:
the second receiving unit is used for receiving a user authority deadline query request sent by the proxy server at regular time and returning user operation authority information to the proxy server;
a third receiving unit, configured to receive a first user permission cleaning request sent by the proxy server, where the first user permission cleaning request includes permission cleaning information; the first user permission cleaning request is sent by the proxy server after the proxy server learns that the user with the expired permission exists based on the user operation permission information;
and the first deleting unit is used for deleting the related information of the user with the expired authority in the authority configuration file of the corresponding version library according to the authority cleaning information.
7. The apparatus of claim 5, further comprising:
the fourth receiving unit is used for receiving a second user permission cleaning request sent by the proxy server, wherein the second user permission cleaning request comprises user cleaning information; the second user permission cleaning request is sent by the proxy server after the proxy server inquires that the user leaves the job;
and the second deleting unit is used for deleting the related information of the user who has left the job from the authority configuration files of all the version libraries according to the user cleaning information.
8. The apparatus of claim 6 or 7, further comprising:
and the sending unit is used for sending the permission cleaning result to the Web application server.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 4 are implemented when the computer program is executed by the processor.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4.
CN202110147052.1A 2021-02-03 2021-02-03 Code operation authority control method and device Pending CN112883344A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110147052.1A CN112883344A (en) 2021-02-03 2021-02-03 Code operation authority control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110147052.1A CN112883344A (en) 2021-02-03 2021-02-03 Code operation authority control method and device

Publications (1)

Publication Number Publication Date
CN112883344A true CN112883344A (en) 2021-06-01

Family

ID=76056834

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110147052.1A Pending CN112883344A (en) 2021-02-03 2021-02-03 Code operation authority control method and device

Country Status (1)

Country Link
CN (1) CN112883344A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325153A (en) * 2011-07-12 2012-01-18 北京新媒传信科技有限公司 Service development method and system
CN104008441A (en) * 2014-05-06 2014-08-27 烽火通信科技股份有限公司 Task management system and method for automatically submitting files into version library
CN104969228A (en) * 2012-12-21 2015-10-07 德卡产品有限公司 Computer-implemented method, system, and apparatus for electronic patient care
CN105956830A (en) * 2016-05-11 2016-09-21 中煤电气有限公司 J2EE framework based enterprise-level visualization application development platform
CN108062232A (en) * 2017-12-14 2018-05-22 上海钢联电子商务股份有限公司 A kind of system and method for automatically creating branch
US20180150483A1 (en) * 2016-11-28 2018-05-31 Atlassian Pty Ltd Systems and methods for indexing source code in a search engine
CN110321113A (en) * 2019-07-09 2019-10-11 苏宁消费金融有限公司 Using project batch as the integrated pipeline system and its working method of standard
CN111488172A (en) * 2020-03-11 2020-08-04 中移(杭州)信息技术有限公司 Authority control method and device and readable storage medium
CN111857806A (en) * 2020-07-29 2020-10-30 北京达佳互联信息技术有限公司 Permission configuration file updating method and device, electronic equipment and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325153A (en) * 2011-07-12 2012-01-18 北京新媒传信科技有限公司 Service development method and system
CN104969228A (en) * 2012-12-21 2015-10-07 德卡产品有限公司 Computer-implemented method, system, and apparatus for electronic patient care
CN104008441A (en) * 2014-05-06 2014-08-27 烽火通信科技股份有限公司 Task management system and method for automatically submitting files into version library
CN105956830A (en) * 2016-05-11 2016-09-21 中煤电气有限公司 J2EE framework based enterprise-level visualization application development platform
US20180150483A1 (en) * 2016-11-28 2018-05-31 Atlassian Pty Ltd Systems and methods for indexing source code in a search engine
CN108062232A (en) * 2017-12-14 2018-05-22 上海钢联电子商务股份有限公司 A kind of system and method for automatically creating branch
CN110321113A (en) * 2019-07-09 2019-10-11 苏宁消费金融有限公司 Using project batch as the integrated pipeline system and its working method of standard
CN111488172A (en) * 2020-03-11 2020-08-04 中移(杭州)信息技术有限公司 Authority control method and device and readable storage medium
CN111857806A (en) * 2020-07-29 2020-10-30 北京达佳互联信息技术有限公司 Permission configuration file updating method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11055703B2 (en) Smart contract lifecycle management
JP6353924B2 (en) Reduced data volume durability status for block-based storage
RU2586866C2 (en) Differentiation of set of features of participant of leased medium and user
CN103544153B (en) A kind of data-updating method based on data base and system
CN101217571B (en) Write/read document operation method applied in multi-copy data grid system
US8250102B2 (en) Remote storage and management of binary object data
CN111400112B (en) Writing method and device of storage system of distributed cluster and readable storage medium
JP2003520363A (en) Data maintenance method in a partially replicated database system network
CN108512930B (en) Shared file management method, device, server and storage medium
CN112597511A (en) Remote government affair service cooperation method and device
CN112632375A (en) Session information processing method, server and storage medium
CN112883344A (en) Code operation authority control method and device
JPH04220747A (en) Document controlling method in data processing system
CN111382142A (en) Database operation method, server and computer storage medium
CN112217774A (en) Authority control system and method, server and storage medium
CN114282210A (en) Sandbox automatic construction method and system, computer equipment and readable storage medium
JP5636394B2 (en) Information processing apparatus, information processing method, and program
CN113472781A (en) Service acquisition method, server and computer readable storage medium
CN107493316B (en) Application operation management method, server and computer readable storage medium
US11803569B2 (en) Computer system and method for accessing user data that is distributed within a multi-zone computing platform
CN113886078B (en) Method and device for realizing quota unified management based on dynamic threshold mechanism, electronic equipment and computer readable storage medium
CN113472554B (en) Method and device for organizing and managing function module files
KR102623047B1 (en) Research histroy management method based on blockchain and smart contracts program performing the same
CN108763247B (en) Method and device for processing user request in data migration process
CN115563215A (en) Asset information management system, method, apparatus, computer device, and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination