CN116628654A - Front-end page authority control method, device, equipment and storage medium - Google Patents
Front-end page authority control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116628654A CN116628654A CN202310922018.6A CN202310922018A CN116628654A CN 116628654 A CN116628654 A CN 116628654A CN 202310922018 A CN202310922018 A CN 202310922018A CN 116628654 A CN116628654 A CN 116628654A
- Authority
- CN
- China
- Prior art keywords
- page
- authority
- button
- permission
- interception
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000009877 rendering Methods 0.000 claims abstract description 8
- 230000009191 jumping Effects 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 230000002045 lasting effect Effects 0.000 claims description 3
- 238000013475 authorization Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 abstract description 15
- 238000004364 calculation method Methods 0.000 abstract description 3
- 238000013461 design Methods 0.000 abstract description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 10
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000000977 initiatory effect Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a front-end page authority control method, a device, equipment and a storage medium, wherein the method comprises four layers of interception: login interception, menu interception, route interception and interface interception. The application designs an authentication route, and uses a binary computing method to complete the authority judgment of two basic authorities of reading and writing while intercepting page skip, thereby distinguishing the readability and the writeability of pages. According to the application, the position of the encrypted button on the page and the self attribute content text of the button are used as the unique permission identification of the button, all buttons to be rendered on the page are obtained before the formal rendering of the page, and the buttons with permission are filtered out according to the rear end interface, so that the problem of adding permission judgment for the buttons one by one is solved. The chained interception structure provided by the application is not limited by the front end framework in the aspects of processing page read-write control, button authority unified control and the like, and gives consideration to user role configuration, so that the chained interception structure is a universal authority configuration method, and the application range is enlarged.
Description
Technical Field
The application belongs to the technical field of computers, and relates to a front-end page authority control method, device, equipment and storage medium.
Background
The front-end authority control refers to a method for introducing authority control into a front-end project, and permission of a user to access and operate related pages is adjusted through flexible configuration, so that the user is prevented from unauthorized access to the pages, malicious access to a path is prevented, and the safety of a software system is further ensured. The traditional front-end authority control method is that a user capable of accessing a page is screened through user login, then whether the user has access authority of the page to be skipped or not is judged through intercepting a page access path, if the authority exists, the user continues to access, and if the authority does not exist, the user is redirected to an unauthorized page. The front-end authority control in the traditional mode can quickly evaluate whether pages can be accessed in some software systems without introducing role concepts. For a software system introducing the concept of roles, the authority of the user depends on the roles and does not depend on a certain login account, and management and inheritance exist between the roles, so that for complex projects, the traditional mode cannot meet finer and personalized configuration and cannot meet the capability of further enhancing the control of the reconstruction authority.
The current solutions for front-end page permissions are as follows: the patent with publication number CN114595484A discloses a page authority control method, which is to take intersection or union of function type authorities and data type authorities, then to detect conflict according to user identity and to filter authority points which do not exist in the user. Although the method improves the flexibility of authority configuration and effectively avoids the conflict of authority setting, the method still only can solve the exposable property of the page, but cannot solve the read-write line of the page, and the judgment of adding button levels one by one is still needed for the authority points of data. In addition, patent publication number CN114861198A discloses a permission control based on a page address storage method, by establishing a mapping between a user and a page address, and then obtaining a page file with permission according to the page address permission possessed by the user. This approach is essentially based on the concept of roles, and then filtering of permissions is achieved through route matching, but still cannot handle page readwriteability.
The prior art has the following two methods on button level authority, for example, patent publication No. CN114090978A discloses a method based on fine granularity authority of a Vue framework, and the button level authority is uniformly operated by registering a custom instruction. While the amount of computation of logical writing per page is greatly reduced, instructions still need to be bound to permission buttons one by one, and the binding of such instructions is limited to the Vue framework and cannot fit into other mainstream frameworks in front-end development. For another example, in the disclosure of CN115455328A, by constructing a function key word library in advance, when a page is developed, a corresponding resource permission identifier is automatically generated for a new button. Although the mode solves the problem of manual single configuration authority, the mode is only suitable for newly developed projects, does not have universality of use, and still needs to make modification and replacement of authority buttons for the existing projects.
In summary, the prior art cannot solve the problems of page authority readability, adding button-level authorities one by one, and authority configuration universality.
Disclosure of Invention
The application aims to solve the technical problems and provides a front-end page authority control method, a device, equipment and a storage medium.
The application aims at realizing the following technical scheme:
in a first aspect, the present application provides a front-end page permission control method, where the method includes:
s1, login interception: intercepting an unauthorized user in a system login mode;
s2, menu interception: aiming at a page with a menu structure, intercepting a non-authority page through the display and hiding of the menu;
s3, route interception: before page jumping, using binary operation rule to identify whether the current user has readability of the page to be jumped; after the page permission identification is completed, acquiring a button with operation permission of the page, and identifying the button permission;
s4, interface interception: interception of unauthorized operation is controlled by button disable and network request.
Further, the login interception specifically includes:
when a user logs in a system, obtaining a user token and storing the user token in a lasting way;
if the user token exists and is not expired, the next operation can be performed;
if the user token expires or does not exist, the user does not have the authority to access the system, and the page stays on the login page.
Further, the menu interception specifically includes:
the method comprises the steps that unauthorized leaf nodes are stored in a database in advance, a front end reads an unauthorized leaf node set from an interface, an authorization filtering is carried out by using a subsequent traversal algorithm, and if all child nodes of a parent node are unauthorized leaf nodes, the parent node is deleted, so that dynamic setting of a menu is completed.
Further, the route interception specifically includes:
when the change of the page address is monitored, changing the page path of the history stack, but not making page jump;
and carrying out permission identification, and if the permission exists, manually rendering the page, thereby realizing interception before jumping.
Further, authenticating the readability of the page includes:
aiming at pages requiring permission control, defining read-only rights and write-in rights, and respectively representing the read-only rights and the write-in rights by binary;
expressing the read-write authority of the user under the page through OR operation;
judging whether the user has the read-write permission under the page according to the 'and' operation.
Further, after the read-write identification of the page is completed, the read-write permission configuration of the page element is performed, which comprises the following steps:
when the route skip is intercepted and the user authority acquisition is completed, form elements on a page to be skipped are collected;
judging whether the user has the writing right, if not, setting a table element forbidden attribute; if so, entering the default state without any modification.
Further, authenticating the rights of the button includes:
the front end acquires a button set of a page to be jumped;
setting the authority unique identifier of the button according to the position of the button on the page and the encryption of the attribute content text of the button;
and the front end sets the attribute of the non-authority button as forbidden through the authority unique identifier of the non-authority button returned by the interface.
In a second aspect, the present application provides a front-end page permission control device, where the device includes a login interceptor, a menu interceptor, a route interceptor, and an interface interceptor that are connected in a chain;
the login interceptor is used for intercepting the unauthorized user in a login system mode;
the menu interceptor is used for intercepting the unauthorized pages through the display and hiding of the menu for the pages with the menu structure;
the route interceptor is used for identifying whether the current user has readability or not of the page to be jumped by using a binary operation rule before the page jumps; after the page permission identification is completed, acquiring a button with operation permission of the page, and identifying the button permission;
the interface interceptor is used for intercepting unauthorized operation through button disabling and network request control.
In a third aspect, the present application provides a front-end page permission control device, including a memory and one or more processors, where the memory stores executable codes, and the processors implement the front-end page permission control method according to the first aspect when executing the executable codes.
In a fourth aspect, the present application provides a computer-readable storage medium having stored thereon a program which, when executed by a processor, implements the front-end page permission control method according to the first aspect.
The beneficial effects of the application are as follows:
1. the page authority read-write performance problem is solved. The application designs an authentication route, and uses a binary computing method to complete the authority judgment of two basic authorities of reading and writing while intercepting page skip, thereby distinguishing the readability and the writeability of pages.
2. The problem of adding button level authorities one by one is solved. For the button permission identification, the position of the button on the page and the self attribute content text of the button are used as the button unique permission identification, all buttons to be rendered on the page are obtained before the formal rendering of the page, and the buttons with permission are filtered out according to the rear end interface, so that the problem of adding permission judgment for the buttons one by one is solved.
3. The problem of universality of authority configuration is solved. The method for controlling the authority of the chain interceptor is based on the development of the original API of the browser, is not restricted by a front end framework, gives consideration to the configuration of the user roles, can be used for any item type, is a universal authority configuration method, and expands the application range.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a front end page permission control method shown in an exemplary embodiment;
FIG. 2 is a menu rights filter schematic diagram shown in an exemplary embodiment;
FIG. 3 is a schematic diagram of a route interception flow shown in an exemplary embodiment;
FIG. 4 is a schematic representation of a rights bit-wise representation shown in an exemplary embodiment;
FIG. 5 is a schematic diagram of a chain structure of a front end page permission control device according to an exemplary embodiment;
fig. 6 is a block diagram of a front-end page authority control apparatus according to an exemplary embodiment.
Detailed Description
In order that the above objects, features and advantages of the application will be readily understood, a more particular description of the application will be rendered by reference to the appended drawings.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, but the present application may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present application is not limited to the specific embodiments disclosed below.
As shown in fig. 1, an embodiment of the present application provides a front-end page permission control method, where the method adopts a chained interception structure, and includes the following four layers of interception: login interception, menu interception, route interception and interface interception, each layer has the following functions and functions:
1. login interception: and intercepting the unauthorized user by logging in the system.
2. Menu interception: and aiming at the page with the menu structure, intercepting the unauthorized page through the display and the hiding of the menu.
3. Route interception: before page jumping, using binary operation rule to identify whether the current user has readability of the page to be jumped; after the page permission identification is completed, acquiring a button with operation permission of the page, and identifying the button permission.
4. Interface interception: interception of unauthorized operation is controlled by button disable and network request.
The relation among the four layers of interception is enhanced in sequence, and the lower layer of interception is used for further limiting the upper layer of interception in sequence. The following description further presents some embodiments of the interception of layers in accordance with the requirements of the present application.
1. Login interception
Logging in is the first layer of authority identification of a user entering a software system, and the user with access system authority is filtered out in the layer by logging in the system without considering the problem of the role of the user.
The login state is based on the token implementation for the user. When a user logs in the system, firstly, a token of the user is acquired and is stored for a lasting time, if the token exists and is not expired, the token can be further operated, if the token expires or does not exist, the token does not have the authority to access the system, and the page stays on the login page all the time.
2. Menu interception
The menu interception is used for dynamically acquiring a page menu after the user logs in successfully. For certain services, part of the single page application (SinglePage Web Application, SPA) does not have a menu structure, so this step is unnecessary. For applications with a menu structure, the menus are typically stored in a hierarchical structure.
The dynamic menu structure acquisition process is that unauthorized leaf nodes are stored in the database in advance, and the method has the advantages that the rear end does not need to store the whole menu structure, and the front end can finish menu adjustment only by acquiring the unauthorized leaf nodes. And then the front end reads the unauthorized leaf node set from the interface, then the subsequent traversal algorithm is used for performing authority filtering, and if all child nodes of the father node are unauthorized leaf nodes, the father node is deleted, so that the dynamic setting of the menu is completed. For example, assuming a menu structure as shown in fig. 2, if the user does not have both "environment management" and "service management" menu rights, the parent node "configuration center" should be deleted accordingly.
3. Route interception
The role of route interception mainly comprises two aspects, namely, before page jumping, whether the page to be jumped has readability or writeability for the current user is identified; and secondly, after the page permission identification is completed, acquiring a button with operation permission of the page, and further identifying the page button permission. A specific implementation flow of route interception is shown in fig. 3.
3.1 implementation principle
In the browser, operations such as forward and backward can cause a change in page address. The realization principle of the route interception is that interception related operation is executed before page rendering by monitoring the change of page addresses, and then the operation is matched with corresponding components according to the route rules predefined by items, so that the process of page jumping is finally completed.
Specifically, the route interception is to monitor a popstate event, and automatically trigger the event when the page address changes, advances, retreats, etc., and then the page address change can be completed based on the two APIs pushState, repalceState provided by HTML5, which change the page path of the history stack, but do not jump the page. Therefore, when the route interception is performed, the address is changed through the pushState, repalceState APIs, then the authority of the page jump is identified in the process, and if the authority exists, the page is manually rendered, so that the interception before the jump is realized.
3.2 read-write authentication of users
The read-write authentication of the page is completed according to a binary operation rule designed by the application. The read-only right refers to the accessibility of the page, namely whether the user has permission to browse the current page; the writing right refers to the business operations such as data input (such as input box, single selection, multiple selection box, etc.), addition, deletion, check, modification, next step, etc. of the form elements. For each page needing permission control, two basic permissions are specified to be read only and written in the page respectively in binary representation, then the read-write permission of the user under the page is expressed through OR operation, and then whether the user has the read-write permission under the page is judged according to AND operation.
The above process can be described as assuming that there are two sets of forms on page a, denoted by form1, form from2, respectively; assume that the specified page a has four basic read-write rights, and controls the read-only rights and the write rights of the form1 and the form from2 respectively. The four basic read-write rights can be represented in binary form as shown in table 1, where the rights correspond to each other by bits.
Table 1 form rights binary representation schematic
Assuming that the user's rights in page a are marked with the variable authPageA, which has three rights, form1read only, form2write right, respectively, then the user's rights in page A can be expressed as authPageA=form 1 read|form 2 write=0b 00001|0b 00100|0b 01000=13 (decimal result) =1101 (binary result). The rights correspond to each other in a bit manner, and the bit expression manner of the rights is shown in fig. 4.
After knowing the authority of the user on the page A, authPageA needs to judge whether the page form needs to be forbidden according to the authority of the user on the page A. The judging method is that the user firstly carries out 'and' operation on the authority of the page A and the basic authority, then judges whether the operation result is equal to the basic authority, if so, the authority is indicated to exist, and if not, the authority is indicated to not exist.
If the user has the right to write in form1 on page a, the user first performs an and operation on the authority authPageA of page a and the right to write in form1 of form1, that is, the result of the operation is 0, and then determines if the result of the operation is equal to the right to write in form1 of form1, that is, 0= =form 1write, that is, the result of the operation is false, that is, the user does not have the right to write in form1 on page a, and all forms 1 are disabled.
For another example, it is determined whether the user has the read-only right of the form2 on the page a, the authority authPageA of the user on the page a and the read-only right form2read of the form2 are subjected to an and operation, and then it is determined whether the operation result is equal to the read-only right form2read of the form2, that is, (authPageA & form2 read) = form2read, the operation result is true, that is, the user has the read-only right of the form2 on the page a, and the form2 is not subjected to any processing.
By the method, the read-write property of the page can be effectively controlled, multiple sets of authority expression can be completed by storing one field for multiple sets of authorities, the storage space is greatly saved, and in addition, the authority update can be completed by only adjusting the binary digit.
For example, the binary result of the authority authPageA of the user on page A is 1101, and the authPageA does not have the right to write form 1. If the user's authority on page a is to be modified to be able to write in form1, the user's authority can be updated only by modifying the corresponding position of the writing authority of form1 to 1, i.e. authPagea=1101 to authPagea=1111.
3.3 read-write permission configuration of page elements
After the read-write authentication is completed, whether the user has the read-only right and the write-in right for a certain page or not can be obtained, and the processing of controlling the page authority is not completed at the moment. For example, when the user does not have write rights, the table element on the page should be in a disabled state. The configuration page element readability mainly comprises the following three steps: firstly, when route skip is intercepted and user authority acquisition is completed, form elements on a page to be skipped are collected; secondly, judging whether a user has a writing right, if not, setting a table element forbidden attribute; if yes, entering a default state without any modification; and finally, performing page rendering after the read-write authentication is completed.
Specifically, the collection of form elements uses the browser native getElementsByTagName API, and this API can specify element tags to obtain a set of page elements, where form elements are sets of different input types labeled with input, so the collection of form elements can be completed in any frame at the front end through getElementsByTagName API. Secondly, judging the read-write permission of a user based on the step 3.2, traversing the list unit element set if the read-write permission does not exist, and setting an interface setAttribute for the list unit element to uniformly set a forbidden attribute according to the original attribute of the browser; the table element is available by default and does not do anything if the user has write rights. Finally, because the pushState and repalceState APIs are used for intercepting the route, the page cannot jump, and therefore, the page needs to be manually rendered after the permission identification is completed, the manual rendering mode is to take out the latest access record from the history record stack, and then modify the target address of the page to complete the jump of the page.
4. Interface interception
The interface interception is intercepted by unauthorized operation from two aspects, one is that a button is forbidden, and in general, the adding, deleting, modifying and checking of a database table, the next step and other business operations are triggered by clicking the button, and the forbidden button can prevent the initiation of a request from the source, so that the authentication pressure of a server is relieved; and secondly, network request control, wherein the network request control is used for further limiting the button disabling, so as to prevent a user from illegally tampering with the button disabling state in a browser webpage, thereby initiating an interface request.
4.1 button level rights
The button level authority is fine-grained, for example, four buttons are added, deleted, changed and searched on a page at the same time, and when a user only has the authority to search and change, different authority controls need to be added to the four buttons one by one. The traditional mode is to judge the user permission one by one for the buttons which need to be forbidden. However, the buttons are irregularly distributed in front-end engineering, and different business operations are difficult to uniformly divide the authority of the buttons, so that adding the authority to the buttons one by one is very tedious.
In order to solve the problems, the application is based on the route interception, and the front end acquires a button set of the page to be skipped before the formal rendering of the page. And then setting the unique permission identification of the button according to the position of the button on the page and the encryption of the attribute content text innerText of the button. And finally, the front end sets the attribute of the non-authority button as forbidden through the authority unique identifier of the non-authority button returned by the interface.
Specifically, the encryption of the text of the attribute content innerText of each button and the position of the page of each button is used as the authority expression, and the encryption algorithm can encrypt the character string by adopting algorithms such as cryptojs or HS256, but is not limited to the encryption algorithm. The browser native getElementsByTagName API is then used to retrieve the set of buttons on the page. Finally traversing the button set, judging the button authority, and if the authority does not exist, setting a forbidden attribute for the button by using a browser native attribute setting interface setAttribute; if the permission exists, the state is the default state, and no processing is performed.
By using the mode, the permission identifiers are not required to be added to the buttons one by one, and further, the front end and the rear end of the buttons with the permission need not to negotiate a unique permission identifier, and the rear end can automatically add the permission according to the position of the buttons on the page and the attribute content text of the buttons. In addition, the method effectively omits the complicated steps at the button level, improves the development efficiency obviously, is a general button permission adding method, is based on the development of the original API of the browser, is not limited by a front end frame, and can be used for any project type.
4.2 requesting control rights
The request control is to realize interface authority filtering after the client initiates the request and before the request is not sent to the server.
In one embodiment, the user identity authentication is completed by using an axios request interceptor interfaces and carrying user token information in a request header and matching with a server. When a page initiates a request, performing authority filtering on a request path, and releasing if the authority exists; and if the authority does not exist, canceling the sending request.
The above process is specifically described as, for example, a collection of unauthorized interfaces read from a database is [ '/search','/getdata' ], which is persisted in a browser. Then intercepting an initiating request in a request interceptor axios. Interfaces, and canceling the sending of the request if the initiating request is '/getdata' and the request exists in a non-authority interface set; assuming that the initiating request is '/getrequest' and that the request is not present in the set of unlicensed interfaces, it is sent normally.
The application uses binary calculation to control the page readability and the authority is expressed by OR operation, and the operation judgment authority is a brand new method provided by the application. The application improves the traditional mode of adding rights to the buttons one by one, takes the encryption of the text of the attribute content of the buttons and the position of the page where the buttons are positioned as the unique identifier of the rights, completes the unauthorized filtering in the route interception, effectively saves the tedious step of adding one by one on the granularity of the buttons, and improves the development efficiency obviously. The chained interception structure provided by the application is developed based on the browser native API in the aspects of processing page read-write control, button authority unified control and the like, is a general method, is not limited by a front end framework, and can be used for any item type.
On the other hand, the application also provides a front-end page authority control device, which comprises a login interceptor, a menu interceptor, a route interceptor and an interface interceptor which are connected in a chained mode as shown in fig. 5.
Login interceptor: the system is used for intercepting the unauthorized user in a system login mode;
menu interceptor: the method is used for intercepting the unauthorized page through the display and hiding of the menu aiming at the page with the menu structure;
route interceptor: before page jumping, using binary operation rule to identify whether the page to be skipped has readability to the current user; after the page permission identification is completed, acquiring a button with operation permission of the page, and identifying the button permission;
interface interceptor: for intercepting unauthorized operations by button disable and network request control.
The application also provides an embodiment of the front-end page permission control device corresponding to the embodiment of the front-end page permission control method.
Referring to fig. 6, the front-end page permission control device provided by the embodiment of the application includes a memory and one or more processors, where the memory stores executable codes, and the processors are configured to implement a front-end page permission control method in the above embodiment when executing the executable codes.
The embodiment of the front-end page authority control device provided by the application can be applied to any device with data processing capability, and the any device with data processing capability can be a device or a device such as a computer. The device embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. Taking software implementation as an example, the device in a logic sense is formed by reading corresponding computer program instructions in a nonvolatile memory into a memory through a processor of any device with data processing capability. In terms of hardware, as shown in fig. 6, a hardware structure diagram of an apparatus with any data processing capability where a front-end page authority control apparatus provided by the present application is located is shown in fig. 6, and in addition to a processor, a memory, a network interface, and a nonvolatile memory shown in fig. 6, any apparatus with any data processing capability where an apparatus is located in an embodiment generally includes other hardware according to an actual function of the any apparatus with any data processing capability, which is not described herein again.
The implementation process of the functions and roles of each unit in the above-mentioned device is specifically detailed in the implementation process of the corresponding steps in the above-mentioned method, and will not be described herein again.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The above described embodiments of the apparatus are only illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present application. Those of ordinary skill in the art will understand and implement the present application without undue burden.
The embodiment of the application also provides a computer readable storage medium, on which a program is stored, which when executed by a processor, implements a front-end page permission control method in the above embodiment.
The computer readable storage medium may be an internal storage unit, such as a hard disk or a memory, of any of the data processing enabled devices described in any of the previous embodiments. The computer readable storage medium may be any external storage device that has data processing capability, such as a plug-in hard disk, a Smart Media Card (SMC), an SD Card, a Flash memory Card (Flash Card), or the like, which are provided on the device. Further, the computer readable storage medium may include both internal storage units and external storage devices of any data processing device. The computer readable storage medium is used for storing the computer program and other programs and data required by the arbitrary data processing apparatus, and may also be used for temporarily storing data that has been output or is to be output.
The above-described embodiments are intended to illustrate the present application, not to limit it, and any modifications and variations made thereto are within the spirit of the application and the scope of the appended claims.
Claims (10)
1. The front-end page authority control method is characterized by comprising the following steps of:
s1, login interception: intercepting an unauthorized user in a system login mode;
s2, menu interception: aiming at a page with a menu structure, intercepting a non-authority page through the display and hiding of the menu;
s3, route interception: before page jumping, using binary operation rule to identify whether the current user has readability of the page to be jumped; after the page permission identification is completed, acquiring a button with operation permission of the page, and identifying the button permission;
s4, interface interception: interception of unauthorized operation is controlled by button disable and network request.
2. The front-end page permission control method according to claim 1, wherein the login interception specifically includes:
when a user logs in a system, obtaining a user token and storing the user token in a lasting way;
if the user token exists and is not expired, the next operation can be performed;
if the user token expires or does not exist, the user does not have the authority to access the system, and the page stays on the login page.
3. The front-end page permission control method according to claim 1, wherein the menu interception specifically includes:
the method comprises the steps that unauthorized leaf nodes are stored in a database in advance, a front end reads an unauthorized leaf node set from an interface, an authorization filtering is carried out by using a subsequent traversal algorithm, and if all child nodes of a parent node are unauthorized leaf nodes, the parent node is deleted, so that dynamic setting of a menu is completed.
4. The front-end page authority control method according to claim 1, wherein the route interception specifically includes:
when the change of the page address is monitored, changing the page path of the history stack, but not making page jump;
and carrying out permission identification, and if the permission exists, manually rendering the page, thereby realizing interception before jumping.
5. The front-end page authority control method according to claim 1, wherein authenticating the readability of the page comprises:
aiming at pages requiring permission control, defining read-only rights and write-in rights, and respectively representing the read-only rights and the write-in rights by binary;
expressing the read-write authority of the user under the page through OR operation;
judging whether the user has the read-write permission under the page according to the 'and' operation.
6. The front-end page permission control method according to claim 1, wherein after finishing the identification of the readability of the page, performing the configuration of the readability permission of the page element, comprising:
when the route skip is intercepted and the user authority acquisition is completed, form elements on a page to be skipped are collected;
judging whether the user has the writing right, if not, setting a table element forbidden attribute; if so, entering the default state without any modification.
7. The front-end page authority control method according to claim 1, wherein authenticating the authority of the button comprises:
the front end acquires a button set of a page to be jumped;
setting the authority unique identifier of the button according to the position of the button on the page and the encryption of the attribute content text of the button;
and the front end sets the attribute of the non-authority button as forbidden through the authority unique identifier of the non-authority button returned by the interface.
8. The front-end page authority control device is characterized by comprising a login interceptor, a menu interceptor, a route interceptor and an interface interceptor which are connected in a chained mode;
the login interceptor is used for intercepting the unauthorized user in a login system mode;
the menu interceptor is used for intercepting the unauthorized pages through the display and hiding of the menu for the pages with the menu structure;
the route interceptor is used for identifying whether the current user has readability or not of the page to be jumped by using a binary operation rule before the page jumps; after the page permission identification is completed, acquiring a button with operation permission of the page, and identifying the button permission;
the interface interceptor is used for intercepting unauthorized operation through button disabling and network request control.
9. A front-end page permission control device comprising a memory and one or more processors, the memory having executable code stored therein, wherein the processor, when executing the executable code, implements the front-end page permission control method of any one of claims 1-7.
10. A computer-readable storage medium having a program stored thereon, which when executed by a processor, implements the front-end page authority control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310922018.6A CN116628654B (en) | 2023-07-26 | 2023-07-26 | Front-end page authority control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310922018.6A CN116628654B (en) | 2023-07-26 | 2023-07-26 | Front-end page authority control method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116628654A true CN116628654A (en) | 2023-08-22 |
| CN116628654B CN116628654B (en) | 2023-11-07 |
Family
ID=87597723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310922018.6A Active CN116628654B (en) | 2023-07-26 | 2023-07-26 | Front-end page authority control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116628654B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108600175A (en) * | 2018-03-27 | 2018-09-28 | 深圳世联松塔装饰科技有限责任公司 | Control method, device and the storage medium of system operatio permission |
| WO2019153479A1 (en) * | 2018-02-06 | 2019-08-15 | 武汉斗鱼网络科技有限公司 | Browser page monitoring method and apparatus, and computer device |
| CN110968825A (en) * | 2019-11-30 | 2020-04-07 | 信联科技(南京)有限公司 | WEB page fine-grained authority control method |
| CN112487392A (en) * | 2020-12-08 | 2021-03-12 | 浪潮云信息技术股份公司 | Method for realizing authority control of management system by front end |
| CN114139193A (en) * | 2021-10-29 | 2022-03-04 | 济南浪潮数据技术有限公司 | Button authority control method and related device |
| CN115618408A (en) * | 2022-10-09 | 2023-01-17 | 浪潮云信息技术股份公司 | Function authority control method and system |
| CN115981527A (en) * | 2022-12-29 | 2023-04-18 | 云汉芯城(上海)互联网科技股份有限公司 | User permission hierarchical management method and device, electronic equipment and readable storage medium |
| CN115994345A (en) * | 2022-11-30 | 2023-04-21 | 山东通汇资本投资集团有限公司 | Dynamic authority management method and system based on authority limit under micro-service architecture |
-
2023
- 2023-07-26 CN CN202310922018.6A patent/CN116628654B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019153479A1 (en) * | 2018-02-06 | 2019-08-15 | 武汉斗鱼网络科技有限公司 | Browser page monitoring method and apparatus, and computer device |
| CN108600175A (en) * | 2018-03-27 | 2018-09-28 | 深圳世联松塔装饰科技有限责任公司 | Control method, device and the storage medium of system operatio permission |
| CN110968825A (en) * | 2019-11-30 | 2020-04-07 | 信联科技(南京)有限公司 | WEB page fine-grained authority control method |
| CN112487392A (en) * | 2020-12-08 | 2021-03-12 | 浪潮云信息技术股份公司 | Method for realizing authority control of management system by front end |
| CN114139193A (en) * | 2021-10-29 | 2022-03-04 | 济南浪潮数据技术有限公司 | Button authority control method and related device |
| CN115618408A (en) * | 2022-10-09 | 2023-01-17 | 浪潮云信息技术股份公司 | Function authority control method and system |
| CN115994345A (en) * | 2022-11-30 | 2023-04-21 | 山东通汇资本投资集团有限公司 | Dynamic authority management method and system based on authority limit under micro-service architecture |
| CN115981527A (en) * | 2022-12-29 | 2023-04-18 | 云汉芯城(上海)互联网科技股份有限公司 | User permission hierarchical management method and device, electronic equipment and readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 吴承来;周传华;周家亿;: "基于表单域访问控制模型的构建与实现", 计算机与数字工程, no. 10 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116628654B (en) | 2023-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109314642B (en) | Counting system and method for secure voting and distribution implemented with blockchain | |
| US11341118B2 (en) | Atomic application of multiple updates to a hierarchical data structure | |
| US11675774B2 (en) | Remote policy validation for managing distributed system resources | |
| US7702693B1 (en) | Role-based access control enforced by filesystem of an operating system | |
| JP6169777B2 (en) | Data tokenization method and apparatus, and computer-readable medium for data tokenization | |
| US9805209B2 (en) | Systems and methodologies for managing document access permissions | |
| CN109479062B (en) | Usage tracking in hybrid cloud computing systems | |
| CN111641627A (en) | User role authority management method and device, computer equipment and storage medium | |
| CN111177252A (en) | Service data processing method and device | |
| US11115804B2 (en) | Subscription to dependencies in smart contracts | |
| US11003653B2 (en) | Method and system for secure digital documentation of subjects using hash chains | |
| US20190303614A1 (en) | Determination and visualization of effective mask expressions | |
| US11275850B1 (en) | Multi-faceted security framework for unstructured storage objects | |
| CN114139502A (en) | Document content processing method, device, equipment and storage medium | |
| CN116628654B (en) | Front-end page authority control method, device, equipment and storage medium | |
| US20170344627A1 (en) | System for lightweight objects | |
| US9009731B2 (en) | Conversion of lightweight object to a heavyweight object | |
| US20220385596A1 (en) | Protecting integration between resources of different services using service-generated dependency tags | |
| JP4723930B2 (en) | Compound access authorization method and apparatus | |
| CN105354506A (en) | File hiding method and apparatus | |
| US8635331B2 (en) | Distributed workflow framework | |
| CN112528339A (en) | Data desensitization method based on Cach é database and electronic equipment | |
| JP4371995B2 (en) | Shared file access control method, system, server device, and program | |
| US11706472B2 (en) | Modifying event playlists | |
| TWI767644B (en) | System for setting data structure and automatically generating application programming interface service information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |