CN118264430A

CN118264430A - Data processing method, device, computer equipment, medium and product

Info

Publication number: CN118264430A
Application number: CN202211704180.2A
Authority: CN
Inventors: 黄铁鸣; 郭金辉; 李斌; 黄强; 陈育武
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2022-12-26
Filing date: 2022-12-26
Publication date: 2024-06-28

Abstract

The application provides a data processing method, a data processing device, computer equipment, a medium and a product. The method comprises the following steps: acquiring an address book data viewing request submitted by an application client of a target object aiming at a target service scene, wherein the address book data viewing request carries login credential data acquired from a target application object of the application client, and the login credential data comprises an encrypted object identifier of the target application object aiming at the application client; analyzing the login credential data to obtain an encrypted object identifier; acquiring target address book data matched with a target object in a target service scene according to the encrypted object identifier; and generating address book display data according to the target address book data to display on the application client. The application supports obtaining visible address book display data based on the encrypted object identification in the target service scene such as document writing, audio-video conference and the like, and can improve the data security.

Description

Data processing method, device, computer equipment, medium and product

Technical Field

The present application relates to the field of computer technology, and in particular, to a data processing method, a data processing apparatus, a computer device, a computer readable storage medium, and a computer program product.

Background

Currently, in a business scenario such as a video conference and document collaboration, if a target object in the business scenario needs to view an organization structure of a certain object or an enterprise, after obtaining address book data to be viewed, original address book data (for example, organization structure of the enterprise or department information of an member in the enterprise) is directly displayed in a specific panel. In existing schemes, it is not secure enough for these raw data to be displayed directly into a particular panel.

Disclosure of Invention

The embodiment of the application provides a data processing method, a device, computer equipment, a medium and a product, which support the acquisition of visible address book display data based on encrypted object identification in target service scenes such as document writing, audio and video conferences and the like, and can improve the data security.

In one aspect, an embodiment of the present application provides a data processing method, where the method includes:

Acquiring an address book data viewing request submitted by an application client of a target object aiming at a target service scene, wherein the address book data viewing request carries login credential data acquired from a target application object of the application client, and the login credential data comprises an encrypted object identifier of the target application object aiming at the application client;

Analyzing the login credential data to obtain an encrypted object identifier;

acquiring target address book data matched with a target object in a target service scene according to the encrypted object identifier;

and generating address book display data according to the target address book data to display on the application client.

In one aspect, an embodiment of the present application provides a data processing apparatus, including:

The system comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is used for acquiring an address book data viewing request submitted by an application client of a target service scene aiming at a target object, and the address book data viewing request carries login credential data acquired from the target application object of the application client, wherein the login credential data comprises an encrypted object identifier of the target application object aiming at the application client;

The processing unit is used for analyzing the login credential data to obtain an encrypted object identifier;

The processing unit is also used for acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier;

And the processing unit is also used for generating address book display data according to the target address book data so as to be displayed on the application client.

In one possible implementation, the processing unit generates address book display data according to the target address book data to display at the application client, and is configured to perform the following operations:

generating address book display data according to the target address book data, and sending the address book display data to an application client for display processing;

The address book display data are displayed based on an encrypted data display component provided by the application client, and the encrypted data display component is obtained after the address book component is assigned according to a preset data instruction for indicating to acquire target address book data.

In one possible implementation manner, the address book data viewing request carries a login object identifier of the target object, the login credential data has a validity period, and the encrypted object identifier is obtained after encryption based on an account identifier of the target object about the target application object; the processing unit is also configured to perform the following operations:

During the validity period of the login credential data, analyzing the login credential data to obtain an encrypted object identifier;

Matching the login object identification and the encryption object identification;

And if the matching is successful, triggering and executing the step of acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier.

In one possible implementation manner, the processing unit obtains target address book data matched with the target object in the target service scene according to the encrypted object identifier, and is used for executing the following operations:

After successful matching of the login object identification and the encryption object identification, generating a session key corresponding to the target object;

performing identity authentication processing on the target object based on the session key through the object authentication service;

if the identity authentication is passed, acquiring target address book data matched with the encrypted object identification of the target object in the target service scene in the validity period of the login credential data.

In one possible implementation, the target address book corresponding to the target address book data is constructed based on a multi-tree organization architecture;

The tree nodes in the multi-tree organization architecture are used for recording object identifiers corresponding to the target address book, and the object identifiers comprise: unit identification, department identification of each department under the unit, and member identification of each member in each department;

The connection relations between the tree nodes are used for representing the organization relations between the object identifications, and the organization relations comprise: the organization relationship among the units indicated by the unit identifications, the departments indicated by the department identifications and the members indicated by the member identifications;

The object identifiers are classified and recorded through the labels, and one or more object identifiers are classified and recorded in one or more corresponding label items.

In one possible implementation, the processing unit is further configured to perform either or both of the following steps:

In response to receiving a synchronous update request sent through the synchronous call interface, performing update processing on the target address book according to an update content object included in the synchronous update request, wherein the update processing includes: any one or more of adding department identification, deleting department identification, modifying department identification, adding member identification, deleting member identification, modifying member identification, adding tag identification, deleting tag identification and modifying tag identification;

And responding to the received asynchronous update request sent by the asynchronous call interface, acquiring an update content object set included in the asynchronous update request, and respectively carrying out update processing on the target address book according to each update content object in the update content object set.

In one possible implementation, the processing unit is further configured to perform the following operations:

responding to a rule setting request aiming at a target address book, setting a corresponding data management rule for the target address book, wherein the data management rule is used for indicating the visible range of a target member identifier in the target address book in a multi-tree organization structure;

The processing unit acquires target address book data matched with a target object in a target service scene according to the encrypted object identifier, and is used for executing the following operations:

acquiring target address book data matched with a target object in a target service scene according to a data management rule set for the target address book and an encrypted object identifier;

Each object identifier included in the target address book data is contained in a visible range in the multi-tree organization structure, wherein the member identifier indicated by the encrypted object identifier is included in the visible range.

Setting a corresponding limit checking rule aiming at the target address book, wherein the limit checking rule comprises a limit checking identification set, and the limit checking identification set comprises: any one or more of department identification limiting viewing, member identification limiting viewing, additional visible member identification, white list member identification;

the processing unit acquires target address book data matched with the target object in the target service scene according to the encrypted object identifier, and is used for executing any one or more of the following steps:

if the department to which the member identification indicated by the encrypted object identification belongs is a target department indicated by the department identification limiting viewing, generating data comprising the target department as target address book data matched with the target object in the target service scene;

if the member identification indicated by the encrypted object identification is a target member indicated by the member identification limited to be checked, generating data with an address book being empty as target address book data matched with a target object in a target service scene;

And if the member indicated by the encrypted object identifier is the white list member indicated by the white list member identifier, taking the complete data of the target address book as target address book data matched with the target object in the target service scene.

Setting a corresponding hiding rule aiming at the target address book, wherein the hiding rule comprises a hiding identification set, and the hiding identification set comprises: any one or more of hidden department identification, hidden member identification and white list hidden identification;

Acquiring initial address book data matched with a member identification indicated by an encryption object identification in a target service scene;

And hiding the initial address book data according to the hiding rule corresponding to each object identifier in the initial address book data to obtain target address book data.

Receiving a field setting request aiming at object identifiers in a target address book, wherein the field setting request carries description information aiming at one or more object identifiers;

according to the description information, setting fields of display data of address book objects indicated by each object identifier;

Wherein, the field setting includes: setting a data display field of each communication object in the target address book and setting any one or more of a data hiding field of a reference address book object in a plurality of address book objects.

When an update event aiming at a target address book is detected, incremental update data indicated by the update event is sent to an application client side, so that the application client side performs incremental update processing on the target address book based on the incremental update data; or alternatively

When a full-volume downloading request aiming at a target address book is detected, transmitting full-volume address book data of the target address book to an application client so that the application client can download the target address book in a full-volume mode based on the full-volume address book data; the full download request is generated and sent by the application client after determining that the incremental update processing operation cannot be performed.

In one possible implementation, for a reference object identifier in the target address book, if the covered rule includes a plurality of rules, the covered rule is allowed to determine a target rule for the reference object identifier according to the rule priority;

If the rule covered by the reference object identifier comprises a first rule and a second rule, determining a target rule for the reference object identifier as the first rule according to the rule priority, wherein in the multi-tree organization structure, a first object identifier in a target address book corresponding to the first rule is closer to a leaf node than a second object identifier, and the second object identifier is an object identifier in the target address book corresponding to the second rule;

Or if the rule covered for the reference object identifier comprises an address book checking rule and comprises a limiting checking rule and/or a hiding rule, determining a target rule for the reference object identifier as the address book checking rule according to the rule priority;

Or if the rule covered by the reference object identifier comprises a limit viewing rule and a hidden rule, limiting the limit viewing rule to the target rule determined by the rule priority for the reference object identifier.

Executing a limit checking rule on the target address book, and generating organization structure data of limit checking, which is matched with the member identification indicated by the encrypted object identification;

and executing hiding rules on the organization structure data limited to be checked, and generating target address book data matched with the member identification indicated by the encrypted object identification.

In one possible implementation, the target address book includes an enterprise ring address book constructed based on a plurality of units; the processing unit is also configured to perform the following operations:

Responding to address book construction requests aiming at a plurality of units, and constructing and obtaining an enterprise ring address book according to unit identifications of all units, department identifications of all departments under all units and member identifications of all members in each department, wherein the unit identifications are included in the address book construction requests;

The departments indicated by the department identifications recorded by the tree nodes in the multi-tree organization architecture corresponding to the enterprise ring address book comprise: a self-building department and a mapping department; the self-building department is constructed based on members in at least one unit in the enterprise circle address book, and the mapping department is used for indicating the department to which each member in the self-building department belongs in the address book of the respective unit.

In one aspect, an embodiment of the present application provides a computer apparatus, where the computer apparatus includes a memory and a processor, and the memory stores a computer program, and when the computer program is executed by the processor, causes the processor to execute the data processing method described above.

In one aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program that, when read and executed by a processor of a computer device, causes the computer device to perform the above-described data processing method.

In one aspect, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the data processing method described above.

In the embodiment of the application, firstly, an address book data viewing request submitted by an application client of a target object aiming at a target service scene can be obtained, wherein the address book data viewing request carries login credential data obtained from a target application object of the application client, and the login credential data comprises an encrypted object identifier of the target application object aiming at the application client. And then analyzing the login credential data to obtain an encrypted object identifier. Then, target address book data matched with the target object in the target service scene can be obtained according to the encrypted object identification. Finally, address book display data can be generated according to the target address book data so as to be displayed on the application client. Therefore, when the address book data is requested to be checked, the matched target address book data is supported to be acquired based on the encrypted object identification of the target object, real object information is not required to be provided in the data acquisition process, and the safety of the identity data of the target object can be ensured; in addition, the original data (target address book data) of the address book is not directly provided for the application client, but the corresponding address book display data is generated based on the target address book data and provided for the application client to display the data, so that the risks that the address book data is leaked or tampered and the like can be avoided, and the data safety and reliability in the data processing process are further improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for the person skilled in the art.

FIG. 1 is a schematic diagram of a data processing scheme according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a data processing system according to an embodiment of the present application;

FIG. 3 is a schematic flow chart of a data processing method according to an embodiment of the present application;

FIG. 4 is a schematic diagram of a scenario for obtaining login credential data according to an embodiment of the present application;

FIG. 5a is a schematic diagram of an interface for displaying address book data according to an embodiment of the present application;

FIG. 5b is a schematic diagram of an interface for viewing address book display data according to an embodiment of the present application;

Fig. 6 is a flow chart of a method for managing a target address book according to an embodiment of the present application;

FIG. 7 is a schematic diagram of a multi-tree organization structure of a target address book according to an embodiment of the present application;

Fig. 8a is a schematic view of a scenario in which a restriction viewing rule is set for a target address book according to an embodiment of the present application;

FIG. 8b is a schematic diagram of another scenario in which a restriction view rule is set for a target address book according to an embodiment of the present application;

FIG. 8c is a schematic view of another scenario in which a restriction view rule is set for a target address book according to an embodiment of the present application;

fig. 9a is a schematic view of a scenario in which a hiding rule is set for a target address book according to an embodiment of the present application;

fig. 9b is a schematic diagram of another scenario in which a hiding rule is set for a target address book according to an embodiment of the present application;

fig. 9c is a schematic diagram of another scenario in which a hiding rule is set for a target address book according to an embodiment of the present application;

FIG. 10 is a schematic diagram of an organization structure of an enterprise ring address book according to an embodiment of the present application;

FIG. 11 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.

The present application provides a data processing scheme that is supported in, for example: in target service scenes such as document collaboration and audio-video conferences, target address book data can be acquired based on the encrypted object identification request, so that the safety of the data is improved; in addition, detailed information (such as department information and the like) of the object can be displayed on the outside based on the encrypted data component, and the original data of the address book, the organization structure information and the like are not exposed to an external enterprise, so that the safety and the reliability of the data are improved to a certain extent.

Referring to fig. 1, fig. 1 is a schematic diagram of a data processing scheme according to an embodiment of the application. As shown in fig. 1, the principle of the data processing scheme provided by the application is as follows: the target object can submit an address book data checking request in a target service scene, and send the address book data checking request to an address book data background server (background server for short) based on an application client running the target service scene, wherein the address book data checking request carries login credential data. After receiving the address book data checking request, the background server can analyze to obtain login credential data, and call an object authentication service to perform authentication processing based on the login credential data, wherein authentication refers to verifying whether a target object has a service authority for accessing the address book data, and if authentication fails, returning blank data to an application client or not returning the address book data; if the authentication is successful, the login credential data (obtained by encrypting the encrypted object identifier of the target object) is decrypted based on the open platform service to obtain the encrypted object identifier. And finally, acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier, and generating address book display data according to the target address book data so as to be displayed on the application client.

From this, the application has the following characteristics: ① According to the application, when the address book data is requested to be checked, the matched target address book data is supported to be acquired based on the encrypted object identification of the target object (the identity of the target object is required to be authenticated), real object information is not required to be provided in the data acquisition process, and the safety of the identity data of the target object can be ensured; ② The original data (target address book data) of the address book is not directly provided for the application client, but the corresponding address book display data is generated based on the open platform server, and the address book display data is provided for the application client to display the data, so that risks that the address book data is leaked or tampered and the like can be avoided, and the data safety and reliability in the data processing process are further improved.

The data processing scheme provided by the application mainly relates to a blockchain technology and a cloud storage technology, and key technical terms related to the data processing scheme provided by the application are introduced in a related manner:

(1) Blockchain techniques:

Blockchains are novel application modes of computer technologies such as distributed data storage, peer-to-Peer (P2P) transmission, consensus mechanisms, encryption algorithms, and the like. A blockchain is essentially a de-centralized database, which is a series of data blocks (also referred to as blocks) that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeiting) of the information and generating the next data block. The blockchain cryptographically ensures that the data is not tamperable and counterfeitable.

① According to the application, login credential data, target address book data, address book display data and other data related in the data processing process can be sent to the blockchain for storage, and the safety and reliability of the data processing process can be improved based on the characteristics of non-tampering, traceability and the like of the blockchain, so that the risk of data leakage is avoided.

② Further, the present application may deploy the specific implementation of the data processing scheme described above in a blockchain system. The blockchain system may be a data sharing system, where the data sharing system refers to a system for performing data sharing between nodes, and the data sharing system may include multiple nodes, where the multiple nodes may be respective computer devices in the data sharing system, and the computer devices may be terminal devices or servers, for example. Among them, each node in the data sharing system may form a point-To-point (P2P, peer To Peer) network, and the P2P protocol is an application layer protocol running on top of a transmission control protocol (TCP, transmission Control Protocol) protocol, and the data sharing system is maintained based on the TCP protocol. Specifically, each application client in the target service scene can be used as a node in the blockchain system, and each application client can commonly maintain one blockchain system in the target service scene (such as a document collaboration scene, an audio/video conference scene and the like) so as to ensure the traceability of a data processing flow.

(2) Cloud storage technology:

As can be seen from the above, in a business scenario such as document collaboration, audio-video conferencing, etc., each application client can act as each node in the blockchain system, and each application client involves a large number of data computing services and data storage services, which require a large amount of computer operating costs. Therefore, the method and the device can store the address book display data requested to be checked by each application client to the corresponding application client based on the cloud storage service.

The cloud storage (cloud storage) is a new concept that extends and develops in the concept of cloud computing, and the distributed cloud storage system (hereinafter referred to as a storage system for short) refers to a storage system that provides data storage and service access functions for the outside through aggregation of a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through application software or application interfaces by means of functions such as cluster application, grid technology, and distributed storage file systems.

(3) Login credential data:

The login credentials data (code) is a set of encrypted string combinations. Specifically, the login credential data may be an encrypted string obtained by performing combined encryption processing based on the encrypted object identifier (openid) of the target object and the service parameters in the target service scenario, and more specifically, the login credential data code may be obtained by calling a cgi (specification of an external program when the server runs) interface, and then performing encryption processing based on the encrypted object identifier openid of the target object and related service parameters. Wherein the encrypted object identifier refers to a unique identifier of the target object. In addition, the service parameters may be determined according to a target service scenario, for example, the target service scenario is an audio-video conference scenario, and the service parameters may include, but are not limited to: conference names of audio-video conferences, conference times (e.g., start time, end time, etc.), conference participants, etc.; as another example, the target business scenario is a document collaboration scenario, then the business parameters may include, but are not limited to: document name, document address, creator name, etc.

The login credential data has a validity period, for example, the validity period may be 1 minute, 5 minutes, or the like. During the validity period of the login credential data, the user can query address book data in a target service scene based on the login credential data; if the login credential data has failed (i.e., is not within the validity period), the corresponding address book data cannot be triggered to be checked based on the login credential data.

(4) Encryption object identification:

It should be understood that a target object corresponds to a unique encrypted object identifier, and the encrypted object identifier of the target object may be obtained by encrypting an object identifier corresponding to the target object in a target application object, where the target application object specifically may include: mobile applications, web applications, public accounts (commonly known as public numbers), applets (installation-free applications), and the like. Types of target application objects may include, but are not limited to: social platform, content interaction platform, shopping platform, etc. That is, the encrypted object identifier of the target object in the present application is understood to be a unique identifier obtained from a trusted application.

In the embodiment of the application, the login credential data code is determined based on the unique identifier (encrypted object identifier openid) of the target object, and when the address book data is checked, the login credential data code needs to be carried, and the target address book data matched with the target object is acquired based on the encrypted object identifier openid obtained by decrypting the login credential data code. Because the matched address book data can be obtained only by the open openid identities provided externally in the target service scene, the development cost and the access cost can be reduced.

It should be noted that, in the following specific embodiments of the present application, related data such as object information is referred to, and when the above embodiments of the present application are applied to specific products or technologies, permission or consent of the object needs to be obtained, and collection, use and processing of the related data need to comply with related laws and regulations and standards of related countries and regions.

In connection with the above description of the data processing scheme provided by the present application and related technical terms involved, the architecture of the data processing system provided by the embodiment of the present application is specifically described below in connection with fig. 2.

With reference to FIG. 2, FIG. 2 is a block diagram illustrating an architecture of a data processing system according to an embodiment of the present application. The architecture diagram of the data processing system may at least include: a cluster of terminal devices, and an application server 204. The terminal equipment cluster comprises: terminal device 201, terminal device 202, terminal device 203, and the like; communication connection can be established between the application server 204 and any one of the terminal devices (e.g., the terminal device 201) in the terminal device cluster in a wired or wireless manner, for example, data (e.g., target address book data, address book display data, etc.) can be specifically transmitted between the application server 204 and the terminal device 201 based on a real-time communication protocol. It should be understood that, in any terminal device in the terminal device cluster, an application client is running in the target service scene, for example, the target service scene is a document collaboration scene, and then the application client running in any terminal device may be a document client; for another example, if the target service scene is an audio/video conference scene, the application client running in any terminal device may be a conference client; if the target service scene is a live interaction scene, the application client running in any terminal device can be a live client. It should be noted that, the number of terminal devices in the terminal device cluster is used as an example, and the embodiment of the present application does not limit the number of terminal devices.

The terminal device 201, the terminal device 202, the terminal device 203, and the like mentioned in the present application may be those including, but not limited to: a mobile phone, a tablet computer, a notebook computer, a palm computer, a Mobile Internet Device (MID) INTERNET DEVICE, an intelligent voice interaction device, an in-vehicle terminal, a roadside device, an aircraft, a wearable device, an intelligent home appliance, or a wearable device with a data processing function such as a smart watch, a smart bracelet, a pedometer, and the like.

The application server 204 in the present application may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content delivery networks), basic cloud computing services such as big data and artificial intelligence platforms, and the like.

Next, main functions of each device (for example, the terminal device 201 and the application server 204) in the above data processing system will be described correspondingly:

① The terminal device 201 runs an application client for the target service scenario, and the application client can generate an address book data viewing request submitted by the application client for the target service scenario for the target object, and then send the address book data viewing request to the application server 204. Wherein, one or more target application objects can be operated in the application client, and the target application objects can comprise: the method comprises the steps of small program, public number and the like, wherein a unique account number identification corresponds to each target application object, an encrypted object identification of the target object can be determined based on the account number identification, login credential data of the target object can be generated based on the encrypted object identification, and the login credential data are used for requesting to acquire target address book data in a target service scene and checking address book display data. ② The application server 204 is configured to be responsible for storing address book data of at least one unit, perform object authentication on an initiator (target object) of the address book data viewing request when receiving the address book data viewing request sent by the application client, obtain target address book data matched with the target object after the authentication is passed, and finally return address book display data generated according to the target address book data to the application client for display.

In a possible implementation, the data processing scheme of the present application will be explained again by taking the terminal device 201 and the application server 204 as examples. Specifically, the terminal device 201 may send an address book data viewing request to the application server 204, where the address book data viewing request carries login credential data obtained from a target application object where the application client is located, where the login credential data includes an encrypted object identifier of the target application object for the application client. After acquiring an address book data viewing request submitted by an application client of a target service scene by a target object, the application server 204 can analyze login credential data to obtain an encrypted object identifier, and acquire target address book data matched with the target object in the target service scene according to the encrypted object identifier; finally, the application server 204 generates address book display data according to the target address book data, and sends the address book display data to the terminal device 201. The terminal device 201 displays the address book display data in the application client.

It will be understood that, the data processing system described in the embodiments of the present application is for more clearly describing the technical solution of the embodiments of the present application, and is not limited to the technical solution provided by the embodiments of the present application, and as a general technical object in the art can know, along with the evolution of the system architecture and the appearance of new service scenarios, the technical solution provided by the embodiments of the present application is also applicable to similar technical problems.

Based on the foregoing description of the data processing scheme and the data processing system of the present application, specific embodiments related to the data processing scheme will be described in detail below with reference to the accompanying drawings.

Referring to fig. 3, fig. 3 is a flowchart of a data processing method according to an embodiment of the application. The method is applied to an application server in the data processing system shown in fig. 2, and the data processing method mainly includes, but is not limited to, the following steps S301 to S304:

S301: the method comprises the steps of obtaining an address book data viewing request submitted by an application client of a target object aiming at a target service scene, wherein the address book data viewing request carries login credential data obtained from a target application object of the application client, and the login credential data comprises an encrypted object identifier of the target application object aiming at the application client.

In the embodiment of the present application, the address book data viewing request may be generated after a target object requests to view an address book organization structure visible to the target object in a target service scene, that is, the address book data viewing request is used to request to view an address book organization structure associated with the target object; the address book data viewing request may also be generated after the target object requests to view address book information of the associated object associated with the target object in the target service scenario, that is, the address book data viewing request is further used to view address book information of the associated object associated with the target object, where the associated object and the target object may belong to the same unit/enterprise, the associated object and the target object may also belong to different units/enterprises, and the address book information may include, for example: department information, name, avatar, signature, etc. In addition, the target object refers to any member of the enterprise, and in order to facilitate the distinguishing description, in the subsequent embodiment of the present application, the member requesting to view the address book data is referred to as the target object.

Wherein, one or more target application objects can be operated in the application client, and the target application objects can comprise: the method comprises the steps of mobile application, website application, public account, applet and the like, wherein a target object corresponds to a unique account identifier in each target application object, an encrypted object identifier of the target object can be determined based on the account identifier, and login credential data of the target object can be generated based on the encrypted object identifier. Specifically, the encrypted object identifier (openid) may be obtained after encrypting the account identifier of the target object with respect to the target application object; the login credentials data (code) may be generated based on the encrypted object identification (openid) of the target object and corresponding business parameters in the target business scenario.

In one possible implementation, if a target object is associated with a plurality of target application objects (such as a mobile application, a website application, a public account, and an applet, etc.), where the target application objects are all developed based on the same application open platform, the account identifier of the target object with respect to the target application object may be denoted by UnionID, although the account identifiers corresponding to the target objects in the respective target application objects may not be the same, based on the plurality of target application objects corresponding to the same application open platform, the UnionID may also be used as a unique identifier of the target object, that is, each mobile application, website application, public number, applet, etc. under the same application open platform, the UnionID of the target object is unique. That is, the same target object, unionID, is the same for different applications under the same application open platform. In particular implementations, based on the account identifier UnionID unique to the target object, an encrypted object identifier (openid) unique to the target object may be determined.

In one possible implementation manner, the application client may encrypt the encrypted object identifier (openid) of the target object and the corresponding service parameter in the target service scenario by calling a CGI (specification of an external program when the server runs) interface, so as to obtain login credential data of the target object, that is, the login credential data may be understood as an encrypted string combination. It should be appreciated that the above-mentioned business parameters may be determined based on the targeted business scenario. For example, the target service scenario is an audio-video conference scenario, the service parameters may include, but are not limited to: conference names of audio-video conferences, conference times (e.g., start time, end time, etc.), conference participants, etc.; as another example, the target business scenario is a document collaboration scenario, then the business parameters may include, but are not limited to: document name, document address, creator name, etc. Next, a detailed description is given of a specific procedure of how login credential data is generated on the application client side:

Referring to fig. 4, fig. 4 is a schematic diagram of a scenario for obtaining login credential data according to an embodiment of the present application. As shown in fig. 4, after the application client starts the target application object, an application interface S401 of the target application object may be displayed, where the target application object may specifically be a social application object, and a social session message between multiple social members may be displayed in the application interface S401. It will be appreciated that one or more applets are run in the target application object, wherein the process of displaying an applet interface in the target application object may include: in response to the detected movement instruction in the application interface, an applet interface is displayed. The manner of generating the movement instruction may include, but is not limited to: (1) And generating a movement instruction by the preset movement operation detected in the operation area in the application interface, wherein the preset movement operation comprises the following steps: any one of a sliding operation, a gesture operation (e.g., drawing "S"), a hover operation, and the like; (2) For the applet entry set in the application interface, a trigger operation (any one of a single click operation, a double click operation, and a long press operation) to the applet entry is detected, and a movement instruction is generated. As shown in fig. 4, a target object may move from a first location (4011) to a second location (4012) in an application interface, trigger generation of a move instruction, and display an applet interface S402. The applet interface S402 includes: an applet display area 4021 and an application display area 4022, the applet display area 4021 displays an identification of one or more applets, for example, applet 1, 2..9, and the application display area 4022 displays an interface message about a target application object. If the target object clicks on any applet identification (e.g., applet 1), a call to the cgi interface (e.g., wx. Login interface) may be triggered to generate a login credential data code for the target object. Specifically, login credential data of the target object may be generated based on an encrypted object identifier obtained after the target object is encrypted with respect to an account identifier of the target application object.

S302: and analyzing the login credential data to obtain an encrypted object identifier.

As can be seen from the above, the login credential data is determined based on the encrypted object identification of the target object. Then, the encrypted object identification of the target object can be obtained after the login credential data is analyzed. Specifically, if the login credential data is determined after encryption processing based on the encrypted object identifier of the target object, the login credential data may be decrypted according to an algorithm corresponding to the encryption processing to obtain the encrypted object identifier; if the login credential data is determined after compression processing based on the encrypted object identifier of the target object, the login credential data can be decompressed according to a compression mode corresponding to the compression processing, so as to obtain the encrypted object identifier.

In one possible implementation, the login credential data has a validity period, e.g., 1 minute, 5 minutes, etc., that is, the login credential data is allowed to be consumed within the validity period, beyond which the login credential data can be considered invalid and can be automatically cleared by the system; in addition, login credential data during the validity period is allowed to be consumed once. It can be understood that, for the same target object, the login credential data (code p) correspondingly generated when the p-th request checks address book data is different from the login credential data (code q) correspondingly generated when the q-th request checks address book data, p and q are both positive integers, and p is not equal to q. Analyzing login credential data to obtain an encrypted object identifier, which specifically comprises the following steps: and in the validity period of the login credential data, analyzing the login credential data to obtain the encrypted object identifier. If the validity period of the login credential data is exceeded, that is, the login credential data is invalid, analysis processing cannot be performed on the login credential data, or an encrypted object identifier cannot be obtained after analysis is performed on the login credential data. By the method, the validity period of login credential data is set, so that safety in the process of checking address book data can be improved.

S303: and acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier.

In one possible implementation manner, the address book data viewing request carries a login object identifier of the target object, and the login credential data has an expiration date. Specifically, firstly, analyzing and processing login credential data in the validity period of the login credential data to obtain an encrypted object identifier; then, matching processing can be carried out between the login object identification and the encryption object identification; and if the matching is successful, triggering and executing the step of acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier. The login object identifier is obtained after the account identifier of the target object about the target application object is encrypted, that is, the login object identifier is the unique identity identifier of the target object about the target application object, when the target object requests to view address book data, the matching processing is performed on the unique identity identifier (login object identifier) of the current login object and the encrypted object identifier obtained after decrypting login credential data, if the matching is successful, the target object requesting to view is the target object indicated in the login credential data, the reliability of the login credential data can be determined, and the security of the data processing process is improved.

Optionally, during the validity period of the login credential data, after the login credential data is analyzed, relevant service parameters can be obtained, and after the encrypted object identifier and the login object identifier are matched, the validity of the service parameters can be checked. Specifically, for example, the service parameters include: the conference name, conference time (such as start time and end time) and the number of conference participants of the audio-video conference can be checked, whether the conference name comprises sensitive words or words which are not in use with word specifications can be checked, the reasonability of the start time and the end time of the conference (such as that the start time is required to be earlier than the end time) can be checked, and whether the number of conference participants reaches a preset number threshold; as another example, the service parameters include: the document name, the document address and the creator name can be checked to see if the document name comprises sensitive words or words which do not share word specifications, to see if the document address is valid or legal, to see if the creator has document creation rights, and the like. Further, after determining that the service parameter is legal, the step of acquiring the target address book data matched with the target object in the target service scene according to the encrypted object identifier may be triggered and executed.

In one possible implementation manner, the application server obtains target address book data matched with a target object in a target service scene according to the encrypted object identifier, and specifically includes the following steps: after successful matching of the login object identification and the encryption object identification, generating a session key corresponding to the target object; performing identity authentication processing on the target object based on the session key through the object authentication service; if the identity authentication is passed, acquiring target address book data matched with the encrypted object identification of the target object in the target service scene in the validity period of the login credential data. The session key is a key that is valid for a long time, that is, the session key has no validity period and no expiration. It can be understood that, when the target object requests to view address book data for the p-th time, after the encrypted object identifier obtained after decryption based on login credential data (code p) is matched with the login object identifier, the target object performs object authentication based on the session key; and after the encrypted object identifier obtained after the decryption of the corresponding generated login credential data (code q) of the target object when the target object requests to view address book data for the q-th time is matched with the login object identifier, performing object authentication based on the session key. For example, the object authentication may specifically include: and checking the validity and legality of the session key, checking whether the target object has the service authority for accessing the address book data, and the like.

Through the method, the encrypted login credential data can be consumed in the validity period to carry out identity matching processing on the target object, and the target object can be further subjected to object authentication processing (validity, legitimacy, access authority and the like) based on the session key, so that the safety and reliability of the data processing process can be ensured to a greater extent through a double verification mode.

S304: and generating address book display data according to the target address book data to display on the application client.

In one possible implementation, generating address book display data for display on an application client according to target address book data may include the steps of: generating address book display data according to the target address book data, and sending the address book display data to the application client for display processing. The address book display data are displayed based on an encrypted data display component provided by the application client, and the encrypted data display component is obtained after the address book component is assigned according to a preset data instruction for indicating to acquire target address book data. In particular, before address book data is required to be requested, the value of the address book component open-type may be set to GETPARTYNAME (preset data instruction), and it should be noted that, the address book component provided by the present application may be understood as an encrypted data component, after the address book component is assigned, may be referred to as an encrypted data display component (openData component), and the openData component may be used to perform rendering processing on the address book display data returned by the application server, and visually present corresponding address book data in the application client for viewing by the target object. The address book display data may include, but is not limited to: the address book organization structure of the enterprise to which the member belongs is displayed, and personal information (such as enterprise identification of the enterprise to which the member belongs, department identification of the department to which the member belongs, corresponding positions of the member in the enterprise to which the member belongs, and the like) externally displayed in the target business scene by the member is displayed.

Next, a detailed description will be given of how to perform the address book display data on the display interface of the application client with reference to fig. 5a to 5 b.

Referring to fig. 5a, fig. 5a is a schematic diagram of an interface for displaying address book data according to an embodiment of the application. As shown in fig. 5a, multiple members within the target enterprise may participate in an audio-video conference together, and a page S501 shown in fig. 5a may be a conference display interface of an application client where any member is located with respect to the audio-video conference, where each member (for example, member 1, member 2, and member 3) participating in the audio-video conference and corresponding address book display data of each member in the audio-video conference are displayed in the conference display interface S501. For example, the address book display data of member 1 includes: a member identification (name, head portrait, etc.) of the member 1, an enterprise (XX enterprise) to which the member 1 belongs, a department (XX department), a project group (XX project group), and a position (clan) corresponding to the member 1 in the enterprise to which the member belongs; as another example, the address book display data of the member 2 includes: a member identification (name, head portrait, etc.) of the member 2, an enterprise (XX enterprise) to which the member 2 belongs, a department (XX department), a project group (XX project group), and a position (group leader) corresponding to the member 2 in the enterprise to which the member belongs; also, for example, the address book display data of the member 3 includes: the member identification (name, avatar, etc.) of the member 3, the enterprise (XX enterprise) to which the member 3 belongs, the department (XX department), the project group (XX project group), and the corresponding position (member) of the member 3 in the enterprise to which the member belongs.

Next, in response to a triggering operation for the target member identification displayed in the conference display interface, more detailed address book display data of the target member may be displayed, for example, the member identification 5011 of the member 1 may be clicked (single-clicked, double-clicked, or long-clicked), and then the address book display card 5021 of the member 1 is displayed in the conference display interface S502, and the address book display card 5021 includes more detailed address book display data of the member 1, for example, including but not limited to: member identification (name, avatar, etc.), enterprise (XX enterprise) to which member 1 belongs, department (XX department), project group (XX project group), and the corresponding position (clan) of the member 1 in the enterprise; And a plurality of address book setting items for member 1, such as view an enterprise address book setting item, view an avatar setting item, cancel a mute setting item, and modify a name setting item. The ① view the address book setting item of the enterprise can be used for viewing the address book organization architecture of the enterprise to which the member 1 belongs, and it should be understood that only a member person or other designated members are allowed to view the address book organization architecture of the enterprise to which the member 1 belongs, that is, the address book organization architecture of the enterprise to which the member 1 belongs defaults that the member 1 can view itself, and of course, other members (for example, the member 2) belonging to the same enterprise as the member 1 can default to view the address book organization architecture of the enterprise to which the member 1 belongs; Optionally, in the audio/video conference scenario, it may also be specified that members of other enterprises (for example, member 3) view the address book organization structure of the enterprise to which member 1 belongs, where the address book organization structure of the enterprise to which member 1 belongs is viewed by members of other enterprises (member 3) refers to the visible address book organization structure that member 3 is allowed to view, and not refers to the complete organization structure of the address book of the enterprise to which member 1 belongs by members 3 (the visible range of the visible address book organization structure that can be viewed specifically can be determined according to the setting of an administrator), and this part of the content can be described in detail in the following embodiments). Referring to fig. 5b, fig. 5b is a schematic diagram of an interface for viewing address book display data according to an embodiment of the present application, and as shown in fig. 5b, when a triggering operation (such as any one of a single click operation, a double click operation, and a long press operation) for an enterprise identifier 5023 displayed in an address book display card of a member 1 is detected, an address book organization structure of an enterprise to which the member 1 belongs may be displayed. ② The view avatar setting item may be used to view the avatar of member 1, optionally allowing for zoom-in view, zoom-out view, and save the avatar of member 1. ③ The mute release setting item is used for setting the audio state of the member 1 in the audio-video conference, and if the audio state currently set by the user 1 is a mute state, the audio state of the user 1 can be modified to be a non-mute state; If the audio state currently set by the user 1 is the non-mute state, the audio state of the user 1 can be modified to be the mute state. ④ The modification name setting item is used for modifying the name of the member 1, and it should be understood that only a member person or other designated member is allowed to modify the name of the member in the audio-video conference, that is, the name displayed by the member 1 in the audio-video conference defaults to be set or modified by the member 1 itself, and of course, other members (for example, a host, a manager, etc. of the current audio-video conference) may be designated to modify the name of the member 1 in the audio-video conference.

It should be noted that, in the present application, for any member, the address book display data corresponding to each member in the target service scene (for example, the audio/video conference scene mentioned herein) allows other members to view, but other members cannot obtain the original data of the target address book data of the member, so that the security of the address book data of each member can be ensured. Specifically, in order to realize risks such as leakage prevention of address book data, the embodiment of the application mainly provides an encrypted data display component for displaying the address book data, namely the application displays the address book display data matched with a target object based on the provided encrypted data display component, and can assign a value to the address book display component based on an encrypted object identifier (openid) of the target object, so that the address book display component can be used for displaying the address book display data without exposing specific original data content to the outside, and the safety of the address book data is ensured. In summary, the address book display data (such as organization structure of enterprise, department information of members in enterprise, personal data of members in enterprise, etc.) obtained after rendering the target address book data can be provided to the outside based on the encrypted address book data component, and the original data of the target address book data can not be directly provided to the service requester (target object), so that the security of the address book data can be ensured.

The embodiment of fig. 3 describes a specific flow of requesting to view the target address book data, and details of a background management process of the target address book corresponding to the target address book data are described below. It can be understood that after the corresponding management setting is performed on the target address book, the target address book can be used for the application client to request corresponding target address book data in the target service scene, please refer to fig. 6, fig. 6 is a flow chart of a target address book management method provided in the embodiment of the application, the target address book management method can be executed by the application server shown in fig. 2 or the management server responsible for managing the address books of each enterprise, and for convenience of explanation, the application server is used for performing the management of the target address book in the embodiment of the application for corresponding explanation. As shown in fig. 6, the method for managing the target address book mainly includes, but is not limited to, steps S601 to S604 as follows:

s601: and responding to a rule setting request aiming at the target address book, and setting a corresponding data management rule for the target address book.

In the embodiment of the application, the target address book corresponding to the target address book data is constructed based on a multi-tree organization structure. The data management rule is used to indicate the visible range of the target member identifier in the multi-tree organization structure in the target address book, that is, the essence of setting the corresponding data management rule for the target address book can be understood as for the multi-tree organization structure: any one or more of enterprise identification/unit identification, department identification and member identification are specifically set in a corresponding visible range.

1. Firstly, the organization structure of the target address book corresponding to the target address book data is specifically introduced.

In one possible implementation manner, a tree node in the multi-tree organization architecture is configured to record an object identifier corresponding to a target address book, where the object identifier includes: unit identification, department identification of each department under the unit, and member identification of each member in each department; the connection relations between the tree nodes are used for representing the organization relations between the object identifications, and the organization relations comprise: the organization relationship among the units indicated by the unit identifications, the departments indicated by the department identifications and the members indicated by the member identifications; the object identifiers are classified and recorded through the labels, and one or more object identifiers are classified and recorded in one or more corresponding label items.

For example, referring to fig. 7, fig. 7 is a schematic diagram of a multi-tree organization structure of a target address book according to an embodiment of the application. As shown in fig. 7, the multi-tree organization architecture is composed of a plurality of tree nodes, wherein each tree node is configured to record: any one or more of a unit identifier (enterprise identifier, i.e., root department in fig. 7), a department identifier of each department under the unit (e.g., department a, department B, and department C), a member identifier of each member in each department (e.g., member a, member b..member g.), optionally, a tree node in the multi-tree organization structure for recording the unit identifier may also be referred to as a root node, and one multi-tree organization structure corresponds to one root node. It should be understood that, for a target enterprise/unit, the enterprise- > departments- > members are sequentially divided according to a tree form, so that, as shown in fig. 7, the multi-tree organization structure may be optionally further divided into one or more sub-departments for the departments, any sub-department may be further divided into one or more groups, and so on, in the embodiment of the present application, the enterprise may be correspondingly divided into multiple levels of multi-tree organization structures according to service requirements. Next, each tree node in the multi-tree organization architecture is described in detail:

① Enterprise (corp): each enterprise has a unique id (corpid, unit identifier/enterprise identifier), and each enterprise has a corresponding address book, i.e. one enterprise corresponds to one address book, and all members in the enterprise share one address book data.

② Department (part): each department within an enterprise contains zero to multiple members, each department has a unique id (partyid, department identification) and a parent department id (parentid, parent department identification), as shown in fig. 7, the partyid of department a may be department a, the parent department of which is enterprise a, namely parentid is enterprise X; similarly, the group a partyid may be group a, where the parent department of group a is department a, that is, parentid is department a, and so on, so that a hierarchy of the entire address book may be constructed. The root department of the enterprise is the same department as the name of the enterprise, and parentid is 0.

③ Member (party user): each member (account) has a unique id (vid, member identification), and a member can belong to multiple departments at the same time, for example, a member a belongs to both department a and department B; thus < vid, partyid > is used to uniquely identify a member.

④ Label (tag): the tag can be used for conveniently performing address book management, specifically, a plurality of department identifications or member identifications can be added into the tag, so that the display, the hiding and the like of the address book can be conveniently managed based on the tag, for example, a member A and a department B can be both added into the same tag A, and then unified management can be performed on each member (member A, member D and member E) included in the member A and the department B based on the tag A. Wherein each tag is provided with a unique tagid identity (tag identity). In addition, one or more tags may be provided for each business, each tag including one or more tag items (tag items) for storing a corresponding partyid or vid. The management of the address book based on the labels can be performed on the object identifications (member identifications and department identifications) of different levels at the same time, the constraint of the levels is crossed, and the management mode is more flexible and convenient.

2. Next, a background setting procedure of the organization structure of the above-mentioned target address book will be described in detail. The specific process of setting the target address book may include, but is not limited to: updating the organization structure of the target address book, setting corresponding data management rules (such as limit checking rules, hiding rules and the like) for the target address book, setting fields for object identifiers in the target address book and the like.

(1) Updating the organization structure of the target address book.

Next, several specific ways of updating address book organization structures according to the present application will be described in detail:

a. An administrator (a member having update authority) updates the organization structure of the target address book in the management client. Specifically, the administrator may manually perform any one or more of the operations of adding, deleting, and modifying for any department identifier in the management client (i.e., the application client where the administrator is located); as another example, an administrator may manually perform any one or more of the add, delete, modify operations in the administration client for any member identification; also, for example, an administrator may manually perform any one or more of the adding, deleting, modifying operations for any tag in the administration client; for another example, the administrator may import address book data to be adjusted in the management client through an excel file, so as to trigger updating the organization structure of the target address book based on the address book data to be adjusted.

B. And updating the organization structure of the target address book based on the open service interface at the application development end. Each application client realizes a corresponding target application object based on the application development end, which can be understood as a background client for uniformly managing each target application object, wherein the background client is used for realizing specific functions related to the target application object in service application, for example, the target application object is a content interaction platform, and the application development end corresponding to the target application object can be understood as a background client for developing social functions (such as a session function and a social message sharing function); in another example, if the target application object is a content interaction platform, the application development end corresponding to the target application object may be understood as a background client end for developing content interaction functions (such as a content publishing function, a content evaluating function, and a content forwarding function). Specifically, the administrator may manually perform the following operations by calling an open service interface (OpenAPI) to implement updating of the organization architecture of the target address book, where calling the OpenAPI interface may include performing the following operations: for example, any one or more of the add, delete, modify operations are performed manually for any department identification; as another example, an administrator may manually perform any one or more of the add, delete, modify operations in the administration client for any member identification; also for example, an administrator may manually perform any one or more of the add, delete, modify operations for any tag in the administration client.

C. And updating the organization structure of the target address book based on the synchronous calling interface. In one possible implementation manner, in response to receiving a synchronization update request sent through the synchronization call interface, performing update processing on the target address book according to an update content object included in the synchronization update request, where the update processing includes: any one or more of adding department identification, deleting department identification, modifying department identification, adding member identification, deleting member identification, modifying member identification, adding tag identification, deleting tag identification, modifying tag identification. It should be noted that, the manner of adjusting the organization architecture of the target address book based on the synchronous call interface is generally suitable for the service requirement of real-time update, i.e. mainly suitable for small-scale architecture adjustment or update request, such as update adjustment for a member.

D. And updating the organization structure of the target address book based on the asynchronous call interface. In one possible implementation manner, in response to receiving an asynchronous update request sent through an asynchronous call interface, an update content object set included in the asynchronous update request is obtained, and update processing is performed on the target address book according to each update content object in the update content object set. It should also be noted that, the manner of adjusting the organization structure of the target address book based on the asynchronous call interface is generally applicable to the business requirement of batch update, i.e. mainly applicable to large-scale architecture adjustment or update request, such as adjustment of the overall architecture of multiple members or departments or even the whole enterprise. Therefore, in the embodiment of the application, the address book organization structure can be updated by adaptively selecting a proper interface in combination with the specific service requirements related to the target service scene, so that resources can be reasonably utilized, and the situations of resource waste, untimely updating operation and the like are avoided.

(2) Setting corresponding data management rules for the target address book.

In one possible implementation, in response to a rule setting request for a target address book, a corresponding data management rule is set for the target address book, where the data management rule is used to indicate a visible range of a target member identifier in the target address book in the multi-tree organization architecture. Wherein, the rule setting request may be generated after detecting that the rule setting entry for the target address book is triggered, that is, the management client may be provided with a rule setting entry, and the administrator triggers the rule setting entry to generate the rule setting request for the target address book, where the rule setting entry may include, but is not limited to: the rule setting control, rule setting item and other types, the rule setting inlet can be a primary inlet or a secondary inlet, and the type and the display form of the rule setting inlet are not particularly limited in the embodiment of the application. In addition, the data management rule may specifically include: any one or more of a limit view rule for indicating a rule for limiting viewing of an external member and a hidden rule for indicating a rule for hiding an internal member. Next, detailed descriptions are made for specific setting procedures of the limit view rule and the hidden rule, respectively:

① Setting a corresponding limit checking rule aiming at a target address book:

In particular, the limit view rule may include several types, and different types of limit view rules may specify their scope based on vid (member identification), partyid (department identification), or tagid (tag identification). For example, the limited view rule includes a limited view identifier set, where the limited view identifier set includes: any one or more of department identification limiting viewing, member identification limiting viewing, additional visible member identification, white list member identification. Next, several specific rule contents corresponding to the restricted view rule are respectively described.

I. Any member of the target departments indicated by the restricted view department identification (and the target members indicated by the restricted view member identification) can only see the departments, sub-departments, and members within the departments under the rule, and cannot see other departments and members. Referring to fig. 8a, fig. 8a is a schematic view of a scenario in which a limit view rule is set for a target address book according to an embodiment of the present application. As shown in fig. 8a, for a complete architecture diagram a01 of a target address book, a department that sets a limit view for the complete architecture diagram a01 is identified as a department B, and under the limit view rule a, a visible organization architecture diagram of a member a (or a member B) in the department B for the target address book is shown as a02 in the diagram, that is, the member a (or the member B) cannot see other departments (departments C) and members in the departments C thereof; similarly, under this constraint view rule a, the visible organization structure diagram of member C (or member d) in department C for the target address book is shown as a03 in the figure.

The additional visible member identification indicates a restricted view department identification and the restricted view member identification indicates an additional visible member of the set of members. Referring to fig. 8b, fig. 8b is a schematic view of another scenario in which a limit view rule is set for a target address book according to an embodiment of the present application. As shown in fig. 8B, for the complete structure diagram B01 of the target address book, the department that sets the limit view is identified as the department B, and the additional visible member is designated as the member d, under this limit view rule B, the visible structure diagram of the member a (or the member B) in the department B for the target address book is shown in fig. B02, that is, the member a (or the member B) can additionally view the member d in the target address book, it should be understood that, since the member d is visible, the department to which the member d belongs must also be visible, so that the member a (or the member B) can see the department C, and other members (the member C and the member d) in the department C, as shown in fig. B02.

The member indicated by the white list member identification is not limited by the limited viewing rule, namely if the target member in the limited viewing identification set indicated by the limited viewing department identification and the limited viewing member identification is the member indicated by the white list member identification, the target member can view each member of the department and other departments in the target address book and members in other departments. Referring to fig. 8c, fig. 8c is a schematic view of another scenario in which a limit view rule is set for a target address book according to an embodiment of the present application. As shown in fig. 8C, for a complete architecture diagram C01 of a target address book, a department for limiting viewing set for the complete architecture diagram C01 is identified as a department B, and a member a is designated as a white list member, and under the limiting viewing rule C, a visible architecture diagram of the member a in the department B for the target address book is shown as C02 in the diagram; the visible organization structure diagram of member B in department B for the target address book is shown in figure c 03.

② Setting corresponding hiding rules for the target address book:

Likewise, hiding rules may include several types, different types of hiding rules may specify their scope based on vid (member identification), partyid (department identification), or tagid (tag identification). For example, the hiding rule includes a hiding identification set, where the hiding identification set includes: any one or more of hidden department identification, hidden member identification, white list hidden identification. Next, several specific rule contents corresponding to the hidden rule are respectively described.

I. Any member of the target department indicated by the hidden department identification is not visible to any member of the other departments in the target address book, i.e., any member of the other departments cannot view any member indicated by the hidden department identification. Referring to fig. 9a, fig. 9a is a schematic view of a scenario in which a hiding rule is set for a target address book according to an embodiment of the present application. As shown in fig. 9a, a complete architecture diagram a01 of a target address book is shown, and a hidden department identifier set for the complete architecture diagram a01 is a department B, and under this hiding rule 1, a visible organization architecture diagram of a member a (or a member B) in the department B for the target address book is shown in a diagram a02, it should be understood that, under this hiding rule 1, a member C (or a member d) in the department C cannot view any member in the department B, for example, a visible organization architecture diagram of a member C (or a member d) in the department C for the target address book is shown in a 03.

The target member indicated by the hidden member identification is not visible to any other member in the target address book, that is, any member in the target address book cannot view the target member indicated by the hidden member identification. Referring to fig. 9b, fig. 9b is a schematic view of another scenario in which a hiding rule is set for a target address book according to an embodiment of the present application. As shown in fig. 9B, in the complete structure diagram B01 of the target address book, the hidden member set for the complete structure diagram B01 is identified as a member a, and under the hiding rule 2, the visible structure diagram of the member B in the department B (or the member C and the member d in the department C) for the target address book is shown in the diagram B02, that is, under the hiding rule 2, no other member (member B, member C, and member d) is allowed to view the member a.

The target member indicated by the white list hidden identifier is not limited by the hidden rule, i.e. if the target member in the hidden identifier set indicated by the hidden department identifier and the hidden member identifier is a member indicated by the white list hidden identifier, the target member can check any member in the hidden identifier set. Referring to fig. 9c, fig. 9c is a schematic view of another scenario in which a hiding rule is set for a target address book according to an embodiment of the present application. As shown in fig. 9C, for the complete architecture diagram C01 of the target address book, the white list hidden identifier set for the complete architecture diagram C01 is member d, and under the hiding rule 3, the visible organization architecture diagram of member C in the department C for the target address book is shown as C02 in the figure; in addition, since the member d in the department C is the target member indicated by the white list hiding identifier, the target member allows to view each member in the hidden department B, that is, the visible organization structure diagram of the member d in the department C for the target address book is shown as C03 in the figure.

(3) Setting a field according to the object identifier in the target address book:

Specifically, the essence of setting the field for the object identification is to set the explicit material (the externally displayed personal material: such as data of a personal signature, a nickname, a status, etc.) of the department or member indicated by the object identification. In one possible implementation manner, firstly, a field setting request for object identifiers in a target address book is received, wherein the field setting request carries description information for one or more object identifiers; then, according to the description information, a field setting can be performed on the display data of the address book object indicated by each object identifier. Wherein, the field setting includes: setting a data display field of each communication object in the target address book and setting any one or more of a data hiding field of a reference address book object in a plurality of address book objects.

I. The display field of the global organization architecture of the target address book may be set. For example, display fields such as the name of the target business corresponding to the target address book, and the profile of the business are displayed.

The information display field of each address book object (such as a department, a member and the like) in the target address book can be set. The data display fields set for each address book object may include, but are not limited to: department name, department profile, member name, individual signature of the member, status of the member (e.g., status in online, working, resting, no disturbance, etc.), etc.

The method can set the data hiding field of the reference address book object in each address book object in the target address book. Among them, the so-called reference address book object may include: special departments/sensitive departments (e.g., financial departments), special members/sensitive members (e.g., leaders, HRs, etc.), such as the data hiding fields set for the above-mentioned reference directory objects, may include, but are not limited to: department profile, individual signature of the member, status of the member, etc.

(4) The application client loads a target address book:

The application client side where each member is located downloads the corresponding address book display data based on the data management rule (limit viewing rule and hiding rule) set by the application server side for the target address book and the data display field set for the object identifier in the target address book. When the target address book is changed, the application client can download the changed content in an incremental updating mode to update the target address book; if incremental updates cannot be performed, the application client may update the target address book based on the full amount of updates.

In one possible implementation manner, when an update event for a target address book is detected, incremental update data indicated by the update event is sent to an application client, so that the application client performs incremental update processing on the target address book based on the incremental update data; or when the full-volume downloading request aiming at the target address book is detected, transmitting the full-volume address book data of the target address book to the application client so that the application client can download the target address book in full volume based on the full-volume address book data; the full download request is generated and sent by the application client after determining that the incremental update processing operation cannot be performed.

(5) Setting priorities among a plurality of rules:

In one possible implementation, for a reference object identifier in the target address book, if the covered rule includes a plurality of rules, the method is allowed to determine the target rule for the reference object identifier according to the rule priority. If the rule covered by the reference object identifier comprises a first rule and a second rule, determining a target rule for the reference object identifier as the first rule according to the rule priority, wherein in the multi-tree organization structure, a first object identifier in a target address book corresponding to the first rule is closer to a leaf node than a second object identifier, and the second object identifier is an object identifier in the target address book corresponding to the second rule; or if the rule covered for the reference object identifier comprises an address book checking rule and comprises a limiting checking rule and/or a hiding rule, determining a target rule for the reference object identifier as the address book checking rule according to the rule priority; or if the rule covered by the reference object identifier comprises a limit viewing rule and a hidden rule, limiting the limit viewing rule to the target rule determined by the rule priority for the reference object identifier.

Specifically, when intersections or conflicts occur with respect to a plurality of rules set for the target address book, the visible range of the computing member may be based on the following priority principle:

i. Range priority: the priority of vid (member identification) is higher than partyid (department identification), the priority of the member A closer to the leaf node is higher in the multi-tree organization architecture, as shown in FIG. 7, the rule set for the member A is a hidden rule, the rule set for the department A is an extra visible rule, and then the member A can be determined to be invisible according to the range priority.

Rule priority: address book viewing rule > limit viewing rule > hide rule. The address book checking rule is used for indicating whether to allow the member to check the target address book, for example, as shown in fig. 7, if the address book checking rule set for the member a is that the member a cannot check the target address book; if the restriction checking rule set for the member a is used for indicating the white list member identification and the hiding rule set for the member a is used for indicating the hidden member a, the member a can be determined to be visible in the target address book according to the rule priority.

Always visible principle: if a member is visible, the parent to which the member belongs must be visible. For example, member a is visible, so is the department a to which member a belongs; as another example, member C is visible, both group a and department a to which member C belongs are visible.

(6) Computing an organization architecture:

In one possible implementation, a limit view rule is executed on the target address book, and organization architecture data of limit view matched with a member identification indicated by the encrypted object identification is generated; and executing hiding rules on the organization structure data limited to be checked, and generating target address book data matched with the member identification indicated by the encrypted object identification. Specifically, in the process of calculating the visible organization structure of the target member, firstly, judging whether the member identification of the target member limits the view of the target address book, if so, determining that the target member cannot view the self-organization structure of the target address book; triggering and executing the limiting and checking rule on the target address book on the premise that the member identification of the target member allows the target address book to be checked, and generating limiting and checking organization structure data matched with the member identification indicated by the encrypted object identification; and executing hiding rules on the organization structure data limited to be checked, and generating target address book data matched with the member identification indicated by the encrypted object identification.

(7) Building an enterprise ring address book:

In one possible implementation, the target address book includes an enterprise ring address book constructed based on a plurality of units. Then, the application server responds to the address book construction request aiming at a plurality of units, and constructs and obtains the enterprise ring address book according to the unit identification of each unit, the department identification of each department under each unit and the member identification of each member in each department included in the address book construction request. The departments indicated by the department identifications recorded by the tree nodes in the multi-tree organization architecture corresponding to the enterprise ring address book comprise: a self-building department and a mapping department; the self-building department is constructed based on members in at least one unit in the enterprise circle address book, and the mapping department is used for indicating the department to which each member in the self-building department belongs in the address book of the respective unit.

For example, the embodiment of the present application supports storing members of multiple enterprises in the same enterprise ring to construct an enterprise ring address book, where the enterprise ring address book can implement interworking between members of multiple enterprises (i.e. the member 1 in the enterprise 1 can communicate with the member 2 in the enterprise 2). Optionally, each enterprise may belong to a plurality of enterprise circles, each enterprise circle uses circleid (enterprise circle identifier) as a unique identifier, and the enterprise circle address book is also constructed based on a multi-tree organization architecture, where the multi-tree organization architecture of the enterprise circle address book is used for recording: ① Department (part): using partyid (department identification) to uniquely identify a department in the enterprise circle address book, the above mentioned departments are divided into two types: a self-building department and a mapping department. The self-built department is a department created by an administrator in an enterprise circle, and supports the administrator to add and delete (add, delete and modify) members or departments under the self-built department; the mapping department corresponds to the department to which each member belongs in the enterprise internal address book, and the mapping department and the self-built department have the same corresponding structure in different address books. ② Member (party user): and (3) using < vid, partyid > (member identification, department identification) to uniquely identify one member in the enterprise ring address book, wherein vid is the member identification corresponding to the enterprise internal address book.

Referring to fig. 10, fig. 10 is a schematic diagram of an organization structure of an enterprise ring address book according to an embodiment of the present application. As shown in fig. 10, the organization structure of the enterprise ring address book records a plurality of department identifications (department 1, department 2, department 3, and department 4), any department identification may further record a group identification, and any group identification may further record a member identification. By constructing the enterprise ring address book, information interaction among different enterprises can be achieved, and therefore more business requirements are met.

S602: the method comprises the steps of obtaining an address book data viewing request submitted by an application client of a target object aiming at a target service scene, wherein the address book data viewing request carries login credential data obtained from a target application object of the application client, and the login credential data comprises an encrypted object identifier of the target application object aiming at the application client.

S603: and analyzing the login credential data to obtain an encrypted object identifier.

It should be noted that, in the embodiment of the present application, the specific steps executed by the application server in steps S602 to S603 may refer to the specific execution process of the related steps in steps S301 to S302 in the embodiment of fig. 3 in detail, and the embodiment of the present application is not described herein again.

S604: and acquiring target address book data matched with the target object in the target service scene according to the data management rule set for the target address book and the encrypted object identifier.

Each object identifier included in the target address book data is contained in a visible range in the multi-tree organization structure, wherein the member identifier indicated by the encrypted object identifier is included in the visible range. In a possible implementation manner, based on the data management rule set for the target address book in step S601, if the data management rule includes a restriction checking rule, the data management rule set for the target address book by the application server and the encrypted object identifier, the obtaining the target address book data matched with the target object in the target service scene may specifically include: ① If the department to which the member identification indicated by the encrypted object identification belongs is a target department indicated by the department identification limiting viewing, generating data comprising the target department as target address book data matched with the target object in the target service scene; ② If the member identification indicated by the encrypted object identification is a target member indicated by the member identification limited to be checked, generating data with an address book being empty as target address book data matched with a target object in a target service scene; ③ And if the member indicated by the encrypted object identifier is the white list member indicated by the white list member identifier, taking the complete data of the target address book as target address book data matched with the target object in the target service scene.

In another possible implementation manner, based on the data management rule set in step S601 for the target address book, if the data management rule includes a hiding rule, the application server may first obtain initial address book data that matches the member identifier indicated by the encrypted object identifier in the target service scene; then, hiding the initial address book data according to the hiding rule corresponding to each object identifier in the initial address book data to obtain target address book data.

It should be noted that, the address book display data is generated according to the target address book data, and the address book display data is sent to the application client for display processing. The address book display data are displayed based on an encrypted data display component provided by the application client, and the encrypted data display component is obtained after the address book component is assigned according to a preset data instruction for indicating to acquire target address book data.

In the embodiment of the application, firstly, through a openData component (encrypted data display component) for providing an open address book, only a three-party service access application client is required to access an open openID identity provided externally and used for assigning a value to a openData component, and a openData component can display openID address book display data corresponding to a user, so that development cost and access cost are further reduced; secondly, based on the combination of the openID, openData components, the address book and the organization structure information can not be exposed to external enterprises, and only the display rendering of the address book display data is needed to be executed when the service is accessed, and the external enterprises can not obtain the original data, so that the safety of the address book data is greatly guaranteed.

The foregoing details of the method according to the embodiment of the present application are set forth in order to better implement the foregoing aspects of the embodiment of the present application, and accordingly, an apparatus according to the embodiment of the present application is provided below, and next, related apparatuses according to the embodiment of the present application are correspondingly described in connection with the foregoing data processing scheme provided by the embodiment of the present application.

Referring to fig. 11, fig. 11 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application. The data processing apparatus 1100 is applicable to the application server in the foregoing embodiment. The data processing apparatus 1100 may be a computer program (including program code) running in a computer device, for example the data processing apparatus 1100 is an application software; the data processing apparatus 1100 may be used to perform corresponding steps in a blockchain data processing method provided by embodiments of the present application. The data processing apparatus 1100 includes:

An obtaining unit 1101, configured to obtain an address book data viewing request submitted by an application client for a target service scenario, where the address book data viewing request carries login credential data obtained from a target application object where the application client is located, where the login credential data includes an encrypted object identifier of the target application object for the application client;

The processing unit 1102 is configured to parse the login credential data to obtain an encrypted object identifier;

the processing unit 1102 is further configured to obtain target address book data that matches the target object in the target service scene according to the encrypted object identifier;

the processing unit 1102 is further configured to generate address book display data according to the target address book data for display on the application client.

In one possible implementation, the processing unit 1102 generates address book display data according to the target address book data to display on the application client, and is configured to perform the following operations:

In one possible implementation manner, the address book data viewing request carries a login object identifier of the target object, the login credential data has a validity period, and the encrypted object identifier is obtained after encryption based on an account identifier of the target object about the target application object; the processing unit 1102 is further configured to perform the following operations:

In a possible implementation manner, the processing unit 1102 obtains, according to the encrypted object identifier, target address book data matched with the target object in the target service scene, and is configured to perform the following operations:

In one possible implementation, the processing unit 1102 is further configured to perform either or both of the following steps:

In one possible implementation, the processing unit 1102 is further configured to perform the following operations:

the processing unit 1102 obtains target address book data matched with a target object in a target service scene according to the encrypted object identifier, and is used for executing the following operations:

the processing unit 1102 obtains target address book data matched with the target object in the target service scene according to the encrypted object identifier, and is used for executing any one or more of the following steps:

In one possible implementation, the target address book includes an enterprise ring address book constructed based on a plurality of units; the processing unit 1102 is further configured to perform the following operations:

Referring to fig. 12, fig. 12 is a schematic structural diagram of a computer device according to an embodiment of the application. The computer device 1200 is configured to perform the steps performed by the cloud server in the foregoing method embodiment, where the computer device 1200 includes: one or more processors 1201; one or more input devices 1202, one or more output devices 1203, and a memory 1204. The processor 1201, the input device 1202, the output device 1203, and the memory 1204 described above are connected through a bus 1205. The memory 1204 is used for storing a computer program, the computer program comprising program instructions, and the processor 1201 is used for calling the program instructions stored in the memory 1204, and performing the following operations:

Analyzing the login credential data to obtain an encrypted object identifier;

In one possible implementation, the processor 1201 generates address book display data for display at the application client according to the target address book data, for performing the following operations:

In one possible implementation manner, the address book data viewing request carries a login object identifier of the target object, the login credential data has a validity period, and the encrypted object identifier is obtained after encryption based on an account identifier of the target object about the target application object; the processor 1201 is also configured to perform the following operations:

In one possible implementation, the processor 1201 obtains, according to the encrypted object identifier, target address book data that matches the target object in the target service scenario, and is configured to perform the following operations:

In one possible implementation, the processor 1201 is further configured to perform either or both of the following steps:

In one possible implementation, the processor 1201 is further configured to perform the following operations:

the processor 1201 obtains target address book data matched with the target object in the target service scene according to the encrypted object identifier, and is configured to perform the following operations:

the processor 1201 obtains target address book data matched with the target object in the target service scene according to the encrypted object identifier, and is configured to perform any one or more of the following steps:

In one possible implementation, the target address book includes an enterprise ring address book constructed based on a plurality of units; the processor 1201 is also configured to perform the following operations:

Furthermore, it should be noted here that: the embodiment of the present application further provides a computer storage medium, in which a computer program is stored, and the computer program includes program instructions, when executed by a processor, can perform the method in the corresponding embodiment, so that a detailed description will not be given here. For technical details not disclosed in the embodiments of the computer storage medium according to the present application, please refer to the description of the method embodiments of the present application. As an example, the program instructions may be deployed on one computer device or executed on multiple computer devices at one site or distributed across multiple sites and interconnected by a communication network.

According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device can perform the method in the foregoing corresponding embodiment, and therefore, a detailed description will not be given here.

It will be understood by those skilled in the art that implementing all or part of the above-described methods in the embodiments may be implemented by a computer program for instructing relevant hardware, and the above-described program may be stored in a computer readable storage medium, and the program may include the steps of the embodiments of the above-described methods when executed. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.

The foregoing disclosure is illustrative of the present application and is not to be construed as limiting the scope of the application, which is defined by the appended claims.

Claims

1. A method of data processing, comprising:

Analyzing the login credential data to obtain the encrypted object identifier;

acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier;

and generating address book display data according to the target address book data so as to be displayed on the application client.

2. The method of claim 1, wherein generating address book display data for display at the application client from the target address book data comprises:

Generating address book display data according to the target address book data, and sending the address book display data to the application client for display processing;

3. The method of claim 1, wherein the address book data viewing request carries a login object identifier of a target object, and the login credential data has an validity period, and the encrypted object identifier is obtained by encrypting the account identifier of the target object with respect to the target application object; the method further comprises the steps of:

in the validity period of the login credential data, analyzing the login credential data to obtain the encrypted object identifier;

matching the login object identifier and the encryption object identifier;

4. The method of claim 3, wherein the obtaining, according to the encrypted object identifier, target address book data that matches the target object in the target service scenario includes:

after the login object identification and the encryption object identification are successfully matched, a session key corresponding to the target object is generated;

performing identity authentication processing on the target object based on the session key through an object authentication service;

and if the identity authentication is passed, acquiring target address book data matched with the encrypted object identification of the target object in the target service scene in the validity period of the login credential data.

5. The method of claim 1, wherein the target address book corresponding to the target address book data is constructed based on a multi-way tree organization architecture;

The connection relationship between tree nodes is used to represent an organization relationship between object identifications, the organization relationship comprising: the organization relationship among the units indicated by the unit identifications, the departments indicated by the department identifications and the members indicated by the member identifications;

6. The method of claim 5, further comprising either or both of the following steps:

In response to receiving a synchronous update request sent through a synchronous call interface, performing update processing on the target address book according to an update content object included in the synchronous update request, wherein the update processing includes: any one or more of adding department identification, deleting department identification, modifying department identification, adding member identification, deleting member identification, modifying member identification, adding tag identification, deleting tag identification and modifying tag identification;

7. The method of claim 5, wherein the method further comprises:

The obtaining, according to the encrypted object identifier, target address book data matched with the target object in the target service scene includes:

acquiring target address book data matched with the target object in the target service scene according to a data management rule set for the target address book and the encrypted object identifier;

And each object identifier included in the target address book data is contained in a visible range of the multi-tree organization structure, wherein the member identifier indicated by the encrypted object identifier is included in the visible range of the multi-tree organization structure.

8. The method of claim 5, wherein the method further comprises:

Setting a corresponding limit checking rule for the target address book, wherein the limit checking rule comprises a limit checking identification set, and the limit checking identification set comprises: any one or more of department identification limiting viewing, member identification limiting viewing, additional visible member identification, white list member identification;

the step of obtaining target address book data matched with the target object in the target service scene according to the encrypted object identifier comprises any one or more of the following steps:

if the department to which the member identification indicated by the encrypted object identification belongs is a target department indicated by the department identification limited to view, generating data comprising the target department as target address book data matched with the target object in the target service scene;

If the member identification indicated by the encrypted object identification is the target member indicated by the member identification limited to view, generating data with an address book being empty as target address book data matched with the target object in the target service scene;

9. The method of claim 5, wherein the method further comprises:

Acquiring initial address book data matched with a member identification indicated by the encryption object identification in the target service scene;

10. The method of claim 5, wherein the method further comprises:

Wherein the field setting includes: setting a data display field of each communication object in the target address book and setting any one or more of a data hiding field of a reference address book object in a plurality of address book objects.

11. The method of claim 5, wherein the method further comprises:

When an update event aiming at a target address book is detected, incremental update data indicated by the update event is sent to the application client side, so that the application client side carries out incremental update processing on the target address book based on the incremental update data; or alternatively

When a full-volume downloading request aiming at a target address book is detected, transmitting full-volume address book data of the target address book to the application client so that the application client can download the target address book in a full volume mode based on the full-volume address book data; the full download request is generated and sent by the application client after determining that the incremental update processing operation cannot be executed.

12. The method according to any of claims 5-11, wherein for a reference object identification in the target address book, if the covered rule comprises a plurality of rules, then the method is allowed to determine a target rule for the reference object identification according to a rule priority;

If the rule covered by the reference object identifier includes a first rule and a second rule, determining a target rule for the reference object identifier according to a rule priority as the first rule, wherein in a multi-tree organization architecture, a first object identifier in the target address book corresponding to the first rule is closer to a leaf node than a second object identifier, and the second object identifier is an object identifier in the target address book corresponding to the second rule;

13. The method of claim 12, wherein the method further comprises:

executing the limit checking rule on the target address book, and generating organization structure data of limit checking matched with the member identification indicated by the encrypted object identification;

And executing the hiding rule on the organization structure data limited to be checked, and generating target address book data matched with the member identification indicated by the encrypted object identification.

14. The method of claim 5, wherein the target address book comprises an enterprise ring address book constructed based on a plurality of units; the method further comprises the steps of:

Responding to an address book construction request aiming at a plurality of units, and constructing and obtaining an enterprise ring address book according to unit identifications of all units, department identifications of all departments under all units and member identifications of all members in each department, wherein the unit identifications are included in the address book construction request;

The departments indicated by the department identifications of the tree node records in the multi-tree organization architecture corresponding to the enterprise ring address book comprise: a self-building department and a mapping department; the self-building department is constructed based on members in at least one unit in the enterprise circle address book, and the mapping department is used for indicating departments to which each member in the self-building department belongs in the address book of the respective unit.

15. A method of data processing, comprising:

The acquisition unit is used for acquiring an address book data viewing request submitted by an application client of a target service scene aiming at a target object, wherein the address book data viewing request carries login credential data acquired from a target application object of the application client, and the login credential data comprises an encrypted object identifier of the target application object aiming at the application client;

The processing unit is further used for acquiring target address book data matched with the target object in the target service scene according to the encrypted object identifier;

the processing unit is further used for generating address book display data according to the target address book data so as to be displayed on the application client.

16. A computer device, comprising:

a processor adapted to execute a computer program;

A computer readable storage medium having stored therein a computer program which, when executed by the processor, implements the data processing method according to any of claims 1-14.

17. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the data processing method according to any of claims 1-14.

18. A computer program product, characterized in that the computer program product comprises a computer program adapted to be loaded by a processor and to perform the data processing method according to any of claims 1-14.