IntroductionBrother Siang found us a few days ago. Let's add permission control to the project, when we were impressed that the authority was a non-
Often sacred system, it should be independent of other systems alone and control the other system of a thing, in and division
In the process of brother Communication, the need for such a: we do not need a very granular permission control, we first do a
Relatively simple can, but need to do this permission to do, not like our computer room charge system in the dead
Board, what other requirements are not, this is our access to the premise, so we took about 3 days of time
began to look up data and implemented a relatively simple rights management function.
Introduction
Rights management, generally referred to as security rules or security policies set by the system, that users can access and only access
Own authorized resources, not a lot. There may be a mistaken understanding in the concept that
Mistake our "User authentication", "Password Encryption", "System Management" and other concepts to think that's what we're talking about.
Rights Management. But these problems are not in the purview of authority management at all. User authentication: is to solve the problem: users tell the system "Who am I", the system asks the user why
Prove that you are "who". For a system that uses username and password authentication, the password is presented. When the user
Name and password, it proves who the current user is, and for systems such as fingerprints, the fingerprint is present; for hardware key
Credit card system, you need to swipe.
Password encryption: Is subordinate to the user authentication domain, does not belong to the purview management category. System Management: Generally a module of the system. And the module also generally contains the Rights Management sub-module. Therefore, it is
Many people mistakenly think that the rights management system is only a small sub-module of the system. Management of permissions in System administration module
block, just an operator interface that enables enterprise IT administrators to set security policies such as roles. There's a lot more behind the system.
Permission validation logic, which is not part of the module. Overall, this module is equivalent to providing the Rights Management module
Some data, such as: Zhang San is a human resources manager.
Implementation Method
Implementation of permission control based on MVC framework There are several ideas: "User authentication", "Controller method right
Control "," interface element permission control "Three ways to provide a good user access to the Web development framework itself
Control and permission control, allowing the user interface to render menus, Web interface buttons and content, action
Can be assigned and controlled under the overall authority function.
"User Authentication"
Note: User authentication here is not a simple verification of the user name and password is correct, but in this base
Access to the user's permission information, so as to achieve the purpose of permission control.
This method can achieve more coarse permission control, in our system I used this method, the following
Just share with you:
Business logic: Gets the user's permission level (general user, operator, etc.) when the user logs on to the system
After the user level to get to this user level can operate functional items, and then according to the functional items can be manipulated to move
Loading and removing features menu. Now let's share the JS code for dynamic loading and removing menus.
Basic Configuration 0--Rights Management, 3--bid management, 4--user management, 5--bidding document management, 6--Expert management//7--Check-in//dynamic removal div var bb = new Array ();
bb= [' Bid management ', ' User management ', ' Bidding document management ', ' expert management ', ' sign in '];
function Isshow (i) {var container = document.getElementById ("AA");
if (Container.childNodes.length > 0) {var childNodes = container.childnodes;
while (Childnodes[i].nodetype = = 3) {container.removechild (container.childnodes[i]);
} container.removechild (Container.childnodes[i]);
}} $ (document). Ready (function () {//Dynamic control permissions with configuration menu visible $.post ('/role/getroleinfo ', {}, function (Result) {
if (Result! = "Super admin") {isshow (0);
}
});
$.post ('/role/getoperatecontentbyrolename ', {}, function (result) {//var BB = new Array ();
bb = [' Bid management ', ' User management ', ' Bidding document management ', ' expert management ', ' sign in '];
var tempoperatecontent = Result.split (",");
alert (tempoperatecontent); for (var j = 0; J < 5; J + +) {var m = $.inarray (Bb[j], tempoperatecontent);
if (m==-1) {isshow (j+3);
}
}
});
});
This allows a basic implementation of a simple permission control, but such permission control is not enough, because this
We just control our authority at the front desk, do not know whether people have thought about this problem, is that if we do not
Has the login interface but directly get the main interface URL, so that our front-page interface control is not useful
, so we need a combination of front desk and backstage, and then we use the second method and the third Chinese
Method. The following two methods will be shared in the next blog.
SummaryIn this project I have access to a lot of new things, but they are not very good understanding of them, and now just
Reached the stage of the use, but a lot of things are relatively unfamiliar, which led to their own code to adjust
Wrong time is more blind, because we can not well understand the mechanism inside the run, so in the next time
The need to consolidate the basic knowledge, so that their exposure to the relatively new knowledge into their familiar knowledge.
