CN114567504A - Dynamic permission cross management method and system based on web architecture - Google Patents
Dynamic permission cross management method and system based on web architecture Download PDFInfo
- Publication number
- CN114567504A CN114567504A CN202210215846.1A CN202210215846A CN114567504A CN 114567504 A CN114567504 A CN 114567504A CN 202210215846 A CN202210215846 A CN 202210215846A CN 114567504 A CN114567504 A CN 114567504A
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- service
- page
- role
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a dynamic permission cross management method based on a web framework, which comprises the following steps: step S1, the system configures role authority; step S2, the system configures service information, including first-level service and second-level service information, and the service information is stored in the back-end server; step S3, the system administrator manages the user; step S4, the system administrator manages the service authority of the user; step S5, the user logs in the system to obtain the bound service authority information; step S6, the front end of the system shows menu and page, which is determined by user role and the first-level service authority selected by user; step S7, once the user switches the first-level service authority, the system front end will send a request to the system back end; step S8, after the user enters the service page, the front end of the system sends a request to acquire data, and the back end of the system checks the authority; the invention can realize that the user roles and the user service authorities are not independent from each other any more, but are crossed to carry out authority management.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a dynamic permission cross management method and a dynamic permission cross management system based on a web framework.
Background
In the prior art, a system distributes management module authority according to user roles, a front end displays menus and pages which can be accessed by the roles, and a rear end verifies the interface authority of the roles. In addition, the system can also carry out dynamic service authority management, the system distributes primary and secondary service authorities to users, the users can switch the bound primary service authority, the front end dynamically displays a secondary service authority module menu and a page, and the rear end carries out service authority verification of the users.
Although the authority management is not performed only according to the role, the service is added on the basis of the role, and the authority management is performed together, so that the expansibility is better compared with most schemes for performing the authority management based on the role. However, careful analysis can find that the role authority and the service authority management processes in the scheme are mutually independent, the system manages the management module according to the user role, and manages the service authority module according to the user service authority. When a user selects a certain primary service authority when switching service authorities, the corresponding secondary service can be accessed, and if the corresponding secondary service is more and all users do not want to have the secondary service authorities, the prior art cannot do so.
Disclosure of Invention
In order to overcome the above problems, the present invention provides a method for performing rights management in a manner that user roles and user service rights are not independent from each other, but are crossed with each other.
The invention is realized by adopting the following scheme: a dynamic rights intersection management method based on a web architecture, the method comprising the steps of:
step S1, the system configures role authority, including role interface authority and page authority, the page authority is realized by front end configuration route, the interface authority is configured in the database by the back end;
step S2, the system configures service information, including first-level service and second-level service information, and the service information is stored in the back-end server;
step S3, the system administrator manages the user and stores the user information in the back-end server;
step S4, the system administrator manages the user service authority and stores the user service authority information in the back-end server;
step S5, the user logs in the system to obtain the bound service authority information and access the service content and the service data;
step S6, the front end of the system displays the menu and the page, which are determined by the user role and the first-level service authority selected by the user, and the menu and the page form the process;
step S7, once the user switches the primary service authority, the front end of the system will send a request to the back end of the system to obtain the secondary service authority bound by the user under the primary service authority;
and step S8, after the user enters the service page, the front end of the system sends a request to acquire data, the back end of the system performs permission verification, and after the permission verification is passed, response data is returned, so that the user role and the user service permission are not independent any more, but are crossed to perform permission management.
Further, the step S3 is further specifically: the system administrator can manage the users, including adding, modifying and deleting user information, the role information must be bound when the user is added, and the user information is stored in the back-end server.
Further, the step S4 is further specifically: the system administrator can manage the service authority of the user, including adding, modifying and deleting the user service authority, when adding the service authority, the service must open the primary service and the secondary service authority to the user at the same time, and the user service authority information is stored in the back-end server.
Further, the step S5 is further specifically: a user logs in the system to obtain the bound service authority information, and if the user does not have the bound service authority, the user is prompted to bind the service authority; when a user is bound with a plurality of primary service authorities, primary service switching can be carried out, different secondary service contents are accessed, a first primary service authority is selected by default, and the process of dynamically accessing service data by the user comprises the following steps: step S51, the user selects or defaults the primary service authority to access the lower page of the menu; step S52, whether the dynamic service authority module menu is accessed is judged, if yes, the back-end server carries out authority verification according to the primary service authority, the secondary service authority and the role, the back-end server returns data according to the requested service, the display page of the front end of the system is different according to different primary service authorities, and the obtained data is different; if not, the user accesses a page under a system management module menu, the back-end server checks the authority according to the user role and returns data, and the page displayed by different levels of service authority is the same as the returned data of the back-end server; and step S53, when the back-end server checks the authority according to the primary service authority, the secondary service authority and the role, the user switches the primary service authority, and the step S51 is returned.
Further, the step S6 specifically includes the following steps: step S61, system management module menu and page, the user role decides whether to display, if the user role has the page display authority of the system management module, the user role is displayed, otherwise, the user role is not displayed; step S62, system service authority module menu and page, the user role and the user selected primary service authority jointly determine, the user switches the primary service authority, the front end displays the corresponding secondary service authority menu, whether the sub-page under the secondary service authority menu is displayed or not is determined by the user role, the user role having the authority of the sub-page is displayed, otherwise, the sub-page is not displayed.
Further, the step S8 specifically includes the following steps: step S81, the user accesses the system management module page, the back-end server checks the authority according to the user role, searches the interface authority of the role in the database, judges whether the interface of the current request is matched, if yes, the check is passed, if not, the check is not passed; step S82, the user accesses the secondary service module page, the back-end server checks according to the service authority and role authority of the user, firstly, the interface authority is matched in the user service authority related table record of the database, whether the current requested interface is matched is judged, if yes, the check is passed, and if not, the check is not passed.
Further, after the step S8, the method further includes that after the back-end server checks, response data is returned according to the first-level service authority and the second-level service authority selected by the user, when the user accesses the authority page that the role does not have, the user jumps to the error page, and the error page can be selected to return to the home page; when the user accesses the menu page which is not matched with the primary service authority, the user jumps to a selection page, the selection page prompts the switching of the primary service authority option, and the user can select to return to the previous page or the home page.
The invention also provides a dynamic authority cross management system based on the web framework, which comprises a role configuration authority module, a service configuration module, a user management module, an authority management module, an acquisition module, a display module, a switching module and a return module; the system configuration role authority module is used for configuring role authorities, including interface authorities and page authorities of roles, wherein the page authorities are realized by a front-end configuration route, and the interface authorities are configured in a database by a rear end; the configuration service module, namely system configuration service information, comprises primary service and secondary service information, and the service information is stored in a back-end server; the user management module, namely a system administrator, manages users and stores user information in the back-end server; the authority management module, namely a system administrator, manages the service authority of the user and stores the service authority information of the user in the back-end server; the acquisition module is used for logging in a system by a user, acquiring the bound service authority information and accessing service content and service data; the display module, namely a front-end display menu and a page of the system, is determined by the role of a user and the primary service authority selected by the user together, and the menu and the page form a process; the switching module is used for sending a request to the system back end by the system front end once the user switches the primary service authority to acquire the secondary service authority bound by the user under the primary service authority; the return module sends a request to acquire data after the user enters the service page, the system back end checks the authority, and returns response data after the authority check is passed, so that the user role and the user service authority are not independent any more, but are crossed to perform authority management.
Further, the user management module is further specifically: the system administrator can manage the users, including adding, modifying and deleting user information, the role information must be bound when the user is added, and the user information is stored in the back-end server.
Further, the right management module further specifically includes: the system administrator can manage the service authority of the user, including adding, modifying and deleting the user service authority, when adding the service authority, the service must open the primary service and the secondary service authority to the user at the same time, and the user service authority information is stored in the back-end server.
Further, the obtaining module is further specifically: a user logs in the system to obtain the bound service authority information, and if the user does not have the bound service authority, the user is prompted to bind the service authority; when a user is bound with a plurality of primary service authorities, primary service switching can be carried out, different secondary service contents are accessed, a first primary service authority is selected by default, and a process selection unit and a judgment unit for the user to dynamically access service data are selected by the user, wherein the selection unit is used for selecting or defaulting the primary service authority by the user and accessing a page under a menu; the judging unit judges whether to access the dynamic service authority module menu, if so, the back-end server performs authority verification according to the primary service authority, the secondary service authority and the role, and the back-end server returns data according to the requested service, wherein the display pages of the front end of the system are different according to different primary service authorities, and the obtained data are different; if not, the user accesses a page under a system management module menu, the back-end server checks the authority according to the user role and returns data, and the page displayed by different levels of service authority is the same as the returned data of the back-end server; and step S53, when the back-end server checks the authority according to the primary service authority, the secondary service authority and the role, the user switches the primary service authority, and then returns to the selected unit.
Further, the display module specifically comprises a page display unit and a sub-page display unit, wherein the page display unit, namely a system management module menu and a page, is determined by a user role to be displayed, the user role is displayed if the user role has the page display authority of the system management module, and the user role is not displayed if the user role does not have the page display authority of the system management module; the sub-page display unit, namely a system service authority module menu and a sub-page, is determined by a user role and a first-level service authority selected by a user, the user switches the first-level service authority, a corresponding second-level service authority menu is displayed at the front end, whether the sub-page under the second-level service authority menu is displayed or not is determined by the user role, the user role is displayed if the user role has the authority of the sub-page, and otherwise, the sub-page is not displayed.
Further, the return module specifically comprises a role checking unit and a service checking unit, wherein the role checking unit is used for enabling a user to access a system management module page, the back-end server carries out permission checking according to the user role, searches the interface permission of the role in the database and judges whether the interface permission of the current request is matched, if yes, the checking is passed, and if not, the checking is not passed; the service checking unit is used for enabling a user to access the secondary service module page, the back-end server checks according to the service authority and the role authority of the user, firstly, the interface authority is matched in the user service authority related table record of the database, whether the current requested interface is matched is judged, if yes, the checking is passed, and if not, the checking is not passed.
Further, the returning module also comprises a back-end server, after the check of the back-end server is passed, returning response data according to the first-level service authority and the second-level service authority selected by the user, skipping to an error page when the user accesses a page without authority of the role, and selecting the error page to return to the home page; when a user accesses a menu page which is not matched with the primary service authority, the user jumps to a selection page, the selection page prompts the switching of the primary service authority option, and the user can select to return to the previous page or the home page.
The invention has the beneficial effects that: compared with most of current schemes for managing the authority based on roles, the scheme is more flexible and has stronger expansibility, a system module is divided into a management module and a service module, the management module adopts a static authority management scheme based on the roles, and the service module adopts a dynamic authority management scheme based on the services and the roles; the dynamic authority of the service module is realized based on user binding service and role cross management, and the authority management is not realized only according to the user binding service, so that the cross management mode has stronger practicability and can realize authority management with finer granularity; the dynamic cross authority management mode is novel in mode, simple in page operation, complex in back-end authority verification process, free of unauthorized access problem and greatly improved in system safety.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a schematic block diagram of the system of the present invention.
Fig. 3 is a schematic diagram illustrating a process of acquiring data by user switching rights.
Fig. 4 is a schematic diagram of a system front-end dynamic menu loading process.
Fig. 5 is a schematic diagram of a process of performing permission verification by the backend server.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, the dynamic rights intersection management method based on web architecture of the present invention includes the following steps:
step S1, the system configures role authority, including role interface authority and page authority, the page authority is realized by front end configuration route, the interface authority is configured in the database by the back end;
step S2, the system configures service information including first-level service and second-level service information, and the service information is stored in the back-end server;
step S3, the system administrator manages the user and stores the user information in the back-end server;
step S4, the system administrator manages the user service authority and stores the user service authority information in the back-end server;
step S5, the user logs in the system to obtain the bound service authority information and access the service content and the service data;
step S6, the front end of the system displays the menu and the page, which are determined by the user role and the first-level service authority selected by the user, and the menu and the page form the process;
step S7, once the user switches the primary service authority, the system front end will send a request to the system back end to obtain the secondary service authority bound by the user under the primary service authority;
and step S8, after the user enters the service page, the front end of the system sends a request to acquire data, the back end of the system carries out authority verification, and response data are returned after the authority verification is passed, so that the user role and the user service authority are not independent from each other any more, but are crossed to carry out authority management.
The invention is further illustrated by the following specific examples:
the system module is divided into a management module and a service module, wherein the authority of the management module is determined by the role of a user, and the authority of the service module is determined by the intersection of the role of the user and the service authority of the user. The management module adopts a static authority management method based on user roles, the user roles are determined, the management module menu and the page which can be accessed by the user at the front end are also determined, the interface authority of the user is also determined, the back end is verified based on the interface authority, the user passes the verification if having the interface authority, or else the verification does not pass. The management module menu and the management module page which can be seen at the front end of the user with the same role are the same, and the owned management module interface authority is the same.
The service module adopts a dynamic cross management method based on user roles and service permissions, the system firstly needs to provide primary and secondary service permissions for users, and then the users can obtain the secondary service permissions bound under different primary service permissions by switching the primary service permissions, thereby realizing dynamic permission switching. The user selects a certain primary service authority, the back end returns secondary service authorities bound by the user under the primary service authority, and the secondary service authorities are screened through the user role, so that the secondary service authority which the user finally owns can be formed.
The dynamic rights cross management scheme provided by the invention comprises the following steps:
a1, configuring role authority by the system, including interface authority and page authority of the role, wherein the page authority is realized by front-end configuration route, and the interface authority is configured in the database by the back-end;
a2, configuring service information by the system, including primary service and secondary service information, wherein the service information is stored in the back-end server;
a3, the system super manager can manage the user, including adding, modifying and deleting the user information, when adding the user, the role information must be bound, the user information is stored in the back-end server;
a4, system super manager can manage user service authority, including adding, modifying and deleting user service authority, when adding new service authority, service opens primary service and secondary service authority to user, user service authority information is stored in back end server;
a5, the user logs in the system to obtain the bound service authority information, if the user does not have the bound service authority, the user is prompted to bind the service authority; when a user is bound with a plurality of primary service rights, primary service switching can be performed, different secondary service contents are accessed, a first primary service right is selected by default, and the process of dynamically accessing service data by the user is shown in fig. 3;
a6, the menu and page finally displayed by the system front end, which are determined by the user role and the first-level service authority selected by the user, the menu and page forming process is shown in fig. 4;
a6-1, system management module menu and page, the user role determines whether to display, if the user role has the page authority of the management module, the user role is displayed, otherwise, the user role is not displayed;
a6-2, system service authority module menu and page, which are determined by user role and user selected first grade service authority. The user switches the first-level service authority, the front end displays a corresponding second-level service authority menu, whether a sub-page under the second-level service authority menu is displayed or not is determined by the user role, and the user role is displayed if having the authority of the sub-page, otherwise, the user role is not displayed;
a7, once the user switches the primary service authority, the front end will send a request to the back end to obtain the secondary service authority bound by the user under the primary service authority;
a8, the user enters a specific service page, the front end sends a request to acquire data, the back end firstly performs permission verification, after the permission verification is passed, response data is returned, and the process of the back end permission verification is shown in fig. 5;
a8-1, the user accesses the system management module page, the back end checks the authority according to the user role, searches the interface authority of the role in the database, if the current requested interface is matched, the check is passed; if the interface is not matched with the current request, the check is not passed.
a8-2, the user accesses the secondary service module page, the back end checks according to the service authority and role authority of the user, firstly, the interface authority is matched in the user service authority related table record of the database, and the next checking is carried out when the interface authority is matched to the interface requested currently; if the interface is not matched with the current request, the check is not passed. If the user service authority passes the verification, the next role authority verification is carried out, the verification process is similar to a8-1, the back-end verification can be passed only if the service authority and the role authority pass the verification, and the verification in any step fails and cannot pass the verification.
a9, after the back end passes the check, returning the response data according to the first-level service authority and the second-level service authority selected by the user. The first-level service authority selected by the user is different, and the returned data is also different.
a10, when the user accesses the authority page which the role does not have, jumping to the 404 page, and at 404 page, the user can choose to return to the home page;
a11, when the user accesses the menu page not matched with the primary service authority, the page will jump to the page 401, the page 401 prompts the option of switching the primary service authority, and can choose to return to the previous page or the home page.
In order to facilitate a better understanding of the invention, the invention is further explained below by means of specific application scenarios:
application scenarios: the method comprises the following steps that a super administrator opens system permission for users A and B and binds a role plan and a main process respectively, then dynamic service permission is opened for the plan A and the main process B, the users A and B log in the system, and service data are accessed, and the specific flow is as follows:
1. the system management module comprises a management 1, a management 2 and a management 3, the primary service module comprises project1 and project2, the secondary service module comprises site1 and site2, the secondary service module site1 comprises two sub-modules of unit1 and unit2, and the site2 comprises a unit3 sub-module.
2. The system roles include hypervisor, master and plan.
3. The administrator has all system management module rights, the main program has management 1 and management 2 management module rights, and the administrator is planned to have the rights of management module management 3.
4. The supervisor opens project1 and site1, project1 and site2, and project2 and site1 to plan A, and project2 and site1 to main process B.
5. The system appoints that on the premise of possessing the authority of the secondary service site1, the authority of the sub-module unit1 is planned, the main program possesses all the authority of the sub-module, and the secondary service site2 has no limit.
6. Planning A login system, obtaining bound primary service authority and secondary service authority, wherein the primary service authority selects a first project1 by default. Plan A can then see the menu and page related to the management module of the manage3 system, and the menu related to site1 and site2, the unit1 module can be seen under the site1 menu, and the unit3 module can be seen under the site2 menu.
7. Planning A switches primary service authority to project2, so that the visible system management module menu and page are not changed, and the service authority module can see site1 menu and its unit1 sub-module.
8. When the plan A selects the primary service authority project1 and project2, the unit1 sub-modules are respectively accessed, and the obtained data are different.
9. During switching, if the first-level service authority and the second-level service authority are not matched, the user jumps to a 401 page to prompt the user to switch the first-level service authority, and can also select to return to the previous page or the home page.
10. And the main process B logs in the system to obtain the bound primary and secondary service permissions, and the project2 is selected by default for the primary service permission. Main thread B can then see the menus and pages associated with the management 1 and management 2 management modules, as well as the site1 menu and all its subordinate modules.
11. When Main thread B overrides access to other system modules, such as management 3, the page jumps to the 404 interface where the page may choose to return to the home page at 404.
12. When the user accesses the system management module page, the back end searches the interface authority of the role in the database, if the current request interface is matched, the verification is passed, otherwise, the verification is not passed.
13. When a user accesses a dynamic service module page, the back end firstly matches service authority in a database user binding service correlation table, if the authority is matched to a record, the authority passes verification, and then the next verification is carried out; if no record is matched, the authority check is not passed. And if the former step passes the verification, then the role authority verification is carried out, the verification process is similar to the step 10, if the role verification passes, the current request authority verification passes, otherwise, the verification does not pass.
Referring to fig. 2, the present invention further provides a dynamic privilege cross-management system based on a web architecture, which includes a role privilege configuration module, a service configuration module, a user management module, a privilege management module, an acquisition module, a display module, a switch module, and a return module; the system configuration role authority module is used for configuring role authorities, including interface authorities and page authorities of roles, wherein the page authorities are realized by a front-end configuration route, and the interface authorities are configured in a database by a rear end; the configuration service module, namely system configuration service information, comprises primary service and secondary service information, and the service information is stored in a back-end server; the user management module, namely a system administrator, manages users and stores user information in the back-end server; the authority management module, namely a system administrator, manages the service authority of the user and stores the service authority information of the user in the back-end server; the acquisition module is used for logging in the system by a user, acquiring the bound service authority information and accessing service content and service data; the display module, namely a menu and a page displayed at the front end of the system, is determined by the role of a user and the primary service authority selected by the user together, and the menu and the page form a process; the switching module is used for sending a request to the system back end by the system front end once the user switches the primary service authority to acquire the secondary service authority bound by the user under the primary service authority; the return module sends a request to acquire data after a user enters a service page, the back end of the system checks the authority, and returns response data after the authority check is passed, so that the user role and the user service authority are not independent from each other any more, but are crossed to manage the authority.
The user management module is further specifically: the system administrator can manage the users, including adding, modifying and deleting user information, the role information must be bound when the user is added, and the user information is stored in the back-end server.
The right management module is further specifically: the system administrator can manage the service authority of the user, including adding, modifying and deleting the user service authority, when adding the service authority, the service must open the primary service and the secondary service authority to the user at the same time, and the user service authority information is stored in the back-end server.
The obtaining module is further specifically: a user logs in the system to obtain the bound service authority information, and if the user does not have the bound service authority, the user is prompted to bind the service authority; when a user is bound with a plurality of primary service authorities, primary service switching can be carried out, different secondary service contents are accessed, a first primary service authority is selected by default, and a process selection unit and a judgment unit for the user to dynamically access service data are used; the judging unit judges whether to access the dynamic service authority module menu, if so, the back-end server performs authority verification according to the primary service authority, the secondary service authority and the role, and the back-end server returns data according to the requested service, wherein the display pages of the front end of the system are different according to different primary service authorities, and the obtained data are different; if not, the user accesses a page under a system management module menu, the back-end server checks the authority according to the user role and returns data, and the page displayed by different levels of service authority is the same as the returned data of the back-end server; and step S53, when the back-end server checks the authority according to the primary service authority, the secondary service authority and the role, the user switches the primary service authority, and then returns to the selected unit.
The display module specifically comprises a page display unit and a sub-page display unit, wherein the page display unit, namely a system management module menu and a page, is determined by a user role to display, and the user role is displayed if having the page display authority of the system management module, or is not displayed; the sub-page display unit, namely a system service authority module menu and a sub-page, is determined by a user role and a first-level service authority selected by a user, the user switches the first-level service authority, a corresponding second-level service authority menu is displayed at the front end, whether the sub-page under the second-level service authority menu is displayed or not is determined by the user role, the user role is displayed if the user role has the authority of the sub-page, and otherwise, the sub-page is not displayed.
The return module specifically comprises a role checking unit and a service checking unit, wherein the role checking unit is used for enabling a user to access a system management module page, the back-end server carries out permission checking according to the user role, searches the interface permission of the role in a database and judges whether the interface permission of the role is matched with the currently requested interface, if so, the checking is passed, and if not, the checking is not passed; the service checking unit is used for enabling a user to access the secondary service module page, the back-end server checks according to the service authority and the role authority of the user, firstly, the interface authority is matched in the user service authority related table record of the database, whether the current requested interface is matched is judged, if yes, the checking is passed, and if not, the checking is not passed.
After the check of the back-end server is passed, returning response data according to the first-level service authority and the second-level service authority selected by the user, jumping to an error page when the user accesses a page without authority of the role, and selecting to return to a home page when the error page is accessed; when a user accesses a menu page which is not matched with the primary service authority, the user jumps to a selection page, the selection page prompts the switching of the primary service authority option, and the user can select to return to the previous page or the home page.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (14)
1. A dynamic cross-rights management method based on web architecture is characterized by comprising the following steps:
step S1, the system configures role authority, including role interface authority and page authority, the page authority is realized by front end configuration route, the interface authority is configured in the database by the back end;
step S2, the system configures service information, including first-level service and second-level service information, and the service information is stored in the back-end server;
step S3, the system administrator manages the user and stores the user information in the back-end server;
step S4, the system administrator manages the user service authority and stores the user service authority information in the back-end server;
step S5, the user logs in the system to obtain the bound service authority information and access the service content and the service data;
step S6, the front end of the system displays the menu and the page, which are determined by the user role and the first-level service authority selected by the user, and the menu and the page form the process;
step S7, once the user switches the primary service authority, the front end of the system will send a request to the back end of the system to obtain the secondary service authority bound by the user under the primary service authority;
and step S8, after the user enters the service page, the front end of the system sends a request to acquire data, the back end of the system performs permission verification, and after the permission verification is passed, response data is returned, so that the user role and the user service permission are not independent any more, but are crossed to perform permission management.
2. The dynamic rights intersection management method based on the web architecture as claimed in claim 1, wherein: the step S3 further includes: the system administrator can manage the users, including adding, modifying and deleting user information, the role information must be bound when the user is added, and the user information is stored in the back-end server.
3. The dynamic rights intersection management method based on the web architecture as claimed in claim 1, wherein: the step S4 further includes: the system administrator can manage the service authority of the user, including adding, modifying and deleting the user service authority, when adding the service authority, the service must open the primary service and the secondary service authority to the user at the same time, and the user service authority information is stored in the back-end server.
4. The dynamic rights intersection management method based on the web architecture as claimed in claim 1, wherein: the step S5 further includes: the user logs in the system to obtain the bound service authority information, and if the user does not have the bound service authority, the user is prompted to bind the service authority; when a user is bound with a plurality of primary service authorities, primary service switching can be carried out, different secondary service contents are accessed, a first primary service authority is selected by default, and the process of dynamically accessing service data by the user comprises the following steps: step S51, the user selects or defaults the primary service authority and accesses the page under the menu; step S52, whether the dynamic service authority module menu is accessed is judged, if yes, the back-end server carries out authority verification according to the primary service authority, the secondary service authority and the role, the back-end server returns data according to the requested service, the display page of the front end of the system is different according to different primary service authorities, and the obtained data is different; if not, the user accesses a page under a system management module menu, the back-end server checks the authority according to the user role and returns data, and the page displayed by different levels of service authority is the same as the returned data of the back-end server; and step S53, when the back-end server checks the authority according to the primary service authority, the secondary service authority and the role, the user switches the primary service authority, and the step S51 is returned.
5. The dynamic rights intersection management method based on the web architecture as claimed in claim 1, wherein: the step S6 specifically includes the following steps: step S61, system management module menu and page, the user role decides whether to display, if the user role has the page display authority of the system management module, the user role is displayed, otherwise, the user role is not displayed; step S62, the system service authority module menu and page are determined by the user role and the first grade service authority selected by the user, the user switches the first grade service authority, the front end displays the corresponding second grade service authority menu, whether the sub-page under the second grade service authority menu is displayed or not is determined by the user role, the user role displays the authority of the sub-page, otherwise, the sub-page is not displayed.
6. The dynamic rights intersection management method based on the web architecture as claimed in claim 1, wherein: the step S8 specifically includes the following steps: step S81, the user accesses the system management module page, the back-end server checks the authority according to the user role, searches the interface authority of the role in the database, judges whether the interface of the current request is matched, if yes, the check is passed, if not, the check is not passed; step S82, the user accesses the secondary service module page, the back-end server checks according to the service authority and role authority of the user, firstly, the interface authority is matched in the user service authority related table record of the database, whether the current requested interface is matched is judged, if yes, the check is passed, and if not, the check is not passed.
7. The dynamic rights intersection management method based on the web architecture as claimed in claim 1, wherein: after the step S8, returning response data according to the first-level service authority and the second-level service authority selected by the user after the back-end server passes the verification, and skipping to an error page when the user accesses a page with authority that the role does not have, wherein the error page can be selected to return to the home page; when a user accesses a menu page which is not matched with the primary service authority, the user jumps to a selection page, the selection page prompts the switching of the primary service authority option, and the user can select to return to the previous page or the home page.
8. A dynamic permission cross management system based on web architecture is characterized in that: the system comprises a role configuration authority module, a configuration service module, a user management module, an authority management module, an acquisition module, a display module, a switching module and a return module; the system configuration role authority module is used for configuring role authorities, including interface authorities and page authorities of roles, wherein the page authorities are realized by a front-end configuration route, and the interface authorities are configured in a database by a rear end; the configuration service module, namely system configuration service information, comprises primary service and secondary service information, and the service information is stored in a back-end server; the user management module, namely a system administrator, manages users and stores user information in the back-end server; the authority management module, namely a system administrator, manages the service authority of the user and stores the service authority information of the user in the back-end server; the acquisition module is used for logging in a system by a user, acquiring the bound service authority information and accessing service content and service data; the display module, namely a front-end display menu and a page of the system, is determined by the role of a user and the primary service authority selected by the user together, and the menu and the page form a process; the switching module is used for sending a request to the system back end by the system front end once the user switches the primary service authority to acquire the secondary service authority bound by the user under the primary service authority; the return module sends a request to acquire data after a user enters a service page, the back end of the system checks the authority, and returns response data after the authority check is passed, so that the user role and the user service authority are not independent from each other any more, but are crossed to manage the authority.
9. The dynamic rights intersection management system based on web architecture of claim 8, wherein: the user management module is further specifically: the system administrator can manage the users, including adding, modifying and deleting user information, the role information must be bound when the user is added, and the user information is stored in the back-end server.
10. The dynamic rights intersection management system based on web architecture of claim 8, wherein: the authority management module is further specifically: the system administrator can manage the service authority of the user, including adding, modifying and deleting the user service authority, when adding the service authority, the service must open the primary service and the secondary service authority to the user at the same time, and the user service authority information is stored in the back-end server.
11. The dynamic rights intersection management system based on web architecture of claim 8, wherein: the obtaining module is further specifically: the user logs in the system to obtain the bound service authority information, and if the user does not have the bound service authority, the user is prompted to bind the service authority; when a user is bound with a plurality of primary service authorities, primary service switching can be carried out, different secondary service contents are accessed, a first primary service authority is selected by default, and a process selection unit and a judgment unit for the user to dynamically access service data are selected by the user, wherein the selection unit is used for selecting or defaulting the primary service authority by the user and accessing a page under a menu; the judging unit judges whether to access the dynamic service authority module menu, if so, the back-end server performs authority verification according to the primary service authority, the secondary service authority and the role, the back-end server returns data according to the requested service, the front-end display pages of the system are different according to different primary service authorities, and the obtained data are different; if not, the user accesses a page under a system management module menu, the back-end server checks the authority according to the user role and returns data, and the page displayed by different levels of service authority is the same as the returned data of the back-end server; and step S53, when the back-end server checks the authority according to the primary service authority, the secondary service authority and the role, the user switches the primary service authority, and then returns to the selected unit.
12. The dynamic rights intersection management system based on web architecture of claim 8, wherein: the display module specifically comprises a page display unit and a sub-page display unit, wherein the page display unit, namely a system management module menu and a page, is determined by a user role to display, and the user role is displayed if having the page display authority of the system management module, or is not displayed; the sub-page display unit, namely a system service authority module menu and a sub-page, is determined by a user role and a first-level service authority selected by a user, the user switches the first-level service authority, a corresponding second-level service authority menu is displayed at the front end, whether the sub-page under the second-level service authority menu is displayed or not is determined by the user role, the user role is displayed if the user role has the authority of the sub-page, and otherwise, the sub-page is not displayed.
13. The dynamic rights intersection management system based on web architecture of claim 8, wherein: the return module specifically comprises a role checking unit and a service checking unit, wherein the role checking unit is used for enabling a user to access a system management module page, the back-end server carries out permission checking according to the user role, searches the interface permission of the role in the database and judges whether the interface permission of the role is matched with the interface requested currently, if yes, the checking is passed, and if not, the checking is not passed; the service checking unit is used for enabling a user to access the secondary service module page, the back-end server checks according to the service authority and the role authority of the user, firstly, the interface authority is matched in the user service authority related table record of the database, whether the current requested interface is matched is judged, if yes, the checking is passed, and if not, the checking is not passed.
14. The dynamic rights intersection management system based on web architecture of claim 8, wherein: after the check of the back-end server is passed, returning response data according to the first-level service authority and the second-level service authority selected by the user, jumping to an error page when the user accesses a page without authority of the role, and selecting to return to a home page when the error page is accessed; when a user accesses a menu page which is not matched with the primary service authority, the user jumps to a selection page, the selection page prompts the switching of the primary service authority option, and the user can select to return to the previous page or the home page.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210215846.1A CN114567504B (en) | 2022-03-07 | 2022-03-07 | Dynamic authority cross management method and system based on web architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210215846.1A CN114567504B (en) | 2022-03-07 | 2022-03-07 | Dynamic authority cross management method and system based on web architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114567504A true CN114567504A (en) | 2022-05-31 |
| CN114567504B CN114567504B (en) | 2023-08-25 |
Family
ID=81718236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210215846.1A Active CN114567504B (en) | 2022-03-07 | 2022-03-07 | Dynamic authority cross management method and system based on web architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114567504B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
| CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
| CN108416230A (en) * | 2018-03-23 | 2018-08-17 | 重庆市科学技术研究院 | A kind of data access method based on data isolation model |
| CN112182622A (en) * | 2020-10-12 | 2021-01-05 | 上海赛可出行科技服务有限公司 | Authority management system design method based on resource control |
| CN112596711A (en) * | 2020-12-24 | 2021-04-02 | 福建升腾资讯有限公司 | Personalized authority management setting method and system based on Web system |
| US20210126918A1 (en) * | 2019-01-15 | 2021-04-29 | Autel Intelligent Technology Corp., Ltd. | Online diagnostic platform, and permission management method and permission management system thereof |
| CN113221138A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | Authority management system |
| CN113268759A (en) * | 2021-06-24 | 2021-08-17 | 福建天晴在线互动科技有限公司 | Token authority authentication method and system based on web architecture |
| CN113468577A (en) * | 2021-07-23 | 2021-10-01 | 福建天晴在线互动科技有限公司 | Authority management method and system based on web architecture |
| CN113709143A (en) * | 2021-08-26 | 2021-11-26 | 四川启睿克科技有限公司 | Accurate authority access control system and method for Web integrated system |
-
2022
- 2022-03-07 CN CN202210215846.1A patent/CN114567504B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102053969A (en) * | 2009-10-28 | 2011-05-11 | 上海宝信软件股份有限公司 | Web ERP (enterprise resource planning) user right management system |
| CN105262780A (en) * | 2015-11-27 | 2016-01-20 | 国网信息通信产业集团有限公司 | Authority control method and system |
| CN108416230A (en) * | 2018-03-23 | 2018-08-17 | 重庆市科学技术研究院 | A kind of data access method based on data isolation model |
| US20210126918A1 (en) * | 2019-01-15 | 2021-04-29 | Autel Intelligent Technology Corp., Ltd. | Online diagnostic platform, and permission management method and permission management system thereof |
| CN112182622A (en) * | 2020-10-12 | 2021-01-05 | 上海赛可出行科技服务有限公司 | Authority management system design method based on resource control |
| CN112596711A (en) * | 2020-12-24 | 2021-04-02 | 福建升腾资讯有限公司 | Personalized authority management setting method and system based on Web system |
| CN113221138A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | Authority management system |
| CN113268759A (en) * | 2021-06-24 | 2021-08-17 | 福建天晴在线互动科技有限公司 | Token authority authentication method and system based on web architecture |
| CN113468577A (en) * | 2021-07-23 | 2021-10-01 | 福建天晴在线互动科技有限公司 | Authority management method and system based on web architecture |
| CN113709143A (en) * | 2021-08-26 | 2021-11-26 | 四川启睿克科技有限公司 | Accurate authority access control system and method for Web integrated system |
Non-Patent Citations (2)
| Title |
|---|
| RITENDRA PATEL: "A mechanism for operation level role based access control in web serveces" * |
| 叶小岭;吴敏;: "高校业务管理系统中权限模型的研究与实现", no. 02 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114567504B (en) | 2023-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113468577B (en) | Authority management method and system based on web architecture | |
| US8365254B2 (en) | Unified authorization for heterogeneous applications | |
| CN108243183A (en) | Integrated control method, system and the computer equipment of gate system | |
| EP2706700A1 (en) | Computer account management system and implementation method thereof | |
| US9647993B2 (en) | Multi-repository key storage and selection | |
| CN105871914B (en) | CRM system access control method | |
| CN111680310B (en) | Authority control method and device, electronic equipment and storage medium | |
| CN112149109B (en) | Modularized authority control management method and system | |
| CN105160269A (en) | Method and apparatus for accessing data in Docker container | |
| CN105491008A (en) | Public account two-dimension code generation method and device and public account following method and device | |
| CN111475803B (en) | Background authority management system and management method | |
| CN105450581A (en) | Authority control method and device | |
| US20140173693A1 (en) | Cookie Optimization | |
| US20070198522A1 (en) | Virtual roles | |
| CN108416199A (en) | A kind of user authority control method of application, device and server | |
| CN115618408A (en) | Function authority control method and system | |
| CN110881039B (en) | Cloud security management system | |
| CN112100590A (en) | Tourism big data cloud platform and user authority management method thereof | |
| CN106776066A (en) | Multi-system function processing method and device | |
| CN114567504A (en) | Dynamic permission cross management method and system based on web architecture | |
| CN106778355A (en) | Isolated access method and device for data | |
| CN112887130B (en) | Micro service management method and device | |
| CN116132250A (en) | Operation and maintenance system, operation and maintenance method, storage medium and electronic equipment | |
| CN114461610A (en) | Data authority control method and device, electronic equipment and storage medium | |
| Kimm et al. | Multilevel Security Embedded Information Retrieval and Tracking on Cloud Environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |