CN113158217A - Authority verification method and device, computer equipment and storage medium - Google Patents
Authority verification method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN113158217A CN113158217A CN202110551453.3A CN202110551453A CN113158217A CN 113158217 A CN113158217 A CN 113158217A CN 202110551453 A CN202110551453 A CN 202110551453A CN 113158217 A CN113158217 A CN 113158217A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- authority
- permission
- target user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012795 verification Methods 0.000 title abstract description 24
- 238000012986 modification Methods 0.000 claims description 10
- 230000004048 modification Effects 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 238000013461 design Methods 0.000 abstract description 17
- 238000009877 rendering Methods 0.000 abstract description 7
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000007726 management method Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000000750 progressive effect Effects 0.000 description 2
- 241000566146 Asio Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a permission verification method, a permission verification device, computer equipment and a storage medium, and the permission verification method is used for determining a target page requested to be opened by a page opening request sent by a client; determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user authority information comprises view authority information and data authority information, and data information which meets the data authority information in the target page is obtained; and returning the view permission information and the data information to the client so that the client dynamically renders a DOM tree by using the view permission information based on the VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user. According to the method and the device, not only are roles introduced into the back end to achieve flexible setting of the user permission, but also the VUE language is introduced into the client to achieve dynamic rendering of the page based on the client permission of the user, so that the permission design is more flexible, and the friendliness in system design and user experience is improved.
Description
Technical Field
The present invention relates to the field of system security technologies, and in particular, to a method and an apparatus for checking permissions, a computer device, and a storage medium.
Background
The authority is mainly embodied in the server as what data the user can access and what functions the user can operate, and is usually embodied in the client as what menus and buttons the user can access. The conventional permission design scheme is that a user and the permission are directly bound at the back end, different permissions are given to different users, a client menu and a button are all written, and the user submits to the back end for permission verification after triggering operation. This conventional rights design scheme is not flexible enough in rights design, and is not very friendly in both system design and user experience.
Disclosure of Invention
In view of the above, in order to solve the above problems, the present invention provides a method, an apparatus, a computer device and a storage medium for checking an authority, so as to improve flexibility of authority design, and further increase friendliness in system design and user experience, and the technical scheme is as follows:
a method of rights checking, comprising:
receiving a page opening request sent by a client in response to the operation of a target user, and determining a target page requested to be opened by the page opening request;
determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
acquiring data information which meets the data authority indicated by the data authority information in the target page;
and returning the view permission information and the data information to the client, so that the client dynamically renders a DOM tree by using the view permission information based on a VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user.
Preferably, the determining the user permission information of the target user according to the permission corresponding to each role owned by the target user includes:
acquiring at least one role owned by the target user;
respectively determining at least one authority corresponding to each role in the at least one role, wherein the at least one authority comprises any one or more of menu authority, button authority and data authority;
and generating the user authority information of the target user according to all the determined authorities.
Preferably, the method further comprises the following steps:
judging whether historical user authority information of the target user is stored in a cache;
if the historical user authority information of the target user is stored in the cache, determining the historical user authority information as the user authority information of the target user;
the determining the user authority information of the target user according to the authority corresponding to each role owned by the target user comprises the following steps: and if the historical user permission information of the target user is not stored in the cache, determining the user permission information of the target user according to the permission corresponding to each role owned by the target user.
Preferably, the method further comprises the following steps:
responding to modification operation of the user authority information of the target user, and re-determining the user authority information of the target user;
and updating the historical user authority information stored in the cache into the re-determined user authority information of the target user.
Preferably, the modifying operation includes: adding a role for the target user, wherein the added role corresponds to at least one authority; deleting the role of the target user; and modifying any one or more of the authorities corresponding to the roles of the target users.
An authority verifying apparatus comprising:
the request receiving unit is used for receiving a page opening request sent by a client end in response to the operation of a target user and determining a target page requested to be opened by the page opening request;
the authority information generating unit is used for determining the user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
the data information acquisition unit is used for acquiring data information which meets the data authority indicated by the data authority information in the target page;
and the information returning unit is used for returning the view permission information and the data information to the client, so that the client dynamically renders a DOM tree by using the view permission information based on a VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user.
Preferably, the authority information generating unit includes:
a role acquiring unit, configured to acquire at least one role owned by the target user;
the authority determining unit is used for respectively determining at least one authority corresponding to each role in the at least one role, and the at least one authority comprises any one or more of menu authority, button authority and data authority;
and the authority information generating subunit is used for generating the user authority information of the target user according to all the determined authorities.
Preferably, the apparatus further comprises:
the judging unit is used for judging whether historical user authority information of the target user is stored in a cache;
the permission information determining unit is used for determining the historical user permission information as the user permission information of the target user if the historical user permission information of the target user is stored in the cache;
the permission information generating unit is specifically configured to: and if the historical user permission information of the target user is not stored in the cache, determining the user permission information of the target user according to the permission corresponding to each role owned by the target user.
A computer device, comprising: the system comprises a processor and a memory, wherein the processor and the memory are connected through a communication bus; the processor is used for calling and executing the program stored in the memory; the memory is used for storing programs, and the programs are used for realizing the authority checking method.
A computer-readable storage medium having stored thereon a computer program which, when loaded and executed by a processor, carries out the steps of the method of rights checking.
The application provides a permission verification method, a permission verification device, computer equipment and a storage medium, and the permission verification method is used for determining a target page requested to be opened by a page opening request sent by a client; determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user authority information comprises view authority information and data authority information, and data information which meets the data authority indicated by the data authority information in the target page is obtained; and returning the view permission information and the data information to the client so that the client dynamically renders a DOM tree by using the view permission information based on the VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user. According to the method and the device, not only are roles introduced into the back end to achieve flexible setting of the user permission, but also the VUE language is introduced into the client to achieve dynamic rendering of the page based on the client permission of the user, so that the permission design is more flexible, and the friendliness in system design and user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for checking a right according to an embodiment of the present application;
fig. 2 is a schematic diagram illustrating a principle of a user relationship according to an embodiment of the present application;
fig. 3 is a schematic diagram illustrating a principle of a relationship between a user right and a role provided in an embodiment of the present application;
fig. 4 is a flowchart of another method for checking rights according to an embodiment of the present application;
fig. 5 is a schematic diagram of a method for checking a right according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a permission checking apparatus according to an embodiment of the present application;
fig. 7 is a block diagram of a hardware structure of a computer device to which a method for checking a right provided in an embodiment of the present application is applied.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the development process of the background management system, the authority management is an important component in the system, and the main function is to control the authority of the background management system, so that the problems of data safety, such as operation errors, data leakage and the like, caused by the lack of the authority or improper operation are avoided. The authority is mainly embodied in the server as what data the user can access and what functions the user can operate, and is usually embodied in the client page as what menus and buttons the user can access. The conventional permission system is designed to directly bind users and permissions at a back end, endow different permissions for different users, write down a client menu and buttons, and submit the user to a server for permission verification after triggering operation. This is not very friendly, either in system design or in user experience. The permission verification method provided by the application realizes non-invasive embedding into the existing system by introducing the Vue.js dynamic rendering page DOM tree, helps to design a more elegant permission system, and improves user experience.
The method and the device are suitable for the internet web service, especially in the background management of each system, are used for protecting the system safety and privacy safety, and improve the user experience and the system robustness.
The role elements are added at the server, the user is directly bound with the role, the generation of junk data in repeated operation is avoided, the new user permission is issued in an incremental manner when the user permission or the role is found to change, and the speed of interfaces such as permission verification and the like is increased by utilizing a cache technology. The client uses VUE language to progressively build a user interface, dynamically generate a menu, customize an authority control instruction and the like, and achieves real-time updating of user authority data.
In order to facilitate understanding of a method for checking authority provided in the embodiments of the present application, technical terms related to the embodiments of the present application will be explained first.
Js is a set of progressive JavaScript frames used to build user interfaces, unlike other large frames, Vue is designed to be applied layer by layer from the bottom up. Vue, the core library only focuses on the viewing layer, not only is it easy to get on hand, but also it is easy to integrate with third party libraries or existing projects. On the other hand, Vue is also fully capable of providing drivers for complex single page applications when used in conjunction with modern tool chains and various supporting class libraries.
Spring Cache, annotation-based caching technology, is not a concrete caching implementation scheme essentially, but an abstraction used for caching, and can achieve the effect of returning objects of a caching method by adding a small amount of defined various annotations into existing codes. Spring caching also provides considerable flexibility. Not only can the key and various conditions of the cache be defined by using the SpEL (spring Expression language), but also a cache temporary storage scheme for out-of-box use is provided, and integration with mainstream professional caches such as EHCache is supported.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a flowchart of a method for checking a right according to an embodiment of the present application.
As shown in fig. 1, the method includes:
s101, receiving a page opening request sent by a client in response to the operation of a target user, and determining a target page requested to be opened by the page opening request;
for example, a client may be installed on a terminal of a user, and the client may send a page open request to the server in response to an operation of the user, where the page open request indicates a page that the user requests to open.
Accordingly, after receiving the page opening request, the server can determine the page requested to be opened by the user through the page opening request. For the sake of convenience of distinction, a user who sends a page open request is referred to as a target user, and a page requested to be opened by the target user through the page open request is referred to as a target page.
S102, determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
fig. 2 is a schematic diagram of a principle of a user relationship provided in an embodiment of the present application, and fig. 3 is a schematic diagram of a principle of a relationship between a user authority and a role provided in an embodiment of the present application. With reference to fig. 2-3, the database of the server can be configured with the following relationship table structure, user table, user role table, and role authority table. Illustratively, the relationship between users, roles, and permissions may be: a user may have one or more roles, each of which may correspond to one or more permissions. For example, the user a has two roles, namely role 1 and role 2, the role 1 corresponds to the addition permission and the deletion permission, and the role 2 corresponds to the verification permission.
According to the method and the device, the server receives the page opening request, not only can the target page requested to be opened by the target user through the page opening request be determined, but also at least one preset role owned by the target user can be obtained; determining at least one preset authority corresponding to each role in at least one role; and then taking the obtained union of all the authorities as the user authority information of the target user.
Illustratively, if a server side presets that a user A has two roles of a role 1 and a role 2, the role 1 corresponds to an addition permission and a deletion permission, and the role 2 corresponds to an audit permission; then, in the case that the user sending the page opening request is determined to be the user a, the user permission information of the determined user is composed of an addition permission, a deletion permission and an audit permission.
S103, acquiring data information which meets the data authority indicated by the data authority information in the target page;
illustratively, the user authority information of the target user indicates one or more authorities, and the authority indicated by the user authority information may relate to view authority, data authority and the like. Wherein, the view authority may be a menu authority, a button authority, etc.
According to the method and the device, a page opening request sent by a target user is received, a page requested to be opened by the page opening request is determined, and user authority information of the target user is determined, wherein the user authority information comprises data authority information and view authority information; acquiring data loaded into a target page according to the data authority information, wherein the acquired data is called data information for distinguishing, and the data information is data which can be viewed by the authority of a target user; and returning the acquired data information and the view permission information to the client.
And S104, returning the view permission information and the data information to the client, so that the client can dynamically render a DOM tree by using the view permission information based on the VUE language and load the data information, and a target page meeting the user permission information of the target user is generated and displayed.
Illustratively, the client receives the view permission information and the data information, dynamically renders a DOM tree by using the view permission information based on the VUE language and loads the data information, so as to generate and display a target page satisfying the user permission information of the target user.
Fig. 4 is a flowchart of another method for checking rights according to an embodiment of the present application.
As shown in fig. 4, the method includes:
s401, receiving a page opening request sent by a client in response to a target user operation, and determining a target page requested to be opened by the page opening request;
the execution process of step S401 provided in this embodiment is the same as the execution process of step S101 provided in the above embodiment, and for the specific execution process of step S401, reference is made to the detailed description of step S101 in the above embodiment, which is not described herein again.
S402, judging whether historical user authority information of a target user is stored in a cache; if the historical user authority information of the target user is stored in the cache, executing step S403; if the historical user authority information of the target user is not stored in the cache, executing step S404;
illustratively, a cache is arranged in the server, the initialized cache is empty, and after the server receives a page opening request sent by a target user, if historical user permission information of the target user is stored in the current cache, the historical user permission information of the target user stored in the current cache is directly determined as the user permission information of the target user; if the user right information of the target user is not stored in the current cache, the user right information of the target user can be determined according to the right corresponding to each role owned by the target user, and the determined user right information is stored in the cache.
It should be noted that, the server may further respond to a modification operation on the user right information of the target user stored in the database, re-determine the user right information of the target user, and update the historical user right information of the target user stored in the current cache to the re-determined user right information of the target user.
In the embodiment of the application, the modification operation comprises adding a role for the target user (the added role corresponds to at least one authority); deleting the role of the target user; and modifying any one or more of the authorities corresponding to the roles of the target users.
For example, a new role may be set for the target user and one or more permissions may be set for the newly set role.
For example, one or more roles of the target user may also be deleted, and for example, after the role is deleted, the authority corresponding to the role is also deleted.
Illustratively, the authority corresponding to the role of the target user can also be modified.
The above are only some preferred implementations of the modification operation provided in the embodiment of the present application, and regarding the specific implementation of the modification operation, a person skilled in the art may set the implementation according to his own needs, which is not limited herein.
S403, determining the historical user authority information as the user authority information of the target user;
s404, determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
s405, acquiring data information which meets the data authority indicated by the data authority information in the target page;
s406, returning the view permission information and the data information to the client so that the client can dynamically render a DOM tree by using the view permission information based on the VUE language and load the data information to generate and display a target page meeting the user permission information of the target user.
The execution process of steps S404 to S406 provided in this embodiment is the same as the execution process of steps S102 to S104 provided in the above embodiment, and for the specific execution process of steps S404 to S406, reference is made to the detailed description of steps S102 to S104 in the above embodiment, which is not repeated herein.
The application provides a permission verification method, which is used for determining a target page requested to be opened by a page opening request sent by a client; determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user authority information comprises view authority information and data authority information, and data information which meets the data authority indicated by the data authority information in the target page is obtained; and returning the view permission information and the data information to the client so that the client dynamically renders a DOM tree by using the view permission information based on the VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user. According to the method and the device, not only are roles introduced into the back end to achieve flexible setting of the user permission, but also the VUE language is introduced into the client to achieve dynamic rendering of the page based on the client permission of the user, so that the permission design is more flexible, and the friendliness in system design and user experience is improved.
In order to facilitate understanding of a method for checking the rights provided in the embodiments of the present application, further details are described with reference to a schematic diagram of the method for checking the rights shown in fig. 5.
The method comprises the following steps: establishing the following relation table structure, user table, user role table, role authority table, adding data such as menu, button and data authority corresponding to the client, and adding corresponding user role data.
Step two: introducing Springboot dependency at a server, and 1) defining a user authority cache manager which is responsible for realizing cache logic, supporting addition and modification of objects and deleting generalization of supporting value objects. 2) A user account class is defined, and the user account class has main id and name attributes and is provided with a getter method and a setter method. 3) An account query service class is defined that uses a cache manager to support account query caching.
Step three: defining an interceptor at a server, performing dynamic interception verification aiming at a request needing permission verification, and dynamically matching whether a user has the operation permission or not through the permission key value of the menu, the data and the button defined in the step one when the user requests the server.
And step four, defining a RESTful API style permission list series interface at the server, and invoking the cache manager in the step two to optimize the interface during interface design so as to improve the interface efficiency. Defining a cache failure state when using the cache manager, immediately clearing the user authority cache when the user authority changes, and setting the latest authority list into the cache.
Step five: js is introduced at a client, single page reference is created, an entry file and an entry method are defined, vueRouter and vuex are respectively introduced into the entry file, original HTML class id is bound, subsequently vue files the content of each file into js file through a constructor, and id is injected into the original page, so that dynamic rendering of the page DOM is realized.
Step six: defining a page routing file in a client, assembling a route and injecting the route into vue by calling a menu authority list issued by a server interface, and establishing an application browser cache by vuex to improve page rendering efficiency.
Step seven: the client uses a characteristic directives custom authority instruction v-privilege provided by vue, and uses the v-privilege on a button needing authority control: { key } to control whether a button is exposed, automatically displaying off DOM elements in a page when the set of user permissions does not contain the key
Step eight: and (3) defining each authority interface request by introducing an asios HTTP library into the client, carrying out access calling in a corresponding client page, and opening the interactive flow between the client and the server by injecting the v-privilege instruction defined in the step seven into each client page.
According to the permission verification method provided by the embodiment of the application, the instruction level permission controller v-priority can be customized, and page elements are dynamically rendered through a customized permission instruction; in addition, the client can acquire a newly added authority menu through the increment interface in real time and update the page view; and the client can dynamically render the DOM page tree after acquiring the user menu list through the interface, thereby realizing dynamic menu routing.
Fig. 6 is a schematic structural diagram of a permission verification apparatus according to an embodiment of the present application.
As shown in fig. 6, the apparatus includes:
a request receiving unit 601, configured to receive a page opening request sent by a client in response to a target user operation, and determine a target page requested to be opened by the page opening request;
an authority information generating unit 602, configured to determine user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
a data information obtaining unit 603 configured to obtain data information that satisfies the data right indicated by the data right information in the target page;
and an information returning unit 604, configured to return the view permission information and the data information to the client, so that the client dynamically renders a DOM tree and loads the data information by using the view permission information based on the VUE language, so as to generate and display a target page that satisfies the user permission information of the target user.
In this embodiment of the application, preferably, the authority information generating unit includes:
a role acquiring unit for acquiring at least one role owned by a target user;
the permission determining unit is used for respectively determining at least one permission corresponding to each role in at least one role, and the at least one permission comprises any one or more of menu permission, button permission and data permission;
and the authority information generating subunit is used for generating the user authority information of the target user according to all the determined authorities.
Further, an authority verification device provided in an embodiment of the present application further includes:
the judging unit is used for judging whether historical user authority information of the target user is stored in the cache;
the permission information determining unit is used for determining the historical user permission information as the user permission information of the target user if the historical user permission information of the target user is stored in the cache;
the permission information generating unit is specifically configured to: and if the historical user permission information of the target user is not stored in the cache, determining the user permission information of the target user according to the permission corresponding to each role owned by the target user.
Further, an authority verification device provided in an embodiment of the present application further includes:
the modification unit is used for responding to modification operation of the user permission information of the target user and re-determining the user permission information of the target user;
and the updating unit is used for updating the historical user authority information stored in the cache into the newly determined user authority information of the target user.
In the embodiment of the present application, preferably, the modifying operation includes: adding a role for a target user, wherein the added role corresponds to at least one authority; deleting the role of the target user; and modifying any one or more of the authorities corresponding to the roles of the target users.
As shown in fig. 7, a block diagram of an implementation manner of a computer device provided in an embodiment of the present application is shown, where the computer device includes:
a memory 701 for storing a program;
a processor 702 configured to execute a program, the program specifically configured to:
receiving a page opening request sent by a client in response to the operation of a target user, and determining a target page requested to be opened by the page opening request;
determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
acquiring data information which meets the data authority indicated by the data authority information in the target page;
and returning the view permission information and the data information to the client so that the client dynamically renders a DOM tree by using the view permission information based on the VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user.
The processor 702 may be a central processing unit CPU or an Application Specific Integrated Circuit (ASIC).
The control device may further comprise a communication interface 703 and a communication bus 704, wherein the memory 701, the processor 702 and the communication interface 703 are in communication with each other via the communication bus 704.
The embodiment of the present application further provides a readable storage medium, where a computer program is stored, and the computer program is loaded and executed by a processor to implement each step of the above-mentioned method for checking an authority, where a specific implementation process may refer to descriptions of corresponding parts in the above-mentioned embodiment, and details are not repeated in this embodiment.
The application provides a permission verification method, a permission verification device, computer equipment and a storage medium, and the permission verification method is used for determining a target page requested to be opened by a page opening request sent by a client; determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user authority information comprises view authority information and data authority information, and data information which meets the data authority indicated by the data authority information in the target page is obtained; and returning the view permission information and the data information to the client so that the client dynamically renders a DOM tree by using the view permission information based on the VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user. According to the method and the device, not only are roles introduced into the back end to achieve flexible setting of the user permission, but also the VUE language is introduced into the client to achieve dynamic rendering of the page based on the client permission of the user, so that the permission design is more flexible, and the friendliness in system design and user experience is improved.
The above detailed description is provided for a method, an apparatus, a computer device and a storage medium for right verification provided by the present invention, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include or include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for rights checking, comprising:
receiving a page opening request sent by a client in response to the operation of a target user, and determining a target page requested to be opened by the page opening request;
determining user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
acquiring data information which meets the data authority indicated by the data authority information in the target page;
and returning the view permission information and the data information to the client, so that the client dynamically renders a DOM tree by using the view permission information based on a VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user.
2. The method according to claim 1, wherein the determining the user permission information of the target user according to the permission corresponding to each role owned by the target user comprises:
acquiring at least one role owned by the target user;
respectively determining at least one authority corresponding to each role in the at least one role, wherein the at least one authority comprises any one or more of menu authority, button authority and data authority;
and generating the user authority information of the target user according to all the determined authorities.
3. The method of claim 1, further comprising:
judging whether historical user authority information of the target user is stored in a cache;
if the historical user authority information of the target user is stored in the cache, determining the historical user authority information as the user authority information of the target user;
the determining the user authority information of the target user according to the authority corresponding to each role owned by the target user comprises the following steps: and if the historical user permission information of the target user is not stored in the cache, determining the user permission information of the target user according to the permission corresponding to each role owned by the target user.
4. The method of claim 1, further comprising:
responding to modification operation of the user authority information of the target user, and re-determining the user authority information of the target user;
and updating the historical user authority information stored in the cache into the re-determined user authority information of the target user.
5. The method of claim 4, wherein the modifying operation comprises: adding a role for the target user, wherein the added role corresponds to at least one authority; deleting the role of the target user; and modifying any one or more of the authorities corresponding to the roles of the target users.
6. An authority verifying apparatus, comprising:
the request receiving unit is used for receiving a page opening request sent by a client end in response to the operation of a target user and determining a target page requested to be opened by the page opening request;
the authority information generating unit is used for determining the user authority information of the target user according to the authority corresponding to each role owned by the target user; the user permission information comprises view permission information and data permission information, and the view permission information indicates any one or more of menu permission and button permission;
the data information acquisition unit is used for acquiring data information which meets the data authority indicated by the data authority information in the target page;
and the information returning unit is used for returning the view permission information and the data information to the client, so that the client dynamically renders a DOM tree by using the view permission information based on a VUE language and loads the data information to generate and display a target page meeting the user permission information of the target user.
7. The apparatus of claim 6, wherein the permission information generating unit comprises:
a role acquiring unit, configured to acquire at least one role owned by the target user;
the authority determining unit is used for respectively determining at least one authority corresponding to each role in the at least one role, and the at least one authority comprises any one or more of menu authority, button authority and data authority;
and the authority information generating subunit is used for generating the user authority information of the target user according to all the determined authorities.
8. The apparatus of claim 6, further comprising:
the judging unit is used for judging whether historical user authority information of the target user is stored in a cache;
the permission information determining unit is used for determining the historical user permission information as the user permission information of the target user if the historical user permission information of the target user is stored in the cache;
the permission information generating unit is specifically configured to: and if the historical user permission information of the target user is not stored in the cache, determining the user permission information of the target user according to the permission corresponding to each role owned by the target user.
9. A computer device, comprising: the system comprises a processor and a memory, wherein the processor and the memory are connected through a communication bus; the processor is used for calling and executing the program stored in the memory; the memory for storing a program for implementing the rights checking method as claimed in any one of claims 1-5.
10. A computer-readable storage medium, having stored thereon, a computer program which, when loaded and executed by a processor, carries out the steps of the method of rights checking according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110551453.3A CN113158217A (en) | 2021-05-20 | 2021-05-20 | Authority verification method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110551453.3A CN113158217A (en) | 2021-05-20 | 2021-05-20 | Authority verification method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113158217A true CN113158217A (en) | 2021-07-23 |
Family
ID=76876752
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110551453.3A Pending CN113158217A (en) | 2021-05-20 | 2021-05-20 | Authority verification method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113158217A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906187A (en) * | 2023-02-22 | 2023-04-04 | 山东经伟晟睿数据技术有限公司 | User authority control method and system combining function authority and interface authority |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227785A (en) * | 2016-07-15 | 2016-12-14 | 杭州数梦工场科技有限公司 | The display packing of a kind of page object and device |
| CN108600177A (en) * | 2018-03-27 | 2018-09-28 | 北京明朝万达科技股份有限公司 | A kind of authority control method and device |
| CN110263031A (en) * | 2019-05-07 | 2019-09-20 | 深圳壹账通智能科技有限公司 | Trading platform data processing method, device, computer equipment and storage medium |
| CN111988337A (en) * | 2020-09-02 | 2020-11-24 | 深圳壹账通智能科技有限公司 | Authority management method and system |
-
2021
- 2021-05-20 CN CN202110551453.3A patent/CN113158217A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106227785A (en) * | 2016-07-15 | 2016-12-14 | 杭州数梦工场科技有限公司 | The display packing of a kind of page object and device |
| CN108600177A (en) * | 2018-03-27 | 2018-09-28 | 北京明朝万达科技股份有限公司 | A kind of authority control method and device |
| CN110263031A (en) * | 2019-05-07 | 2019-09-20 | 深圳壹账通智能科技有限公司 | Trading platform data processing method, device, computer equipment and storage medium |
| CN111988337A (en) * | 2020-09-02 | 2020-11-24 | 深圳壹账通智能科技有限公司 | Authority management method and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115906187A (en) * | 2023-02-22 | 2023-04-04 | 山东经伟晟睿数据技术有限公司 | User authority control method and system combining function authority and interface authority |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7281047B2 (en) | System and method for automatic provision of an application | |
| US7234107B1 (en) | System for customizing web page | |
| US7603657B2 (en) | Customization of client-server interaction in an internet application | |
| US7263663B2 (en) | Customization of user interface presentation in an internet application user interface | |
| US9747117B2 (en) | System and methods for loading an application and its modules in a client device | |
| US20220124142A1 (en) | Interfacing with remote content management systems | |
| US11553035B2 (en) | Cross-platform module for loading across a plurality of device types | |
| US20110202629A1 (en) | System and method for providing a web-based operating system | |
| US8244798B2 (en) | Techniques for sharing content between portals | |
| US20100131585A1 (en) | Displaying information in a client/server system | |
| CA2800723A1 (en) | Methods for utilizing a javascript emulator in a web content proxy server and devices thereof | |
| CN104603777A (en) | External action suggestions in search results | |
| US8250226B2 (en) | Generating one or more clients for generating one or more synthetic transactions with one or more web service operations | |
| US11663288B2 (en) | Just-in-time front end template generation using logical document object models | |
| CN112328938B (en) | Web application permission control method and device | |
| CN111177613A (en) | Page processing method, device, equipment and storage medium | |
| CN113590123A (en) | WPF interface switching method and device, computer equipment and storage medium | |
| CN113158217A (en) | Authority verification method and device, computer equipment and storage medium | |
| CN104182229A (en) | Callback display method and device and callback method and device | |
| CN101876998A (en) | Method and system for editing data | |
| US20120310912A1 (en) | Crawl freshness in disaster data center | |
| CN112925589A (en) | Calling method and device of expansion interface | |
| JP7129578B1 (en) | Apparatus, method and program for supporting software source code generation | |
| JP5074434B2 (en) | Distributed processing system, distributed processing method, development support apparatus and development support method for distributed processing system | |
| JP2001154899A (en) | Device for managing file and medium for recording program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210723 |