CN115114646B

CN115114646B - File authority processing method and device and storage medium

Info

Publication number: CN115114646B
Application number: CN202211023685.2A
Authority: CN
Inventors: 张延昌
Original assignee: Beijing Frontier Principal Technology Co ltd
Current assignee: Beijing Frontier Principal Technology Co ltd
Priority date: 2022-08-25
Filing date: 2022-08-25
Publication date: 2023-01-03
Anticipated expiration: 2042-08-25
Also published as: CN115114646A

Abstract

The method comprises the steps of determining the incidence relation between a window and a file corresponding to the window when a file opening instruction triggered by a user is detected, determining a target file based on the incidence relation of the switched window when a switching instruction triggered by the user and related to at least two windows is detected, acquiring the authority information and the user information of the target file, determining the to-be-executed authority of the user on the target file based on the user information and the authority information, and outputting the target file according to the to-be-executed authority. The method and the device have the effect of accurately identifying the authority of each file when a plurality of files of the same type are opened simultaneously.

Description

File authority processing method and device and storage medium

Technical Field

The present application relates to the field of file permissions, and in particular, to a method, an apparatus, and a storage medium for processing file permissions.

Background

The enterprise is composed of people with different positions, and when a notification needs to be issued, the notification is usually transmitted to each person in a file form, but the access authority of the file is different due to the fact that the position corresponding to each person is different. Therefore, after the enterprise manager completes the file making, the enterprise manager can set the file to be the authority corresponding to the positions according to different positions, namely, one file can respond to different authorities for different personnel.

However, since the same type of files share one thread, if a plurality of the same type of files are opened and have different permissions, when a user switches from a currently displayed file to another file, the permission of the switched file cannot be identified, for example, the permission of the user to the file a is read only, and the permission to the file B is read and written, but the user opens two files at the same time, and the user switches from the file a to the file B, the read permission and the write permission of the file B cannot be accurately identified. Therefore, when a plurality of files of the same type exist at the same time, it becomes a problem how to accurately identify the authority of each file.

Disclosure of Invention

In order to achieve the effect of accurately identifying the authority of each file when a plurality of files of the same type are opened at the same time, the application provides a method and a device for processing the authority of the file and a storage medium.

In a first aspect, the present application provides a method for processing file permissions, which adopts the following technical solutions:

a method of file permission processing, comprising:

when a file opening instruction triggered by a user is detected, determining the association relationship between a window and a file corresponding to the window;

when a switching instruction which is triggered by a user and is related to at least two windows is detected, determining a target file based on the incidence relation of the switched windows;

acquiring authority information and user information of the target file;

determining the to-be-executed authority of the user on the target file based on the user information and the authority information;

and outputting the target file according to the to-be-executed authority.

By adopting the technical scheme, when the electronic equipment detects a file opening instruction triggered by a user, the incidence relation between the windows and the files corresponding to the windows is determined, so that the one-to-one correspondence between each window and the file corresponding to the window is ensured, when a switching instruction triggered by the user and related to at least two windows is detected, the target file can be determined based on the incidence relation of the switched windows, as the displayed authority of each file is different for different users, the authority information and the user information of the target file need to be acquired, the to-be-executed authority of the user for the target file is determined based on the user information and the authority information, the target file is output according to the to-be-executed authority, and when the user opens a plurality of files of the same type at the same time and the plurality of files of the same type have different authorities, the electronic equipment can accurately identify the authority of each file.

In another possible implementation manner, determining an association relationship between a window and a file corresponding to the window includes:

generating a file handle corresponding to the file and a window handle corresponding to the window;

identifying a window title of the window according to the window handle;

matching the window with file titles under the file paths without the incidence relation established based on the window titles to determine files corresponding to the window;

and determining an association relation based on the window handle and the file handle corresponding to the window.

By adopting the technical scheme, the file handle corresponding to the file and the window handle corresponding to the window are generated, the window title of the window is obtained by identifying the window handle, the obtained window title is matched with the file title under the file path without the incidence relation, the file corresponding to the window is determined, and the incidence relation is determined according to the window handle and the file handle corresponding to the window. Therefore, each window has a binding relationship with the file corresponding to the window, the electronic equipment can be ensured to accurately identify the file under the window, and the file corresponding to the switched window can be accurately determined when the electronic equipment is switched between the windows.

In another possible implementation manner, the method further includes:

judging the file type of the target file, wherein the file type comprises an unencrypted file and an encrypted file;

if the target file belongs to an unencrypted file, transmitting the target file from a storage medium to a native file system, and executing corresponding operation according to the authority of the target file;

if the target file belongs to the encrypted file, decrypting the target file;

and outputting the decrypted target file.

By adopting the technical scheme, the file types comprise the unencrypted file and the encrypted file, and different operations are executed on the target file by determining the file type of the target file. And when the target file belongs to the unencrypted file, transmitting the target file from the storage medium to the native file system, and directly executing corresponding operation according to the authority of the target file. When the target file belongs to the encrypted file, the target file needs to be decrypted first, and the decrypted target file is output, so that the user can normally check the file no matter the type of the file received by the user is the unencrypted file or the encrypted file.

In another possible implementation manner, the decrypting the target file includes:

transferring the file from a storage medium to a native file system;

transmitting the file from a native file system to an encrypted file system;

judging whether the user has access authority or not based on the user information;

and if the user has the access authority, decrypting the file in the encrypted file system and allocating the decrypted file to an upper application.

By adopting the technical scheme, the target file is transmitted to the encrypted file system, and whether the user has the access authority to the file or not is judged according to the user information. And if the user has the access authority, decrypting the file through the encrypted file system to obtain the decrypted file. And allocating the decrypted file to an upper layer application, thereby realizing the output of the encrypted file. The file is decrypted by using the encrypted file system, namely the decryption can be completed on a driving layer, and compared with a program for calling the decryption in a cross-process mode, resources are saved.

In another possible implementation manner, the method further includes:

acquiring the operation time of the user operation target file, and generating traceability information based on the operation time and user information;

if the target file is a file in a picture format, compressing the tracing information to obtain the compressed tracing information;

determining a preset number of target positions from preset positions of the target file;

and writing the compressed tracing information into the target position to obtain a new target file.

By adopting the technical scheme, when the target file is operated by the user, the electronic equipment acquires the operation time for the user to operate the target file, and generates the traceability information according to the operation time and the user information. And determining a preset amount of target data from the preset position of the target file so that the tracing information cannot be deleted easily and the reliability of the tracing information is increased. And writing the compressed tracing information into a target position to obtain a new target file. Therefore, when the target file is spread, the spreading process can be checked according to the tracing information.

In another possible implementation manner, the user information includes a user ID, and the compressing the tracing information includes:

carrying out encryption calculation on the user ID to obtain a characteristic value of the user ID;

compressing the characteristic value to a preset length byte to obtain an ID compressed value;

if the operation time is within a preset time period, determining the difference value between the operation time and the starting time of the preset time period;

and converting the difference value to obtain a time compression value.

By adopting the technical scheme, the characteristic value of the user ID is obtained by carrying out encryption calculation on the user ID, the characteristic value of the user ID is compressed to the preset length byte to obtain the ID compressed value, when the operation time of the user is within the preset time, the difference value between the operation time and the start time of the preset time period is determined, and the obtained difference value is converted into the time compressed value. By compressing two kinds of information in the tracing information, smaller tracing information is obtained, so that the tracing information can be written into a file with a smaller picture format.

In another possible implementation manner, the method further includes:

when detecting that the ID compression values of at least two users are the same, judging whether the time compression values corresponding to the ID compression values of the at least two users are the same;

if the time compression values corresponding to the ID compression values of the at least two users are the same, any one of the tracing information corresponding to the ID compression values of the at least two users is reserved.

By adopting the technical scheme, because the user IDs in the tracing information are compressed, the condition that the user IDs are the same may occur, that is, when the electronic device detects that the ID compression values of at least two users are the same, whether the time compression values corresponding to the ID compression values of the at least two users are the same or not needs to be judged, when the time compression values corresponding to the ID compression values of the at least two users are the same, the tracing information is the information of the same person, and only any one of the tracing information corresponding to the ID compression values of the at least two users needs to be reserved. Therefore, more tracing information can be stored in the target file, and the propagation process to the target file can be recorded in more detail.

In a second aspect, the present application provides a device for processing file permissions, which adopts the following technical solutions:

an apparatus for file authority processing, comprising:

the first determining module is used for determining the association relationship between a window and a file corresponding to the window when a file opening instruction triggered by a user is detected;

the second determining module is used for determining the target file based on the incidence relation of the switched windows when a switching instruction which is triggered by a user and is related to at least two windows is detected;

the acquisition module is used for acquiring the authority information and the user information of the target file;

a third determining module, configured to determine, based on the user information and the permission information, a permission to be executed by the user on the target file;

and the first output module is used for outputting the target file according to the to-be-executed authority.

By adopting the technical scheme, when the electronic equipment detects a file opening instruction triggered by a user, the first determining module determines the incidence relation between the window and the file corresponding to the window, so that the one-to-one correspondence between each window and the file corresponding to the window is ensured, when a switching instruction triggered by the user and related to at least two windows is detected, the second determining module can determine the target file based on the incidence relation of the switched window, because the displayed permission of each file is different for different users, the permission information and the user information of the target file are acquired by the acquisition module, the to-be-executed permission of the user for the target file is determined by the third determining module based on the user information and the permission information, and the target file is output by the first output module according to the to-be-executed permission, so that when the user opens a plurality of files of the same type at the same time and the plurality of files have different permissions, the electronic equipment can accurately identify the permission of each file.

In another possible implementation manner, when determining the association relationship between a window and a file corresponding to the window, the first determining module is specifically configured to:

identifying a window title of the window according to the window handle;

In another possible implementation manner, the apparatus further includes:

the first judgment module is used for judging the file type of the target file, wherein the file type comprises an unencrypted file and an encrypted file;

the transmission module is used for transmitting the file from the storage medium to the native file system and allocating the file from the native file system to an upper-layer application when the target file belongs to the unencrypted file;

the decryption module is used for decrypting the target file when the target file belongs to the encrypted file;

and the second output module is used for outputting the decrypted target file.

In another possible implementation manner, when decrypting the target file, the decryption module is specifically configured to:

transferring the file from a storage medium to a native file system;

transmitting the file from a native file system to an encrypted file system;

and if the user has the access authority, decrypting the file in the encrypted file system and allocating the decrypted file to an upper-layer application.

In another possible implementation manner, the apparatus further includes:

the generating module is used for acquiring the operation time of the user operation target file and generating traceability information based on the operation time and the user information;

the compression module is used for compressing the traceability information to obtain compressed traceability information when the target file is a file in a picture format;

the fourth determining module is used for determining a preset number of target positions from the preset positions of the target file;

and the writing module is used for writing the compressed tracing information into the target position to obtain a new target file.

In another possible implementation manner, when the compression module compresses the tracing information, the compression module specifically includes:

and converting the difference value to obtain a time compression value.

In another possible implementation manner, the apparatus further includes:

the second judgment module is used for judging whether the time compression values corresponding to the ID compression values of the at least two users are the same or not when the ID compression values of the at least two users are the same;

and the information retaining module is used for retaining any one of the tracing information corresponding to the ID compression values of the at least two users when the time compression values corresponding to the ID compression values of the at least two users are the same.

In a third aspect, the present application provides an electronic device, which adopts the following technical solutions:

an electronic device, comprising:

one or more processors;

a memory;

one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more application programs configured to: a method of performing file rights processing according to any one of the possible implementations of the first aspect.

In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:

a computer-readable storage medium, which, when executed in a computer, causes the computer to perform a method of file right processing according to any one of the first aspect.

In a fifth aspect, the present application provides a method for determining tracing information, which adopts the following technical scheme:

a method of traceability information determination, comprising:

if the target file is a file in a picture format, compressing the traceability information to obtain compressed traceability information;

By adopting the technical scheme, when the target file is operated by the user, the operation time for the user to operate the target file is obtained, the traceability information is generated according to the operation time and the user information, and when the target file operated by the user is a file in a picture format, the traceability information is more beneficial to being hidden in the picture as the size of the picture is limited and the traceability information in the picture is smaller, so that the traceability information is compressed, and the compressed traceability information is obtained. And determining a preset amount of target data from the preset position of the target file, so that the tracing information cannot be deleted easily, and the reliability of the tracing information is increased. And writing the compressed tracing information into a target position to obtain a new target file. Therefore, when the target file is spread, the spreading process can be checked according to the traceability information.

and converting the difference value to obtain a time compression value.

By adopting the technical scheme, the user ID is encrypted to obtain the characteristic value of the user ID, the obtained characteristic value of the user ID is compressed to the preset length byte to obtain the ID compressed value, when the operation time of the user is within the preset time, the difference value between the operation time and the start time of the preset time period is determined, and the obtained difference value is converted into the time compressed value. By compressing two kinds of information in the tracing information, smaller tracing information is obtained, so that the tracing information can be written into a file with a smaller picture format.

In another possible implementation manner, the method further includes:

By adopting the technical scheme, the user IDs in the tracing information are compressed, so that the condition that the user IDs are the same can occur, namely when the electronic device detects that the ID compression values of at least two users are the same, whether the time compression values corresponding to the ID compression values of the at least two users are the same or not needs to be judged, when the time compression values corresponding to the ID compression values of the at least two users are the same, the tracing information is the information of the same person, and only any one of the tracing information corresponding to the ID compression values of the at least two users needs to be reserved. Therefore, more tracing information can be stored in the target file, and the propagation process to the target file can be recorded in more detail.

In a sixth aspect, the present application provides a device for determining tracing information, which adopts the following technical scheme:

an apparatus for traceability information determination, comprising:

By adopting the technical scheme, when the target file is operated by the user, the operation time for the user to operate the target file is obtained, the generating module generates the traceability information according to the operation time and the user information, and when the target file operated by the user is a file in a picture format, the traceability information is more beneficial to being hidden in the picture as the size of the picture is limited and the traceability information in the picture is smaller, so that the compression module compresses the traceability information to obtain the compressed traceability information. The fourth determining module determines a preset amount of target data from a preset position of the target file, so that the tracing information cannot be deleted easily, and the reliability of the tracing information is improved. And the writing module writes the compressed tracing information into a target position to obtain a new target file. Therefore, when the target file is spread, the spreading process can be checked according to the tracing information.

and converting the difference value to obtain a time compression value.

In another possible implementation manner, the apparatus further includes:

In a seventh aspect, the present application provides an electronic device, which adopts the following technical solutions:

an electronic device, comprising:

one or more processors;

a memory;

one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more application programs configured to: a method of tracing source information determination according to any one of the possible implementations of the fifth aspect is performed.

In an eighth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:

a computer readable storage medium, which when executed in a computer causes the computer to perform a method of traceability information determination of any of the fifth aspect.

In summary, the present application includes at least one of the following beneficial technical effects:

1. when the electronic equipment detects a file opening instruction triggered by a user, determining the incidence relation between windows and files corresponding to the windows, so that the one-to-one correspondence between each window and the file corresponding to the window is ensured, when a switching instruction triggered by the user and related to at least two windows is detected, a target file can be determined based on the incidence relation of the switched windows, as the displayed authority of each file is different for different users, the authority information and the user information of the target file need to be acquired, the to-be-executed authority of the user on the target file is determined based on the user information and the authority information, and the target file is output according to the to-be-executed authority, so that when the user opens a plurality of files of the same type at the same time and the plurality of files of the same type have different authorities, the electronic equipment can accurately identify the authority of each file.

2. When a user operates a target file, the operation time of the user for operating the target file is obtained, and the traceability information is generated according to the operation time and the user information. And determining a preset amount of target data from the preset position of the target file so that the tracing information cannot be deleted easily and the reliability of the tracing information is increased. And writing the compressed tracing information into a target position to obtain a new target file. Therefore, when the target file is spread, the spreading process can be checked according to the traceability information.

Drawings

Fig. 1 is a schematic flowchart of a method for processing file permissions in an embodiment of the present application.

Fig. 2 is a flowchart illustrating a method for determining traceability information in an embodiment of the present application.

Fig. 3 is a schematic structural diagram of a device for processing file permissions in an embodiment of the present application.

Fig. 4 is a schematic structural diagram of a device for determining traceability information in an embodiment of the present application.

Fig. 5 is a schematic structural diagram of an electronic device in an embodiment of the present application.

Detailed Description

The present application is described in further detail below with reference to the attached drawings.

A person skilled in the art, after reading the present specification, may make modifications to the present embodiments as necessary without inventive contribution, but only within the scope of the claims of the present application are protected by patent laws.

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.

In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship, unless otherwise specified.

The embodiments of the present application will be described in further detail with reference to the drawings attached hereto.

The embodiment of the application provides a file authority processing method, which is executed by electronic equipment, wherein the electronic equipment can be a server or terminal equipment, the server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and a cloud server for providing cloud computing service. The terminal device may be a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like, but is not limited thereto, the terminal device and the server may be directly or indirectly connected through a wired or wireless communication manner, and an embodiment of the present application is not limited thereto, as shown in fig. 1, the method includes: step S101, step S102, step S103, step S104, and step S105, wherein,

step S101, when a file opening instruction triggered by a user is detected, the association relationship between a window and a file corresponding to the window is determined.

For the embodiment of the present application, the manner of triggering the file opening instruction by the user may be triggering through an input device such as a mouse and a keyboard, or triggering through a voice input, or triggering in other triggering manners, which is not limited herein. Assuming that when the user a opens the file a, the electronic device determines the relationship between the window a and the file a, so that the window is bound with the file corresponding to the window, and the user performs related operations through the window, so that the electronic device can modify and control the corresponding file according to the operations.

Step S102, when a switching instruction which is triggered by a user and is related to at least two windows is detected, determining a target file based on the incidence relation of the switched windows.

For the embodiment of the application, when a user switches between at least two windows, a switching instruction is triggered, and because the electronic device establishes the association relationship between the windows and the window files when the user opens the files, the target file corresponding to the current window, namely the file to be operated by the user, can be determined according to the association relationship of the switched windows.

Taking step S101 as an example, the user a opens the file a and the file B, and when the user switches from the currently operating window a to the currently operating window B, the electronic device recognizes that the user a will operate the file B according to the established association relationship. For example, operations such as opening a file, reading a file, writing a file, closing a file, creating a window, switching a window, and destroying a window are performed through related functions of the API family. And after the user triggers the corresponding operation, the electronic equipment controls the file or the window according to the API family function corresponding to the operation.

Step S103, acquiring the authority information and the user information of the target file.

For the embodiment of the application, because the enterprise has employees with different levels, when editing the file, the administrator sets different permissions for the file according to the levels of the employees, that is, each file corresponds to different kinds of permissions, and therefore the permission of the file and the information of the user need to be acquired. So as to subsequently determine the user's rights to the target file. The authority information corresponding to the target file may be stored in the target file or in the cloud server, and the user information may be stored in an account corresponding to the user.

Taking step S101 as an example, when the electronic device detects that the user a switches from the file a to the file B, the electronic device acquires the authority information of the file B and the user information of the user a. Suppose that user a's information is a level a employee. The file A has two authorities, the A-level staff can only read the file A, and the B-level staff can read and write the file A. The file B also has two authorities, the A-level staff can perform reading and writing operations on the file B, the B-level staff can only perform reading operations on the file B, namely the authority information acquired by the electronic equipment is the reading and writing operations of the A-level staff on the file B, the B-level staff can only perform reading operations on the file B, and the acquired user information is the A-level staff.

And step S104, determining the to-be-executed authority of the user on the target file based on the user information and the authority information.

For the embodiment of the present application, taking step S103 as an example, the permission information of the target file and the information of the user a are combined to determine that the permission to be executed of the user a on the file B is read and written.

And step S105, outputting the target file according to the to-be-executed authority.

For the embodiment of the present application, taking step S104 as an example, when the user a operates the file B, only the read and write operations can be performed, so that the electronic device outputs the file B only having the read and write operations to the user a. The electronic device can display the file B for reading and writing operation by controlling a display device such as a display screen, so that the user a can read and write the file B.

By determining the authority of the user to each file, the corresponding file can be output according to the switched window after the window is switched, so that when at least two files are opened simultaneously and the user is switched from one file to another file, the authority of the user in the current file is accurately identified, and the file is output according to the authority of the user in the current file, so that the user can perform corresponding operation on each file.

In a possible implementation manner of the embodiment of the present application, the determining the association relationship between the window and the file corresponding to the window in step S101 specifically includes step S1011 (not shown in the figure), step S1012 (not shown in the figure), step S1013 (not shown in the figure), and step S1014 (not shown in the figure), wherein,

in step S1011, a file handle corresponding to the file and a window handle corresponding to the window are generated.

For the embodiment of the application, the handle is an identifier corresponding to an operation object such as a file, a window and the like, and the electronic device can complete the control of the file only by controlling the handle subsequently. The electronic equipment generates a file handle corresponding to a file when the file is opened, and creates a window and generates a window handle when the file is opened. Taking step S101 as an example, when the electronic device opens the file a through the CreatFile function in the API family, the electronic device returns a file handle a corresponding to the file a, and when the electronic device creates the window a through CreatWindowEx, the electronic device generates a window handle a corresponding to the window a.

In step S1012, the window title of the window is identified based on the window handle.

For the embodiment of the present application, taking step S1011 as an example, the window title, for example, window title ABC, in the relevant attribute information of the window corresponding to the window handle is determined according to the window handle a.

In the embodiment of the application, a window area image can be obtained by performing screen capture processing on an image area corresponding to a window, and a window title can be obtained by performing character recognition on an area displaying the window title in the window area image.

Step S1013, based on the window title, matching the window with the file title under the file path without the association relationship, and determining the file corresponding to the window.

For the embodiment of the application, each window corresponds to one file, a corresponding file title is arranged under a file path corresponding to each window, and the obtained window title is matched with the file title under the path, so that the specific file corresponding to the window is determined. Assuming that the file title under the file path of the window A is ABC, the file path is C:/1/2/ABC, taking the step S1012 as an example, the window title of the window A is ABC, matching the window title ABC with the file title ABC, and determining that the file under the file path of the window A is C:/1/2 is ABC.

Step 1014, determining the association relation based on the window handle and the file handle corresponding to the window.

For the embodiment of the present application, taking step S1011 and step S1013 as examples, the electronic device determines the window title ABC and the file ABC corresponding to the window a, and the electronic device determines the association relationship between the window handle a and the file handle a according to the window handle a and the file handle a.

A possible implementation manner of the embodiment of the present application further includes step S106 (not shown in the figure), step S107 (not shown in the figure), step S108 (not shown in the figure), and step S109 (not shown in the figure), wherein step S106 may be executed simultaneously with step S101, or may be executed after step S101, wherein,

step S106, judging the file type of the target file.

The file types include unencrypted files and encrypted files.

For the embodiment of the application, when a user operates a file, the electronic device can judge the file type of the target file, and according to the difference of the file type of the target file, the electronic device performs different operations. The file type of the target file can be judged through the electronic tag of the target file, and if the electronic tag of the target file contains the encrypted related information, the target file is an encrypted file. Assuming that the file operated by the user A is the file A, the electronic device judges the file type of the file A and determines the file type of the file A so as to facilitate different operations on the file in the following process.

Step S107, if the target file belongs to the unencrypted file, transmitting the file from the storage medium to the native file system, and deploying the file from the native file system to the upper layer application.

For the embodiment of the application, if the electronic tag of the target file does not have the relevant encrypted information, it indicates that the target file is not encrypted. When the electronic equipment detects that the file type of the target file is an unencrypted file, the electronic equipment only needs to control the target file to output the authority corresponding to the user. Taking the step S106 as an example, assuming that the file a belongs to an unencrypted file and the user a has only read permission for the file a, the electronic device directly controls the file a to display the read permission for the user a. After the electronic device transmits the target file to the native file system, the target file is allocated to an upper layer application such as a Word application program through an I/O manager, an API (application program interface) and the like in the electronic device to be output.

And step S108, if the target file belongs to the encrypted file, decrypting the target file.

For the embodiment of the present application, it is assumed that the file a belongs to an encrypted file, and it is described that the content of the file a cannot be directly viewed by the user a, and the electronic device is required to decrypt the file a, so that the user can view the content in the encrypted file. In the embodiment of the present application, the access request for the file may also be forwarded to the encrypted file system for processing.

Step S109, the decrypted target file is output.

For the embodiment of the application, the electronic device can display the decrypted target file through the display devices such as the display screen and the touch screen. Further, assuming that the target file is a Word document, the electronic device may display the target file through a Word application.

In a possible implementation manner of the embodiment of the present application, the decrypting the target file in step S108 specifically includes step S1081 (not shown in the figure), step S1082 (not shown in the figure), step S1083 (not shown in the figure), and step S1084 (not shown in the figure), wherein,

step S1081, transferring the file from the storage medium to the native file system.

For the embodiment of the application, the native file system is directly connected with the storage medium, so that the encrypted file or the unencrypted file needs to be transmitted from the storage medium to the native file system, and the native file system manages the file.

Step S1082, transferring the file from the native file system to the encrypted file system.

For the embodiment of the application, the target file is the encrypted file, so that the encrypted file is transmitted to the encrypted file system, and data is bidirectionally transmitted between the encrypted file system and the native file system. Decrypting in the encrypted file system saves more resources on the electronic device than creating a new decryption process.

Step S1083, judging whether the user has access authority or not based on the user information.

For the embodiment of the application, the user information comprises information whether the user has the access right to the target file, the information such as the access right of the target file is stored in the electronic tag of the target file, and the electronic equipment judges whether the information describing the access right in the user information has the information of the access right of the target file in the encrypted file system, so that whether the user has the access right to the target file is determined.

And step S1084, if the user has the access right, decrypting the file in the encrypted file system and allocating the decrypted file to an upper application.

For the embodiment of the application, the electronic device judges that the user has the access right, and indicates that the user has the right to view the decrypted target file. In the encrypted file system, the electronic device can determine a corresponding decryption mode through information related to encryption, such as an encryption algorithm, an encryption mode and the like recorded in an electronic tag of a target file, so as to decrypt the target file, and finally allocate the decrypted target file to an upper-layer application, so that a user can conveniently view the target file.

A possible implementation manner of the embodiment of the present application further includes step S110 (not shown in the figure), step S111 (not shown in the figure), step S112 (not shown in the figure), and step S113 (not shown in the figure), wherein step S110 may be executed simultaneously with step S103, or may be executed after step S103, wherein,

step S110, obtaining an operation time of the user to operate the target file, and generating the tracing information based on the operation time and the user information.

For the embodiment of the application, the tracing information is a usage record of the operation, usage, propagation process and the like of the target file. In order to keep the use record of the target file, when the user operates the target file, the electronic device obtains the operation time of the user for operating the target file, and the operation time can be accurate to hours. And generating the tracing information according to the operation time of the user and the user information. Assuming that the target file is file A, the time for the user A to operate the file A is 8 of No. 7/10 in 2022: 00, the source tracing information is "information of user a and 8 of 7/10/2022: 00".

And step S111, if the target file is a file in a picture format, compressing the tracing information to obtain the compressed tracing information.

For the embodiment of the application, the size of the picture format file is fixed and cannot be increased, and if the picture format file is too small, the traceability information is not easily added into the picture format file, so that the smaller the traceability information is, the more beneficial the traceability information is to be hidden in the picture specification file. And when the electronic equipment detects that the target file is in a picture format, the electronic equipment compresses the traceability information to obtain the compressed traceability information. Taking step S110 as an example, when the file a is a file in a picture format, the electronic device will compare the information of the user a and No. 8/7/10/2022: 00, compressing to obtain the compressed tracing information.

In step S112, a preset number of target positions are determined from the preset positions of the target file.

For the embodiment of the application, in order to further prevent the tracing information from being cracked and deleted easily, a preset number of target positions are determined in a plurality of preset positions of the target file, and the tracing information is written in the target positions.

The preset positions and the preset number can be set through the sizes of the pictures, the intervals of the sizes of the pictures can be divided, and each interval can correspond to a plurality of preset positions and the preset number. Taking step S110 as an example, when the file a is a 288-pixel picture, the corresponding interval is [200, 400], the number of the preset positions corresponding to the interval is 100, and the corresponding preset number is 32. That is, the electronic device will select 32 target positions from 100 preset positions.

The target position may be determined by random extraction, by numbering preset positions, by sequentially using the preset positions, or by other methods capable of determining the target position.

And step S113, writing the compressed tracing information into a target position to obtain a new target file.

For the embodiment of the present application, taking step S112 as an example, each part of the compressed tracing information is written into 32 target locations of the file a, respectively, so as to obtain a new file a.

Taking the pixel gray value of the picture as an example, after the target position is determined, assuming that the pixel gray value of the target position is an 8-bit binary number, and the lowest bit of the 8-bit binary number is "1", the electronic device selects the lowest bit of the 8-bit binary number to modify the lowest bit into the corresponding binary data in the tracing information. Taking step S126 as an example, the highest bit of the tracing information is "0", the electronic device rewrites the lowest bit "1" of the 8-bit binary number to "0", and since only the gray value is reduced by 1, the influence on the color of the picture is small, each bit of data of the tracing information is written into the file in the picture format in the above manner, after the writing of the tracing information is completed, the difference between two pictures before and after the writing is small, and the two pictures are not easy to be found and cracked by other people.

In the embodiment of the application, if the file is a document, a plurality of target positions can be randomly selected from a plurality of preset positions of a file body of the document, and the traceability information is written into the target positions of the file body, so that the traceability of the operation and use process of the document is facilitated, and the traceability information is randomly written into the preset positions of the file body, so that the traceability information is not easy to crack and delete.

In the embodiment of the application, the documents are assumed to be cloud documents, shared documents, online documents and the like, and when it is detected that the traceability information of a certain user is greater than a preset number threshold, it indicates that the user may have an abnormal operation behavior, the traceability information of the user is uploaded to a server for cloud storage. Each operation behavior may also be classified, for example, the access operation is classified into 1 level, the editing operation is classified into 2 levels, and the downloading operation is classified into 3 levels, each level of operation corresponds to a preset threshold number of times, for example, the threshold number of times of the access operation is 1000 times, the threshold number of times of the editing operation is 100 times, and the threshold number of times of the downloading operation is 10 times. When the operation times of the personnel reach the time threshold corresponding to the operation, that is, the traceability information of a certain operation reaches the number corresponding to the time threshold, it can be demonstrated that the operation behavior of the personnel may be abnormal. And the electronic equipment stores the tracing information into the server.

Further, taking the editing operation as an example, a threshold value may be set for the position of the editing operation, and if a certain person modifies multiple places of the document, it is indicated that the person is suspicious in operation. Assuming that the threshold value of the number of times of editing positions is 50, that is, when a person performs editing operation on different positions in the document to reach 50, it can be determined that the person performs operation suspicion.

Further, if the editing times of the personnel reach the corresponding preset time threshold value, or the editing positions reach the corresponding preset time threshold value, the editing authority of the personnel is locked, and the personnel cannot continuously edit, so that the safety of the document is ensured.

In the embodiment of the application, after the target position written by the tracing information is determined, the electronic device further establishes the corresponding relationship between each tracing information and the target position and stores the corresponding relationship, so that the tracing information can be conveniently restored according to the corresponding relationship.

In a possible implementation manner of the embodiment of the present application, the compressing the tracing information in step S111 specifically includes step S1111 (not shown in the figure), step S1112 (not shown in the figure), step S1113 (not shown in the figure), and step S1114 (not shown in the figure), wherein,

step 1111, encrypt the user ID to obtain a feature value of the user ID.

Wherein the user information includes a user ID.

For the embodiment of the present application, assuming that the ID of the user a is zhang san, the encryption calculation may be to encrypt the user ID by using a digest algorithm, for example, the electronic device performs the encryption calculation on zhang san by using the digest algorithm to obtain a feature value of zhang san "615db57aa314529aaa0fbe b3e95bd3", and the electronic device selects a character segment with a preset length from the feature value to obtain an ID compression value. The electronic equipment converts Zhang III into binary information, namely a characteristic value of a user ID through encryption calculation.

In step S1112, the feature value is compressed to a byte with a preset length to obtain an ID compressed value.

For the embodiment of the present application, taking step S1111 as an example, the electronic device selects a character segment with a preset length from a preset bit character from the feature value of "zhang san" to obtain an ID compression value. Assuming that the preset bit character is the third bit and the preset length character is four characters, the electronic device determines that the ID compression value of Zhang III is 5db 5.

In step S1113, if the operation time is within the preset time period, the difference between the operation time and the start time of the preset time period is determined.

For the embodiment of the present application, the preset time period is a time period set in advance, and it is assumed that the preset time period is No. 0 at 7/10/2022: 00 to current time, current time 2022 year 7 month 15 day 0:00, taking step S110 as an example, user a operates time No. 8 No. 7/10 2022: 00 is in a preset time period, and the operation time of the user A is 2022, 7 months, 10 # 8:00 and the start time of the preset time period 2022, 7/month 10 No. 0:00, a difference of 8 hours was obtained.

In step S1114, the difference is converted to obtain a time compression value.

For the present embodiment, the time difference value may be compressed into 2 bytes of 16 bits, i.e., 8 hours is converted into "0000000000001000", i.e., a time compression value. And determining the time when the user operates the file according to the time compression value and the operation time of the file. Namely, converting the 0000000000001000 into decimal number to obtain 8, and the operation time is 0 No. 7/10 in 2022: 00", so that the operation time can be determined as" 8 No. 7/10/2022: 00".

A possible implementation manner of the embodiment of the present application further includes step S114 (not shown in the figure) and step S115 (not shown in the figure), wherein step S114 may be executed simultaneously with step S111, or may be executed after step S111, wherein,

step S114, when it is detected that the ID compression values of at least two users are the same, determining whether the time compression values corresponding to the ID compression values of at least two users are the same.

For the embodiment of the present application, since the user IDs in the tracing information are compressed, a situation that the compression values corresponding to the user IDs are the same may occur, that is, when the electronic device detects that the ID compression values of at least two users are the same, it indicates that there is a possibility that the operations are performed by the same user, or there are also a possibility that the operations are performed by at least two different users, and therefore it is necessary to determine whether the time compression values corresponding to the ID compression values of at least two users are the same. Assuming that the electronic device detects that the ID compression value of two users is "5d", it needs to further confirm whether the time compression values corresponding to the two users are the same.

In step S115, if the time compression values corresponding to the ID compression values of the at least two users are the same, any one of the tracing information corresponding to the ID compression values of the at least two users is retained.

For the embodiment of the application, assuming that the ID compression values of two users are the same, and the corresponding time compression values are both "0000000000001000", it is described that the same user performs operations in the same hour time period, and the electronic device only retains any one of the tracing information, so that the repetition of the tracing information is reduced, a file can store more tracing information, and the occupation of a storage space by useless information is reduced.

The embodiment of the application further provides a method for determining the tracing information, which is executed by an electronic device, wherein the electronic device may be a server or a terminal device, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud computing services. The terminal device may be a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like, but is not limited thereto, the terminal device and the server may be directly or indirectly connected through a wired or wireless communication manner, and an embodiment of the present application is not limited thereto, as shown in fig. 2, the method includes: step S201, step S202, step S203, and step S204, wherein,

step S201, acquiring an operation time of the user to operate the target file, and generating the tracing information based on the operation time and the user information.

For the embodiment of the application, the tracing information is a usage record of the operation, usage, propagation process and the like of the target file. In order to keep the use record of the target file, when the user operates the target file, the electronic device obtains the operation time of the user for operating the target file, and the operation time can be accurate to hours. And generating the tracing information according to the operation time of the user and the user information. Assuming that the target file is file A, the time for the user A to operate the file A is 8 of No. 7/10 in 2022: 00, the tracing information includes the information of the user a and 8 of 7/10/2022: 00.

step S202, if the target file is a file in a picture format, the tracing information is compressed to obtain the compressed tracing information.

For the embodiment of the application, the size of the picture format file is fixed and cannot be increased, and if the picture format file is too small, the traceability information is not easily added into the picture format file, so that the smaller the traceability information is, the more beneficial the traceability information is to be hidden in the picture specification file. Therefore, when the electronic device detects that the target file is in the picture format, the electronic device compresses the traceability information to obtain the compressed traceability information. Taking step S201 as an example, when the file a is a file in a picture format, the electronic device will compare the information of the user a and No. 8/7/10/2022: 00, compressing to obtain the compressed tracing information.

In step S203, a preset number of target positions are determined from the preset positions of the target file.

The target position may be determined by random extraction, by numbering the preset positions in time, by sequentially using the preset positions, or by other methods capable of determining the target position.

And step S204, writing the compressed tracing information into a target position to obtain a new target file.

For the embodiment of the present application, taking step S203 as an example, each part of the compressed tracing information is written into 32 target locations of the file a, respectively, so as to obtain a new file a.

In the embodiment of the application, the documents are assumed to be cloud documents, shared documents and online documents, and when it is detected that the tracing information of a certain user is greater than a preset quantity threshold, it is indicated that the user may have abnormal operation behaviors, the tracing information of the user is uploaded to a server for cloud storage. Each operation behavior may also be classified, for example, the access operation is classified into 1 level, the editing operation is classified into 2 levels, and the downloading operation is classified into 3 levels, each level of operation corresponds to a preset threshold number of times, for example, the threshold number of times of the access operation is 1000 times, the threshold number of times of the editing operation is 100 times, and the threshold number of times of the downloading operation is 10 times. When the operation frequency of the personnel reaches the frequency threshold corresponding to the operation, that is, the traceability information of a certain operation reaches the number corresponding to the frequency threshold, it can be shown that the operation behavior of the personnel is possibly abnormal. And the electronic equipment stores the tracing information into the server.

Further, taking the editing operation as an example, a threshold value may be set for the position of the editing operation, and if a certain person modifies multiple places of the document, it is indicated that the person is suspicious in operation. Assuming that the threshold value of the number of times of editing positions is 50, that is, when a person edits different positions in the document to 50, it can be determined that the person is suspicious.

In a possible implementation manner of the embodiment of the present application, the compressing the source tracing information in step S202 specifically includes step S2021 (not shown in the figure), step S2022 (not shown in the figure), step S2023 (not shown in the figure), and step S2024 (not shown in the figure), wherein,

step S2021, performing encryption calculation on the user ID to obtain a feature value of the user ID.

Wherein the user information includes a user ID.

For the embodiment of the present application, assuming that the ID of the user a is zhang san, the encryption calculation may be to encrypt the user ID by using a digest algorithm, for example, the electronic device performs the encryption calculation on zhang san by using the digest algorithm to obtain a feature value of zhang san "615db57aa314529aaa0fbe b3e95bd3", and the electronic device selects a character segment with a preset length from the feature value to obtain an ID compression value. The electronic equipment converts Zhang III into binary information, namely a characteristic value of the user ID through encryption calculation.

Step S2022, compress the feature value to a byte with a preset length to obtain an ID compressed value.

For the embodiment of the present application, taking step S1111 as an example, the electronic device selects a character segment with a preset length from a preset bit character from the feature value of "zhang san" to obtain an ID compression value. Assuming that the preset-bit character is the third bit, the preset-length character is four characters, and the compressed value of the ID of "zhang san" determined by the electronic device is "5db5".

In step S2023, if the operation time is within the preset time period, the difference between the operation time and the start time of the preset time period is determined.

For the embodiment of the present application, the preset time period is a time period set in advance, and it is assumed that the preset time period is No. 0 at 7/10/2022: 00 to current time, current time 2022 year 7 month 15 day 0:00, taking step S201 as an example, user a operates time No. 8 No. 7/10 2022: 00 is in a preset time period, and the operation time of the user A is 2022, 7 months, 10 # 8:00 and the start time of the preset time period 2022, 7/month 10 No. 0:00, giving a difference of 8 hours.

Step S2024, converting the difference to obtain a time compression value.

For the present embodiment, the time difference value can be compressed into 2 bytes of 16 bits, i.e., 8 hours is converted into "0000000000001000", i.e., a time-compressed value. And determining the time when the user operates the file according to the time compression value and the operation time of the file. Namely, the ' 0000000000001000 ' is converted into decimal number to obtain ' 8 ', the operation time is ' 0 No. 7 month No. 10 in 2022: 00", so that the operation time can be determined as" 8 No. 7/10/2022: 00".

A possible implementation manner of the embodiment of the present application further includes step S205 (not shown in the figure) and step S206 (not shown in the figure), wherein step S205 may be executed simultaneously with step S202, or may be executed after step S202, wherein,

step S205, when it is detected that the ID compression values of at least two users are the same, determining whether the time compression values corresponding to the ID compression values of at least two users are the same.

For the embodiment of the present application, since the user IDs in the tracing information are compressed, a situation that the compressed values corresponding to the user IDs are the same may occur, that is, when the electronic device detects that there are at least two users with the same ID compressed value, it indicates that there is a possibility that the operations are performed by the same user, or there are also a possibility that the operations are performed by at least two different users, and therefore it is necessary to determine whether the time compressed values corresponding to the ID compressed values of the at least two users are the same. Assuming that the electronic device detects that the ID compression value of two users is "5db5", it needs to further confirm whether the time compression values corresponding to the two users are the same.

In step S206, if the time compression values corresponding to the ID compression values of the at least two users are the same, any one of the tracing information corresponding to the ID compression values of the at least two users is retained.

For the embodiment of the present application, it is assumed that the ID compression values of two users are the same, and the corresponding time compression values are "0000000000001000", which indicates that the same user performs operations in the same hour period, and the electronic device only retains any one of the tracing information, so that the repetition of the tracing information is reduced, a file can store more tracing information, and the occupation of a storage space by useless information is reduced.

The foregoing embodiments describe a method for processing file permissions from the perspective of a method flow, and the following embodiments describe a device for processing file permissions from the perspective of a virtual module or a virtual unit, which are described in detail in the following embodiments.

An embodiment of the present application provides a device 30 for processing file permissions, as shown in fig. 3, the device 30 for processing file permissions specifically may include:

the first determining module 301 is configured to determine, when a file opening instruction triggered by a user is detected, an association relationship between a window and a file corresponding to the window;

a second determining module 302, configured to determine, when a switching instruction between at least two windows triggered by a user is detected, a target file based on an association relationship of the switched windows;

an obtaining module 303, configured to obtain authority information and user information of a target file;

a third determining module 304, configured to determine, based on the user information and the permission information, a permission to be executed by the user on the target file;

a first output module 305, configured to output the target file according to the to-be-executed authority.

According to the file authority processing device 30 provided by the embodiment of the application, when an electronic device detects a file opening instruction triggered by a user, a first determining module 301 determines an association relationship between a window and a file corresponding to the window, so as to ensure that each window corresponds to the file corresponding to the window one to one, so that when a switching instruction triggered by the user and related to at least two windows is detected, a second determining module 302 can determine a target file based on the association relationship between the switched windows, since the displayed authority of each file is different for different users, each file contains multiple different kinds of authority, that is, an acquiring module 303 is required to acquire authority information and user information of the target file, and based on the user information and the authority information, a third determining module 304 determines a to-be-executed authority of the user for the target file, and according to-be-executed authority, a first output authority module 305 outputs the target file, so that when the user opens multiple files of the same type at the same time and the multiple files of the same type have different authorities, the electronic device can accurately identify each file.

In a possible implementation manner of the embodiment of the present application, when determining the association relationship between a window and a file corresponding to the window, the first determining module 301 is specifically configured to:

identifying a window title of the window according to the window handle;

and determining the association relation based on the window handle and the file handle corresponding to the window.

In another possible implementation, the apparatus 30 further includes:

the first judgment module is used for judging the file type of the target file, and the file type comprises an unencrypted file and an encrypted file;

the transmission module is used for transmitting the file from the storage medium to the native file system and allocating the file from the native file system to the upper-layer application when the target file belongs to the unencrypted file;

and the second output module is used for outputting the decrypted target file.

transferring the file from the storage medium to the native file system;

transmitting the file from the native file system to the encrypted file system;

judging whether the user has access authority or not based on user information;

and if the user has the access authority, decrypting the file in the encrypted file system and allocating the decrypted file to the upper-layer application.

In another possible implementation, the apparatus 30 further includes:

the generating module is used for acquiring the operation time of the user for operating the target file and generating the tracing information based on the operation time and the user information;

and the writing module is used for writing the compressed tracing information into a target position to obtain a new target file.

if the operation time is within the preset time period, determining the difference value between the operation time and the starting time of the preset time period;

and converting the difference value to obtain a time compression value.

In a possible implementation manner of the embodiment of the present application, the apparatus further includes:

In this embodiment of the present application, the first determining module 301, the second determining module, the third determining module, and the fourth determining module may be the same obtaining module, may also be different obtaining modules, and may also be partially the same obtaining module. The first judging module and the second judging module may be the same output module, may be different output modules, or may be partially the same output module.

It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the file right processing apparatus 30 described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.

The embodiment of the present application further provides a device 40 for determining tracing information, as shown in fig. 4, the device 40 for determining tracing information may specifically include:

a generating module 401, configured to obtain operation time for operating a target file by a user, and generate tracing information based on the operation time and user information;

a compression module 402, configured to, when the target file is a file in a picture format, compress the tracing information to obtain compressed tracing information;

a fourth determining module 403, configured to determine a preset number of target locations from the preset locations of the target file;

a writing module 404, configured to write the compressed tracing information into a target location, so as to obtain a new target file.

The device 40 for determining tracing information provided by the embodiment of the application, wherein when a user operates a target file, an electronic device obtains operation time for the user to operate the target file, and the generation module 401 generates the tracing information according to the operation time and the user information, and when the target file operated by the user is a file in a picture format, because the size of a picture is limited, and the smaller the tracing information in the picture is, the more beneficial the tracing information is to be hidden in the picture, the compression module 402 compresses the tracing information to obtain the compressed tracing information. The fourth determining module 403 determines a preset amount of target data from a preset position of the target file, so that the tracing information is not easily deleted, and the reliability of the tracing information is increased. The writing module 404 writes the compressed tracing information into the target location to obtain a new target file. Therefore, when the target file is spread, the spreading process can be checked according to the traceability information.

In another possible implementation manner, when compressing the tracing information, the compression module 402 specifically includes:

and converting the difference value to obtain a time compression value.

In another possible implementation, the apparatus 40 further includes:

It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus 40 for determining tracing information described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.

In an embodiment of the present application, there is provided an electronic device, as shown in fig. 5, an electronic device 50 shown in fig. 5 includes: a processor 501 and a memory 503. Wherein the processor 501 is coupled to the memory 503, such as via the bus 502. Optionally, the electronic device 50 may also include a transceiver 504. It should be noted that the transceiver 504 is not limited to one in practical application, and the structure of the electronic device 50 is not limited to the embodiment of the present application.

The Processor 501 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 501 may also be a combination of implementing computing functionality, e.g., comprising one or more microprocessors, a combination of DSPs and microprocessors, and the like.

Bus 502 may include a path that carries information between the aforementioned components. The bus 502 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 502 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 5, but this does not represent only one bus or one type of bus.

The Memory 503 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.

The memory 503 is used for storing application program codes for executing the scheme of the application, and the processor 501 controls the execution. The processor 501 is configured to execute application program code stored in the memory 503 to implement the content shown in the foregoing method embodiments.

Among them, electronic devices include but are not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. But also a server, etc. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.

The embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and when the computer program runs on a computer, the computer is enabled to execute corresponding content of one file authority processing in the foregoing method embodiment. Compared with the prior art, when the electronic equipment detects a file opening instruction triggered by a user, the incidence relation between the window and the file corresponding to the window is determined, so that the one-to-one correspondence between each window and the file corresponding to the window is ensured, when a switching instruction triggered by the user and related to at least two windows is detected, the target file can be determined based on the incidence relation of the switched windows, as each file is different in displayed authority aiming at different users, the authority information and the user information of the target file need to be acquired, the to-be-executed authority of the user on the target file is determined based on the user information and the authority information, the target file is output according to the to-be-executed authority, and when the user opens a plurality of files of the same type at the same time and the plurality of files of the same type have different authorities, the electronic equipment can accurately identify the authority of each file.

The embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, which, when running on a computer, enables the computer to execute the corresponding content of one of the foregoing method embodiments. Compared with the prior art, in the embodiment of the application, when the user operates the target file, the operation time of the user for operating the target file is obtained, and the traceability information is generated according to the operation time and the user information. And determining a preset amount of target data from the preset position of the target file so that the tracing information cannot be deleted easily and the reliability of the tracing information is increased. And writing the compressed tracing information into a target position to obtain a new target file. Therefore, when the target file is spread, the spreading process can be checked according to the tracing information.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, several modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims

1. A method for file authority processing is characterized by comprising the following steps:

when a switching instruction which is triggered by a user and is related to at least two windows is detected, the windows before switching are converted into windows after switching based on the incidence relation of the windows after switching, and a target file after switching is determined, so that the authority of the output file before and after switching is changed, wherein the file corresponding to the window before switching and the target file are files of the same type;

acquiring authority information and user information of the target file;

and outputting the target file according to the to-be-executed authority.

2. The method for processing file authority according to claim 1, wherein the determining the association relationship between the window and the file corresponding to the window includes:

identifying a window title of the window according to the window handle;

and determining an incidence relation based on the window handle and the file handle corresponding to the window.

3. The method for processing file authority according to claim 1, further comprising:

if the target file belongs to the unencrypted file, transmitting the file from a storage medium to a native file system, and deploying the file from the native file system to an upper-layer application;

if the target file belongs to the encrypted file, decrypting the target file;

and outputting the decrypted target file.

4. The method for processing file authority according to claim 3, wherein the decrypting the target file includes:

transferring the file from a storage medium to a native file system;

transmitting the data from the native file system to an encrypted file system;

5. The method for processing file authority according to claim 1, further comprising:

acquiring the operation time of downloading the target file by the user, and generating traceability information based on the operation time and user information;

6. The method of claim 5, wherein the user information includes a user ID, and the compressing the tracing information includes:

and converting the difference value to obtain a time compression value.

7. The method for processing file permissions according to claim 6, further comprising:

8. An apparatus for processing file permissions, comprising:

the second determining module is used for converting the window before switching into the window after switching based on the incidence relation of the window after switching when a switching instruction between at least two windows triggered by a user is detected, and determining a target file after switching so that the authority of the file output before and after switching is changed, wherein the file corresponding to the window before switching and the target file are the same type of file;

a third determining module, configured to determine, based on the user information and the permission information, a permission of the user to execute the target file;

and the output module is used for outputting the target file according to the to-be-executed authority.

9. An electronic device, comprising:

one or more processors;

a memory;

one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: method of performing a file rights processing according to any of claims 1 to 7.

10. A computer-readable storage medium on which a computer program is stored, characterized in that when the computer program is executed in a computer, it causes the computer to execute a method of file right processing according to any one of claims 1 to 7.