CN106529229A - Permission data processing method and apparatus - Google Patents
Permission data processing method and apparatus Download PDFInfo
- Publication number
- CN106529229A CN106529229A CN201510575317.2A CN201510575317A CN106529229A CN 106529229 A CN106529229 A CN 106529229A CN 201510575317 A CN201510575317 A CN 201510575317A CN 106529229 A CN106529229 A CN 106529229A
- Authority
- CN
- China
- Prior art keywords
- business logic
- logic codes
- code
- codes
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a permission data processing method and apparatus. The method comprises the steps of receiving a request of executing a function corresponding to a business logic code, and calling a permission check code to perform permission check to obtain a check result, wherein the business logic code and the permission check code are in a separated state, the business logic code is used for indicating the execution of a predetermined function, and the permission check code is used for checking a permission of the predetermined function; judging whether the check result indicates the running of the business logic code or not; and after it is judged that the check result indicates the running of the business logic code, running the business logic code. According to the method and the apparatus, the technical problem of relatively low running efficiency of the business logic code in the prior art is solved.
Description
Technical field
The present invention relates to data processing field, in particular to a kind for the treatment of method and apparatus of permissions data.
Background technology
In enterprise information system, control of authority is an indispensable ring.System needs different to each user's imparting
Authority, to control the authority that user is updated to reading and writing data, what this was typically combined closely with business, need basis
The change of business and the change of user role are adjusted.Such as, user Zhang San is common employee now, then
He only has the authority for filling in work order;If but tomorrow, he was promoted to section chief, then he is accomplished by with bigger
Authority, such as examines work order, authority of withdrawal of an application etc..Prior art needs performing when control of authority is carried out
Scope check code is run before business logic codes, to confirm whether user has the authority of this operation.
Inventor has found, prior art be required for calling scope check in the code for operating data in need
Code, and scope check code is distributed in systems in a large number, is mixed with business logic codes, is not only increased code
Complexity, and when business logic codes are called, business logic codes also need to call scope check code, make
The operational efficiency of business logic codes is obtained than relatively low.
For above-mentioned problem, effective solution is not yet proposed at present.
The content of the invention
A kind for the treatment of method and apparatus of permissions data are embodiments provided, at least to solve industry in prior art
The operational efficiency of business logical code is than relatively low technical problem.
A kind of one side according to embodiments of the present invention, there is provided processing method of permissions data, including:Receiving
To after performing the request of function corresponding to business logic codes, call scope check code to carry out authorization check, obtain
Check results, wherein, the business logic codes and the scope check code are in released state, and the business is patrolled
Volume code is used for indicating performing predetermined function, and the scope check code is for verifying to the authority of predetermined function;
Judge whether the check results indicate to run the business logic codes;And judging the check results instruction
After running the business logic codes, the business logic codes are run.
Further, the business logic codes include being stored under predetermined bag path the industry with identical authority information
Business logical code, the business logic codes with identical authority information include the first business logic codes and the second industry
Business logical code, after judging that the check results indicate the operation business logic codes, runs the business and patrols
Collecting code includes:After judging that check results indicate operation first business logic codes, operation described first
Business logic codes;Configured information is received, the configured information is used for indicating the second industry under the predetermined bag path
Business logical code operation;Second business logic codes are run according to the configured information.
Further, calling the scope check code to carry out authorization check includes:Obtain the business logic codes
Authority information, wherein, the authority information of the business logic codes is the information being labeled in the business logic codes;
The scope check code is called to verify the authority information of the business logic codes.
Further, the authority information includes following at least one information:Annotated in institute using extensible markup language
State the authority information of business logic codes front end;In the business logic codes front end by the way of configurationization is explained
Authority information.
Further, obtaining business logic codes and scope check code includes:The business logic codes and authority inspection
Code is looked into using being separated towards tangent plane programming.
Another aspect according to embodiments of the present invention, additionally provides a kind of processing meanss of permissions data, call unit,
After the request of function corresponding to execution business logic codes is received, scope check code is called to carry out authorization check,
Check results are obtained, wherein, the business logic codes and the scope check code are in released state, the industry
Business logical code is used for indicating to perform predetermined function, and the scope check code carries out school for the authority to predetermined function
Test;Judging unit, for judging whether the check results indicate to run the business logic codes;And operation is single
Unit, for, after judging that the check results indicate the operation business logic codes, running the service logic generation
Code.
Further, the business logic codes include being stored under predetermined bag path the industry with identical authority information
Business logical code, the business logic codes with identical authority information include the first business logic codes and the second industry
Business logical code, the running unit include:First operation module, for judging check results instruction operation institute
After stating the first business logic codes, first business logic codes are run;Receiver module, indicates letter for receiving
Breath, the configured information are used for indicating the second business logic codes operation under the predetermined bag path;Second operation
Module, for running second business logic codes according to the configured information.
Further, the call unit includes:Acquisition module, the authority for obtaining the business logic codes are believed
Breath, wherein, the authority information of the business logic codes is the information being labeled in the business logic codes;Call
Module, for calling the scope check code to verify the authority information of the business logic codes.
Further, the authority information includes following at least one information:Annotated in institute using extensible markup language
State the authority information of business logic codes front end;In the business logic codes front end by the way of configurationization is explained
Authority information.
Further, the business logic codes and scope check code are using being separated towards tangent plane programming.
In embodiments of the present invention, using after the request of function corresponding to execution business logic codes is received, adjust
Authorization check is carried out with scope check code, check results are obtained, wherein, business logic codes and scope check code
In released state, business logic codes are used for indicating to perform predetermined function, and scope check code is for predetermined function
Authority verified;Judge whether check results indicate to run business logic codes;And judging check results
After indicating operation business logic codes, the mode of business logic codes, business logic codes and scope check code is run
In released state, scope check code is not called by business logic codes, but before operation business logic codes,
Request calls scope check code after performing business logic codes, defines the competence in scope check code and is verified,
After business logic codes being run, business logic codes of reruning, it is to avoid business logic codes in prior art
Mix with scope check code, the industry for after business logic codes operation recalling scope check code and causing
The problem that coding is complicated and call relation is complicated of business logical code, and then solve business logic codes in prior art
Operational efficiency than relatively low technical problem, reached the technique effect of the operational efficiency for improving business logic codes.
Description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this
Bright schematic description and description does not constitute inappropriate limitation of the present invention for explaining the present invention.In accompanying drawing
In:
Fig. 1 is the flow chart of the processing method of permissions data according to embodiments of the present invention;And
Fig. 2 is the schematic diagram of the processing meanss of permissions data according to embodiments of the present invention.
Specific embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment
The only embodiment of a present invention part, rather than the embodiment of whole.Based on the embodiment in the present invention, ability
The every other embodiment obtained under the premise of creative work is not made by domain those of ordinary skill, should all belong to
The scope of protection of the invention.
It should be noted that description and claims of this specification and the term " first " in above-mentioned accompanying drawing, "
Two " it is etc. for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that this
The data that sample is used can be exchanged in the appropriate case, so as to embodiments of the invention described herein can with except
Here the order beyond those for illustrating or describing is implemented.Additionally, term " comprising " and " having " and they
Any deformation, it is intended that cover non-exclusive process, the side for including, for example, containing series of steps or unit
Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear
List or other intrinsic for these processes, method, product or equipment step or unit.
Application programming interface:Application programming interface, referred to as API.
Towards tangent plane programming:Aspect oriented programming, are abbreviated as AOP.Can be to industry using AOP
The various pieces of business logic are isolated, so that the degree of coupling between service logic each several part is reduced, improve program
Reusability, while improve the efficiency of exploitation.
Extensible markup language:Extensible markup language, abbreviation XML.Standard generalized markup language
Subset, is a kind of to make it have structural markup language for labelling e-file.
According to embodiments of the present invention, there is provided a kind of embodiment of the method for the processing method of permissions data, need explanation
It is can to hold in the such as computer system of one group of computer executable instructions the step of the flow process of accompanying drawing is illustrated
OK, and, although show logical order in flow charts, but in some cases, can be with different from herein
Order perform shown or described step.
Fig. 1 is the flow chart of the processing method of permissions data according to embodiments of the present invention, as shown in figure 1, the method
Comprise the steps:
Step S102, after the request of function corresponding to execution business logic codes is received, calls scope check generation
Code carries out authorization check, obtains check results, and wherein, business logic codes and scope check code are in released state,
Business logic codes are used for indicating to perform predetermined function, and scope check code is for verifying to the authority of predetermined function.
Business logic codes change order, the code of the function of submission order, power in may refer to example such as purchase system
Limit checks that code can be whether verification user has permission modification order, if having permission the code for submitting order to.Verification
As a result include having permission operation business logic codes and lack of competence operation logic code.For example whether certain function can be by
Certain user uses, if it is determined that permission is used by certain user, then check results indicate to have permission operation service logic
Code, otherwise, instruction does not have authority operation business logic codes.Alternatively, using towards tangent plane programming disassociation service
Logical code and scope check code.
Step S104, judges whether check results indicate to run business logic codes.
Step S106, after judging that check results indicate operation business logic codes, runs business logic codes.Industry
Business logical code carries out authorization check, and check results for reruning after indicating its operation in scope check code,
Scope check code is called to be verified without the need for business logic codes, that is to say, that scope check code is in service logic
Authorization check is carried out before code operation, it is to avoid business logic codes call scope check code.
In the present embodiment, business logic codes and scope check code are in released state, and scope check code is not by business
Logical code is called, but before operation business logic codes, after request execution business logic codes calls authority
Code is checked, is defined the competence in scope check code and is verified, after business logic codes being run, rerun
Business logic codes, it is to avoid business logic codes and scope check code mix in prior art, patrol in business
Collect the coding complexity of the business logic codes for recalling scope check code and causing after code runs and call relation is multiple
Miscellaneous problem, and then the operational efficiency of business logic codes in prior art is solved than relatively low technical problem, reach
Improve the technique effect of the operational efficiency of business logic codes.
Further, since business logic codes be need the user with authority can just indicate its operation, when indicate its
When the user of operation changes, it is necessary to by configuring scope check code come renewal authority.Due to the change of this user
Change is ever-present, and when systematic comparison is complicated, configuration scope check code can be more complicated.Especially large scale system
In, needed from being mixed in business logic codes lookup scope check code using existing technology, and which is changed, when
During system upgrade, the authorization code being distributed in the business logic codes of system is required for being changed, and may go out
The situation of mistake is changed now.But, by the technical scheme of the application, due to business logic codes and scope check generation
Code is detached, is no longer mixed, when needing modification authority to check code, it is not necessary to from business logic codes
Middle lookup scope check code, independent modification authority check that code can more accurately determine scope check code to be changed,
And due to code dehind, the complexity of code is reduced, scope check code and business logic codes can be entered respectively
Row is processed, and will not be influenced each other, be improve the efficiency of system upgrade or modification,
For example:User A logs in certain purchase system, needs to perform the function of modification order.The modification of the purchase system is ordered
Single function is performed by business logic codes, judges whether user A has permission modification order and belong to the execution of scope check code.
In the purchase system, above-mentioned business logic codes and scope check code are in released state.
When user A clicks on the function of modification order, i.e. request performs the function corresponding to business logic codes, calls
Scope check code.The function of now changing order is in also off-duty state, but scope check code has been opened
Begin operation to verify whether user A has the authority of modification order.If the verification result indicate that user A can change order,
Business logic codes are run then, user A can change order;If the verification result indicate that user A cannot be changed ordering
Single, then will not run business logic codes, and can send user A does not have the information of modification authority.
Alternatively, when authority is verified, can be being verified using following two modes:
The first, for the business logic codes with identical authority information, this kind of business logic codes can be stored in
Under predetermined bag path, when calling the business logic codes under predetermined bag path, due to authority information it is identical, as long as
In one business logic codes of request and after verification, the user can also indicate that other service logics to same user
Code runs, and need not verify again.I.e. business logic codes include being stored under predetermined bag path with phase
With the business logic codes of authority information, the business logic codes with identical authority information included for the first service logic generation
Code and the second business logic codes, after judging that check results indicate operation business logic codes, run service logic
Code includes:After judging that check results indicate the first business logic codes of operation, ran for the first service logic generation
Code;Receive configured information, the second business logic codes operation that configured information is used under indicating predetermined bag path;Root
The second business logic codes are run according to configured information.
For example, the editing order function of certain shopping website, order submission function and order deletion function are stored in predetermined
Bag path under, user A logs in the shopping website and asks execution of order modification function (i.e. the first business logic codes),
Then verify whether the user A has permission instruction execution of order modification function, if it is determined that user A has permission instruction and performs
Editing order function, then execution of order modification function.After this, user A also asks execution of order to delete function (i.e.
Second business logic codes), then authority need not be verified again, can be deleted in the execution of order for receiving user A transmissions
After the configured information of function, execution of order deletes function.
As can be seen here, the embodiment can be uniformly controlled and be verified to the authority of multiple business logic codes, so as to
Improve the efficiency of verification.When multiple business logic codes with identical authority are present in system, realize to multiple
The control of business logic codes, reduces the setting of scope check code.The authority letter in the predetermined bag path of change one
Breath, just can change the authority of multiple business logic codes, it is to avoid the authority of change business logic codes one by one, raising
The efficiency of change authority.Simultaneously as scope check code and business logic codes are separately positioned, during modification authority
Only need to change in scope check code, business logic codes can't be changed, business logic codes will not be also changed
Logic, scope check code and business logic codes can be modified respectively, be easy to the upgrading and renewal of system.
Second, for the business logic codes without identical authority information, the business for being separately controlled authority is patrolled
The indivedual predetermined bag path collected in the business logic codes under code, or predetermined bag path needs further to control
During authority, can be using the method for individually mark, that is, calling scope check code to carry out authorization check includes:Obtain industry
The authority information of business logical code, wherein, the authority information of business logic codes is to be labeled in business logic codes
Information;Scope check code is called to verify the authority information of business logic codes.
For example, authority information is to allow user A to change order, changes order and further relates to change time, the amount of money of order
Etc. content, and the function of changing order allows user A to change the time of wherein order, does not allow user A to change wherein
The amount of money of order.Authority information can also be that permission user B changes order, and can change the time of order and order
Single amount of money.The authority of user A and the power of user B be marked in the business logic codes for indicating the time for changing order
Limit marked use (such as user A=true, user B=true) in the business logic codes for indicating the amount of money for changing order
The authority (such as user B=true) of family B, then, when user A changes the time of order in instruction, scope check generation
User A=true be marked in the business logic codes of the time of code inspection instruction modification order, it is determined that the user A can
To change the time of order;When the amount of money of modification order is indicated, scope check code check indicates that modification is ordered to user A
No labelling user A=true in the business logic codes of single amount of money, it is determined that the user A cannot change the gold of order
Volume.And user B indicate modification order the amount of money when, scope check code check indicate modification the order amount of money business
There is labelling user B=true in logical code, it is determined that the user B can change the amount of money of order.Authority information is marked
In business logic codes, before business logic codes are performed, scope check code is first verified and is labeled in service logic
Authority information in code, performs the business logic codes for being labeled with authority information in verification by rear.Due to verification letter
Breath is carried by user, increased the safety of authority information.
Alternatively, authority information includes following at least one information:Annotated in service logic using extensible markup language
The authority information of code front end;Using explain configurationization by the way of business logic codes front end authority information.
The authority information of mark can be the further control to the business logic codes under predetermined bag path, may be used also
To be the independent control to the business logic codes under no longer predetermined bag path, by marking in business logic codes
Authority information increased the motility of control of authority, due to mark authority information be also operation business logic codes it
Before carry out authorization check, therefore, there is no need to business logic codes and call authorization check, solve business in prior art
The operational efficiency of logical code has reached the technology of the operational efficiency for improving business logic codes than relatively low technical problem
Effect.
By above-described embodiment, can by towards tangent plane programming by business logic codes and scope check code dehind,
Scope check code is not called by business logic codes, but before operation business logic codes, request execution business
Scope check code is called after logical code, is defined the competence in scope check code and is verified, can run business
After logical code, business logic codes of reruning, it is to avoid business logic codes and scope check generation in prior art
Code mixes, the business logic codes for after business logic codes operation recalling scope check code and causing
The problem that coding is complicated and call relation is complicated, and then solve the operational efficiency ratio of business logic codes in prior art
Relatively low technical problem, has reached the technique effect of the operational efficiency for improving business logic codes.
Furthermore it is possible to be controlled to business logic codes using various ways, the spirit of the data processing of authority is increased
Activity.Meanwhile, the authority information of mark is also before operation business logic codes to carry out authorization check, therefore,
Do not need business logic codes to call authorization check, the operational efficiency of business logic codes in prior art is solved than relatively low
Technical problem, reached improve business logic codes operational efficiency technique effect.
According to embodiments of the present invention, additionally provide a kind of embodiment of the processing meanss of permissions data.The permissions data
Processing meanss embodiment can perform the processing method of above-mentioned permissions data, and the processing method of above-mentioned permissions data can also
Performed by the processing meanss of the permissions data.
Fig. 2 is the schematic diagram of the processing meanss of permissions data according to embodiments of the present invention, as shown in Fig. 2 the device
Including:Call unit 10, judging unit 20 and running unit 30.
Call unit 10 for receive perform business logic codes corresponding to function request after, call authority to examine
Looking into code carries out authorization check, obtains check results, and wherein, business logic codes and scope check code are in separation
State, business logic codes are used for indicating to perform predetermined function, and scope check code is for entering to the authority of predetermined function
Row verification.Business logic codes change order, the code of the function of submission order in may refer to example such as purchase system,
Scope check code can be whether verification user has permission modification order, if having permission the code of price raising order.School
Testing result includes having permission operation business logic codes and lack of competence operation logic code.For example whether certain function can
Used by certain user, if it is determined that permission is used by certain user, then check results indicate that having permission operation business patrols
Code is collected, otherwise, instruction does not have authority operation business logic codes.
Judging unit 20 is used for judging whether check results indicate to run business logic codes.
Running unit 30 for judge check results indicate operation business logic codes after, run business logic codes.
Business logic codes carry out authorization check, and check results for reruning after indicating its operation in scope check code,
Scope check code is called to be verified without the need for business logic codes, that is to say, that scope check code is in service logic
Authorization check is carried out before code operation, it is to avoid business logic codes call scope check code.
The present embodiment by towards tangent plane programming by business logic codes and scope check code dehind, scope check code
Do not called by business logic codes, but before operation business logic codes, after request execution business logic codes
Scope check code is called, is defined the competence in scope check code and is verified, after business logic codes being run,
Rerun business logic codes, it is to avoid in prior art, business logic codes and scope check code mix,
The coding of the business logic codes that business logic codes recall scope check code and cause after running is complicated and calls
The complicated problem of relation, and then the operational efficiency of business logic codes in prior art is solved than relatively low technical problem,
The technique effect of the operational efficiency for improving business logic codes is reached.
Further, since business logic codes be need the user with authority can just indicate its operation, when indicate its
When the user of operation changes, it is necessary to by configuring scope check code come renewal authority.Due to the change of this user
Change is ever-present, and when systematic comparison is complicated, configuration scope check code can be more complicated.Especially large scale system
In, needed from being mixed in business logic codes lookup scope check code using existing technology, and which is changed, when
During system upgrade, the authorization code being distributed in the business logic codes of system is required for being changed, and may go out
The situation of mistake is changed now.But, by the technical scheme of the application, due to business logic codes and scope check generation
Code is detached, is no longer mixed, when needing modification authority to check code, it is not necessary to from business logic codes
Middle lookup scope check code, independent modification authority check that code can more accurately determine scope check code to be changed,
And due to code dehind, the complexity of code is reduced, scope check code and business logic codes can be entered respectively
Row is processed, and will not be influenced each other, be improve the efficiency of system upgrade or modification,
For example:User A logs in certain purchase system, needs to perform the function of modification order.The modification of the purchase system is ordered
Single function is performed by business logic codes, judges whether user A has permission modification order and belong to the execution of scope check code.
In the purchase system, above-mentioned business logic codes and scope check code are in released state.
When user A clicks on the function of modification order, i.e. request performs the function corresponding to business logic codes, calls
Scope check code.The function of now changing order is in also off-duty state, but scope check code has been opened
Begin operation to verify whether user A has the authority of modification order.If the verification result indicate that user A can change order,
Business logic codes are run then, user A can change order;If the verification result indicate that user A cannot be changed ordering
Single, then will not run business logic codes, and can send user A does not have the information of modification authority.
Alternatively, when authority is verified, can be with call unit module being verified using following two modes:
The first, for the business logic codes with identical authority information, this kind of business logic codes can be stored in
Under predetermined bag path, when calling the business logic codes under predetermined bag path, due to authority information it is identical, as long as
In one business logic codes of request and after verification, the user can also indicate that other service logics to same user
Code runs, and need not verify again.I.e. business logic codes include being stored under predetermined bag path with phase
With the business logic codes of authority information, the business logic codes with identical authority information included for the first service logic generation
Code and the second business logic codes, running unit include:First operation module, for judging check results instruction
After running the first business logic codes, the first business logic codes are run;Receiver module, for receiving configured information,
The second business logic codes operation that configured information is used under indicating predetermined bag path;Second operation module, for root
The second business logic codes are run according to configured information.
For example, the editing order function of certain shopping website, order submission function and order deletion function are stored in predetermined
Bag path under, user A logs in the shopping website and asks execution of order modification function (i.e. the first business logic codes),
Then verify whether the user A has permission instruction execution of order modification function, if it is determined that user A has permission instruction and performs
Editing order function, then execution of order modification function.After this, user A also asks execution of order to delete function (i.e.
Second business logic codes), then authority need not be verified again, can be deleted in the execution of order for receiving user A transmissions
After the configured information of function, execution of order deletes function.
As can be seen here, the embodiment can be uniformly controlled and be verified to the authority of multiple business logic codes, so as to
Improve the efficiency of verification.When multiple business logic codes with identical authority are present in system, realize to multiple
The control of business logic codes, reduces the setting of scope check code.The authority letter in the predetermined bag path of change one
Breath, just can change the authority of multiple business logic codes, it is to avoid the authority of change business logic codes one by one, raising
The efficiency of change authority.Simultaneously as scope check code and business logic codes are separately positioned, during modification authority
Only need to change in scope check code, business logic codes can't be changed, business logic codes will not be also changed
Logic, scope check code and business logic codes can be modified respectively, be easy to the upgrading and renewal of system.
Second, for the business logic codes without identical authority information, the business for being separately controlled authority is patrolled
The indivedual predetermined bag path collected in the business logic codes under code, or predetermined bag path needs further to control
During authority, individually can be marked, i.e., call unit includes:Acquisition module, for obtaining business logic codes
Authority information, wherein, the authority information of business logic codes is the information being labeled in business logic codes;Call mould
Block, for calling scope check code to verify the authority information of business logic codes.
For example, authority information is to allow user A to change order, changes order and further relates to change time, the amount of money of order
Etc. content, and the function of changing order allows user A to change the time of wherein order, does not allow user A to change wherein
The amount of money of order.Authority information can also be that permission user B changes order, and can change the time of order and order
Single amount of money.The authority of user A and the power of user B be marked in the business logic codes for indicating the time for changing order
Limit marked use (such as user A=true, user B=true) in the business logic codes for indicating the amount of money for changing order
The authority (such as user B=true) of family B, then, when user A changes the time of order in instruction, scope check generation
User A=true be marked in the business logic codes of the time of code inspection instruction modification order, it is determined that the user A can
To change the time of order;When the amount of money of modification order is indicated, scope check code check indicates that modification is ordered to user A
No labelling user A=true in the business logic codes of single amount of money, it is determined that the user A cannot change the gold of order
Volume.And user B indicate modification order the amount of money when, scope check code check indicate modification the order amount of money business
There is labelling user B=true in logical code, it is determined that the user B can change the amount of money of order.Authority information is marked
In business logic codes, before business logic codes are performed, scope check code is first verified and is labeled in service logic
Authority information in code, performs the business logic codes for being labeled with authority information in verification by rear.Due to verification letter
Breath is carried by user, increased the safety of authority information.
Alternatively, authority information includes following at least one information:Annotated in service logic using extensible markup language
The authority information of code front end;Using explain configurationization by the way of business logic codes front end authority information.
The authority information of mark can be the further control to the business logic codes under predetermined bag path, may be used also
To be the independent control to the business logic codes under no longer predetermined bag path, by marking in business logic codes
Authority information increased the motility of control of authority, due to mark authority information be also operation business logic codes it
Before carry out authorization check, therefore, there is no need to business logic codes and call authorization check, solve business in prior art
The operational efficiency of logical code has reached the technology of the operational efficiency for improving business logic codes than relatively low technical problem
Effect.
By above-described embodiment, can by towards tangent plane programming by business logic codes and scope check code dehind,
Scope check code is not called by business logic codes, but before operation business logic codes, request execution business
Scope check code is called after logical code, is defined the competence in scope check code and is verified, can run business
After logical code, business logic codes of reruning, it is to avoid business logic codes and scope check generation in prior art
Code mixes, the business logic codes for after business logic codes operation recalling scope check code and causing
The problem that coding is complicated and call relation is complicated, and then solve the operational efficiency ratio of business logic codes in prior art
Relatively low technical problem, has reached the technique effect of the operational efficiency for improving business logic codes.
Furthermore it is possible to be controlled to business logic codes using various ways, the spirit of the data processing of authority is increased
Activity.Meanwhile, the authority information of mark is also before operation business logic codes to carry out authorization check, therefore,
Do not need business logic codes to call authorization check, the operational efficiency of business logic codes in prior art is solved than relatively low
Technical problem, reached improve business logic codes operational efficiency technique effect.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in certain embodiment
The part of detailed description, may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, other can be passed through
Mode realize.Wherein, device embodiment described above is only schematic, such as division of described unit,
Can be a kind of division of logic function, when actually realizing, can have other dividing mode, such as multiple units or component
Can with reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, institute
The coupling each other for showing or discussing or direct-coupling or communication connection can be by some interfaces, unit or mould
The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.
The unit as separating component explanation can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can local to be located at one, or can also be distributed to
On multiple units.Some or all of unit therein can be selected according to the actual needs to realize this embodiment scheme
Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.It is above-mentioned integrated
Unit both can be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit realized using in the form of SFU software functional unit and as independent production marketing or use when,
Can be stored in a computer read/write memory medium.Based on such understanding, technical scheme essence
On all or part of part that in other words prior art is contributed or the technical scheme can be with software product
Form is embodied, and the computer software product is stored in a storage medium, is used so that one including some instructions
Platform computer equipment (can be personal computer, server or network equipment etc.) performs each embodiment institute of the invention
State all or part of step of method.And aforesaid storage medium includes:USB flash disk, read only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), portable hard drive, magnetic disc or CD
Etc. it is various can be with the medium of store program codes.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improve and moisten
Decorations also should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of processing method of permissions data, it is characterised in that include:
After the request of function corresponding to execution business logic codes is received, scope check code is called to carry out
Authorization check, obtains check results, and wherein, the business logic codes and the scope check code are in and divide
From state, the business logic codes are used for indicating to perform predetermined function, and the scope check code is for pre-
The authority for determining function is verified;
Judge whether the check results indicate to run the business logic codes;And
After judging that the check results indicate the operation business logic codes, the service logic generation is run
Code.
2. method according to claim 1, it is characterised in that the business logic codes include being stored in predetermined
There is under bag path the business logic codes of identical authority information, the service logic with identical authority information
Code includes the first business logic codes and the second business logic codes, is judging the check results instruction fortune
After the row business logic codes, running the business logic codes includes:
After judging that check results indicate operation first business logic codes, first business is run
Logical code;
Configured information is received, the configured information is used for indicating the second service logic under the predetermined bag path
Code runs;
Second business logic codes are run according to the configured information.
3. method according to claim 1 and 2, it is characterised in that call the scope check code to carry out authority
Verification includes:
The authority information of the business logic codes is obtained, wherein, the authority information of the business logic codes is
The information being labeled in the business logic codes;
The scope check code is called to verify the authority information of the business logic codes.
4. method according to claim 3, it is characterised in that the authority information includes following at least one information:
Authority information in the business logic codes front end is annotated using extensible markup language;
Using explain configurationization by the way of the business logic codes front end authority information.
5. method according to claim 1, it is characterised in that the business logic codes and scope check code are adopted
With being separated towards tangent plane programming.
6. a kind of processing meanss of permissions data, it is characterised in that include:
Call unit, for, after the request of function corresponding to execution business logic codes is received, calling power
Limit and check that code carries out authorization check, obtain check results, wherein, the business logic codes and the authority
Check that code is in released state, the business logic codes are used for indicating to perform predetermined function, the authority inspection
Code is looked into for verifying to the authority of predetermined function;
Judging unit, for judging whether the check results indicate to run the business logic codes;And
Running unit, for, after judging that the check results indicate the operation business logic codes, running
The business logic codes.
7. device according to claim 6, it is characterised in that the business logic codes include being stored in predetermined
There is under bag path the business logic codes of identical authority information, the service logic with identical authority information
Code includes the first business logic codes and the second business logic codes, and the running unit includes:
First operation module, for after judging that check results indicate operation first business logic codes,
Run first business logic codes;
Receiver module, for receiving configured information, the configured information is used for indicating under the predetermined bag path
The second business logic codes operation;
Second operation module, for running second business logic codes according to the configured information.
8. the device according to claim 6 or 7, it is characterised in that the call unit includes:
Acquisition module, for obtaining the authority information of the business logic codes, wherein, the service logic generation
The authority information of code is the information being labeled in the business logic codes;
Calling module, for calling the scope check code to carry out the authority information of the business logic codes
Verification.
9. device according to claim 8, it is characterised in that the authority information includes following at least one information:
Authority information in the business logic codes front end is annotated using extensible markup language;
Using explain configurationization by the way of the business logic codes front end authority information.
10. device according to claim 6, it is characterised in that the business logic codes and scope check code are adopted
With being separated towards tangent plane programming.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510575317.2A CN106529229B (en) | 2015-09-10 | 2015-09-10 | The treating method and apparatus of permissions data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510575317.2A CN106529229B (en) | 2015-09-10 | 2015-09-10 | The treating method and apparatus of permissions data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106529229A true CN106529229A (en) | 2017-03-22 |
| CN106529229B CN106529229B (en) | 2019-06-18 |
Family
ID=58346128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510575317.2A Active CN106529229B (en) | 2015-09-10 | 2015-09-10 | The treating method and apparatus of permissions data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529229B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107885982A (en) * | 2017-09-29 | 2018-04-06 | 五八有限公司 | Log in control process method and terminal |
| CN109088858A (en) * | 2018-07-13 | 2018-12-25 | 南京邮电大学 | A kind of medical system and method based on rights management |
| CN110727929A (en) * | 2019-10-12 | 2020-01-24 | 北京明略软件***有限公司 | AOP-based line-level authority control method, device and client |
| CN110795709A (en) * | 2019-10-31 | 2020-02-14 | 北京达佳互联信息技术有限公司 | Method and device for performing business operation, electronic equipment and storage medium |
| CN112650488A (en) * | 2019-10-12 | 2021-04-13 | 上海际链网络科技有限公司 | Parameter checking method and device, storage medium and service terminal |
| CN112818391A (en) * | 2021-01-26 | 2021-05-18 | 四川天翼网络服务有限公司 | Permission control method based on tangent plane programming |
| CN113722733A (en) * | 2021-08-27 | 2021-11-30 | 北京航天云路有限公司 | Data access authority control method based on Java annotation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1851724A (en) * | 2005-07-13 | 2006-10-25 | 华为技术有限公司 | Business data operation coutrol method and business system |
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
-
2015
- 2015-09-10 CN CN201510575317.2A patent/CN106529229B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1851724A (en) * | 2005-07-13 | 2006-10-25 | 华为技术有限公司 | Business data operation coutrol method and business system |
| CN101414253A (en) * | 2007-10-17 | 2009-04-22 | 华为技术有限公司 | Method and system for managing authority |
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107885982A (en) * | 2017-09-29 | 2018-04-06 | 五八有限公司 | Log in control process method and terminal |
| CN109088858A (en) * | 2018-07-13 | 2018-12-25 | 南京邮电大学 | A kind of medical system and method based on rights management |
| CN110727929A (en) * | 2019-10-12 | 2020-01-24 | 北京明略软件***有限公司 | AOP-based line-level authority control method, device and client |
| CN112650488A (en) * | 2019-10-12 | 2021-04-13 | 上海际链网络科技有限公司 | Parameter checking method and device, storage medium and service terminal |
| CN110727929B (en) * | 2019-10-12 | 2021-07-30 | 北京明略软件***有限公司 | AOP-based line-level authority control method, device and client |
| CN110795709A (en) * | 2019-10-31 | 2020-02-14 | 北京达佳互联信息技术有限公司 | Method and device for performing business operation, electronic equipment and storage medium |
| CN112818391A (en) * | 2021-01-26 | 2021-05-18 | 四川天翼网络服务有限公司 | Permission control method based on tangent plane programming |
| CN113722733A (en) * | 2021-08-27 | 2021-11-30 | 北京航天云路有限公司 | Data access authority control method based on Java annotation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106529229B (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106529229A (en) | Permission data processing method and apparatus | |
| CN105095755A (en) | File recognition method and apparatus | |
| CN105787364B (en) | Automatic testing method, device and system for tasks | |
| CN107797854B (en) | Transaction file processing method and device, storage medium and computer equipment | |
| CN104978530B (en) | A kind of application method for managing security, device, server and system | |
| CN105739968A (en) | Method and device for reviewing update content based on distributed version control system Git | |
| CN110414921A (en) | A kind of total management system declared at customs with no paper at all, method and device | |
| CN106681854A (en) | Information checking method, device and system | |
| CN112948234B (en) | Interface test method and device and electronic equipment | |
| CN107832059A (en) | Code static analysis method and device based on Makefile | |
| CN105553671B (en) | A kind of management method of digital certificate, apparatus and system | |
| CN112711640A (en) | Method and device for configuring business handling process | |
| CN104462934B (en) | A kind of information processing method and electronic equipment | |
| CN115328759A (en) | Form verification method and device | |
| CN110780904A (en) | Application updating method and device | |
| US9495367B2 (en) | System and method for performing a software comparison | |
| CN111143434A (en) | Intelligent data checking method, device, equipment and storage medium | |
| CA2243599C (en) | Processor system | |
| CN112085611A (en) | Asynchronous data verification method and device, electronic equipment and storage medium | |
| CN116303106A (en) | GitFlow software version-based quick rollback method and system suitable for financial industry | |
| CN114338850B (en) | Message checking method, device, terminal equipment and computer readable storage medium | |
| CN105243022B (en) | The performance data analysis method and device of host application software system | |
| US20170116212A1 (en) | System and method for systematically removing customer personal information from an electronic device | |
| CN112667507A (en) | Embedded software demand management method and system and electronic equipment | |
| CN113254837A (en) | Application program evaluation method, device, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100083 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Applicant after: Beijing Guoshuang Technology Co.,Ltd. Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing Applicant before: Beijing Guoshuang Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |