CN115688195B - Block access control method, authentication method, device, equipment and storage medium - Google Patents
Block access control method, authentication method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115688195B CN115688195B CN202211611832.8A CN202211611832A CN115688195B CN 115688195 B CN115688195 B CN 115688195B CN 202211611832 A CN202211611832 A CN 202211611832A CN 115688195 B CN115688195 B CN 115688195B
- Authority
- CN
- China
- Prior art keywords
- authority
- block
- target
- array
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 96
- 230000015654 memory Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 12
- 238000009877 rendering Methods 0.000 abstract description 13
- 230000004044 response Effects 0.000 abstract description 6
- 238000013473 artificial intelligence Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 6
- 230000000903 blocking effect Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000006243 chemical reaction Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 210000004258 portal system Anatomy 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention provides a block access control method, an authentication method, a device, equipment and a storage medium, and relates to the technical field of artificial intelligence. The block access control method comprises the steps of obtaining a target authority of a user and a block authority of each service block, obtaining a merging authority of each service block according to the target authority and the block authority, removing duplication of the merging authority to obtain a de-duplication authority of the merging authority, obtaining authority information of each service block according to the de-duplication authority and the length of the merging authority, and displaying the target service block of the user according to the authority information. According to the method and the device, the target authority and the block authority do not need to be compared one by one, the time for comparing the authorities is shortened, and the phenomenon that the response time is too slow due to authority access is avoided. The target service blocks corresponding to different users can be displayed for different users, rendering of all the service blocks is avoided, meanwhile, interference information of a display interface is reduced, and access efficiency of a service system is improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a block access control method, an authentication method, an apparatus, a device, and a storage medium.
Background
The service system is used for realizing service management and information management standardization, and can efficiently process or display service related information. For example, when handling office business, the business system is an office system; when processing information presentation service such as news, the service system may be a web portal system or the like.
In the related art, a plurality of service blocks are integrated in a service system to meet different service requirements, and usually, the same service requirement may need a plurality of different service blocks to be implemented. Different users have different service requirements, and further, different users have different service block use requirements, so that different service blocks all contain independent access right information. However, in the related art, different user display interfaces include all service blocks, each service block needs to be authenticated, and when there are many service blocks, the authentication time is long, which results in long waiting time and low access efficiency for the user.
Disclosure of Invention
The embodiments of the present application mainly aim to provide a block access control method, an authentication method, an apparatus, a device, and a storage medium, so as to adaptively display a service block and improve the access efficiency of a page.
In order to achieve the above object, a first aspect of the embodiments of the present application provides a block access control method, which is applied to a network page display system, where a page displayed by the network page display system includes a plurality of service blocks, and the service blocks displayed for users with different permissions are different, and the method includes:
acquiring a target authority of a user;
acquiring the block authority of each service block;
obtaining the merging authority of each service block according to the target authority and the block authority;
the combining authority is subjected to deduplication to obtain deduplication authority of the combining authority;
acquiring authority information of each service block according to the length of the de-duplication authority and the length of the merging authority;
and displaying the target service block of the user according to the authority information.
In one embodiment, the block permissions include at least one user permission; the obtaining of the merging authority of each service block according to the target authority and the block authority includes:
generating a first permission array;
converting the target authority and each block authority into a preset format to obtain a target authority parameter and a block authority parameter;
and storing the target authority parameters and the block authority parameters into the first authority array to obtain the merging authority.
In an embodiment, the removing the duplicate of the merge right to obtain the duplicate removal right of the merge right includes:
generating a deduplication authority array, wherein the deduplication authority array comprises a first deduplication authority array;
and storing the target permission parameters and the block permission parameters in the merging permission in the first deduplication permission array according to a first preset storage rule to obtain the deduplication permission.
In an embodiment, the storing the target permission parameter and the block permission parameter in the merge permission in the first deduplication permission array according to a first preset storage rule includes:
acquiring a first storage element value, wherein the first storage element value is the target permission parameter or the block permission parameter acquired according to a preset sequence;
comparing the first storage element value with the values of the array elements in the first deduplication permission array, if no duplication exists, writing the first storage element value into the first deduplication permission array according to the numerical value, and adding one to the array size of the first deduplication permission array;
otherwise, the first storage element value is not written.
In one embodiment, the deduplication rights array further comprises a second deduplication rights array; if the total length of the elements in the first deduplication permission array is larger than a preset storage length:
and storing the target permission parameters and the block permission parameters in the merging permission in the second deduplication permission array according to a second preset storage rule to obtain the deduplication permission.
In an embodiment, the storing the target permission parameter and the block permission parameter in the merge permission in the second deduplication permission array includes:
acquiring a second storage element value, wherein the second storage element value is the target permission parameter or the block permission parameter;
acquiring a preset coding value of the second storage element value;
comparing the preset coding value with the preset coding value of the array element in the second deduplication permission array, and if the duplication does not exist, writing the value of the second storage element into the second deduplication permission array, wherein the array size of the second deduplication permission array is increased by one;
otherwise, the second storage element value is not written.
In an embodiment, the obtaining the permission information of each service block according to the lengths of the deduplication permission and the merge permission includes:
acquiring a first array length of the merging authority;
acquiring a second array length of the deduplication authority;
if the length of the first array is larger than that of the second array, the authority information is that the access authority exists;
and if the length of the first array is equal to the length of the second array, the permission information is no access permission.
In an embodiment, the displaying the target service block of the user according to the authority information includes:
acquiring authority information of each service block;
taking the service block with the access authority as a target service block;
generating layout information according to the target service block;
and displaying the target service block according to the layout information.
In an embodiment, the obtaining the target authority of the user includes:
obtaining login information of a user;
acquiring a user number of the user according to the login information;
and acquiring the target permission according to the user number.
In an embodiment, the obtaining the block right of each service block includes:
acquiring a display sequence of the service blocks;
and obtaining the block authority of each service block according to the display sequence.
In an embodiment, before obtaining the block right of each service block, the method further includes:
acquiring configuration rights, wherein the configuration rights comprise: a first right and/or a second right;
and generating the block authority according to the configuration authority.
In order to achieve the above object, a second aspect of the embodiments of the present application provides an authentication method, including:
acquiring a target authority of a user;
acquiring the block authority of each service block;
obtaining the merging authority of each service block according to the target authority and the block authority;
removing the duplication of the merging authority to obtain the duplication removing authority of the merging authority;
and obtaining the authority information of each service block according to the lengths of the de-duplication authority and the merging authority.
In order to achieve the above object, a third aspect of the embodiments of the present application provides a block access control device, which is applied to a network page presentation system, where a page presented by the network page presentation system includes a plurality of service blocks, and the service blocks presented to users with different permissions are different, the device includes:
a target authority acquisition unit: the system is used for acquiring the target authority of a user;
a block right acquisition unit: the block authority used for obtaining each service block;
a merging authority unit: the system is used for obtaining the merging authority of each service block according to the target authority and the block authority;
an authority deduplication unit: the de-duplication module is used for de-duplicating the merging authority to acquire the de-duplication authority of the merging authority;
permission information determination unit: the authority information of each service block is obtained according to the lengths of the de-duplication authority and the merging authority;
a service block display unit: and the target service block is used for displaying the target service block of the user according to the authority information.
In order to achieve the above object, a fourth aspect of the embodiments of the present application proposes an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the method of the first aspect or the second aspect when executing the computer program.
To achieve the above object, a fifth aspect of embodiments of the present application provides a storage medium, which is a computer-readable storage medium, and stores a computer program, and the computer program, when executed by a processor, implements the method of the first aspect or the second aspect.
According to the block access control method, the authentication method, the device, the equipment and the storage medium, the target authority of the user and the block authority of each service block are obtained, the merging authority of each service block is obtained according to the target authority and the block authority, the merging authority is deduplicated to obtain the deduplication authority of the merging authority, the authority information of each service block is obtained according to the deduplication authority and the length of the merging authority, and the target service block of the user is displayed according to the authority information. According to the method and the device, the authority information is obtained according to the array length relation between the de-duplication authority and the merging authority, the target authority and the block authority do not need to be compared one by one, the time for comparing the authorities is further shortened, and the phenomenon that response time is too slow due to authority access is avoided. And the target service block is obtained according to the target authority of the user, so that the corresponding target service block can be displayed for the display interfaces of different users. On one hand, the display interface of each user is prevented from rendering all the service blocks, and the rendering time is reduced; and on the other hand, the interference information of the display interface is reduced, so that a user can quickly select a target service block according to requirements, and the access efficiency of a service system is improved.
Drawings
Fig. 1 is a schematic view of a service block of an application scenario in a block access control method according to an embodiment of the present invention.
FIGS. 2 a-2 c are schematic diagrams of user interface displays of different users in the application scenario of FIG. 1.
Fig. 3 is a flowchart of a block access control method according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a correspondence relationship between a user and a department in another application scenario in the block access control method according to the embodiment of the present invention.
Fig. 5 is a schematic diagram of a service block in the application scenario of fig. 4.
Fig. 6 is a flowchart of step S110 in fig. 3.
Fig. 7 is a flowchart of step S120 in fig. 3.
Fig. 8 is a flowchart of step S130 in fig. 3.
Fig. 9 is a flowchart of step S140 in fig. 3.
Fig. 10 is a flowchart of step S142 in fig. 9.
Fig. 11 is a flowchart of a block access control method according to another embodiment of the present invention.
Fig. 12 is a flowchart of step S150 in fig. 3.
Fig. 13 is a flowchart of step S160 in fig. 3.
FIGS. 14 a-14 b are schematic diagrams of different user display interfaces in the application scenario of FIG. 4.
Fig. 15 is a flowchart of an authentication method according to an embodiment of the present invention.
Fig. 16 is a block diagram of a block access control device according to another embodiment of the present invention.
Fig. 17 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
It is noted that while functional block divisions are provided in device diagrams and logical sequences are shown in flowcharts, in some cases, steps shown or described may be performed in sequences other than block divisions within devices or flowcharts.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
The service system is used for realizing service management and information management standardization, and can efficiently process or display service related information. For example, when handling office business, the business system is an office system; when processing information presentation service such as news, the service system may be a web portal system or the like.
In the related art, a plurality of service blocks are integrated in a service system to meet different service requirements, and usually, the same service requirement may need a plurality of different service blocks to be implemented. Different users have different service requirements, and further, different users have different service block use requirements, so that different service blocks all contain independent access right information. However, in the related art, different user display interfaces include all service blocks, each service block needs to be authenticated, and when there are many service blocks, the authentication time is long, which results in long waiting time and low access efficiency for the user. Meanwhile, when a user accesses an unauthorized block, an unauthorized prompt is displayed, and at the moment, re-selection needs to be returned, so that the user can hardly select a target service block quickly.
Based on this, embodiments of the present invention provide a block access control method, an authentication method, an apparatus, a device, and a storage medium, where authority information is obtained according to an array length relationship between a deduplication authority and a merge authority, and it is not necessary to compare target authorities and block authorities one by one, so as to reduce time for comparing authorities and avoid too slow response time due to authority access. And the target service block is obtained according to the target authority of the user, so that the corresponding target service block can be displayed for display interfaces of different users. On one hand, the display interface of each user is prevented from rendering all the service blocks, and the rendering time is reduced; and on the other hand, the interference information of the display interface is reduced, so that a user can quickly select a target service block according to requirements, and the access efficiency of a service system is improved.
Embodiments of the present invention provide a block access control method, an authentication method, an apparatus, a device, and a storage medium, which are described in detail with reference to the following embodiments, and first describe the block access control method in the embodiments of the present invention.
The block access control method provided by the embodiment of the invention can be applied to a terminal, a server side and a computer program running in the terminal or the server side. For example, the computer program may be a native program or a software module in an operating system; the Application program may be a local (Native) Application program (APP), that is, a program that needs to be installed in an operating system to be run, such as a client that supports block access control, or an applet, that is, a program that needs to be downloaded to a browser environment to be run; but also an applet that can be embedded into any APP. In general, the computer programs described above may be any form of application, module, or plug-in. Wherein the terminal communicates with the server via a network. The block access control method may be performed by a terminal or a server, or performed by the terminal and the server in cooperation.
In some embodiments, the terminal may be a smartphone, tablet, laptop, desktop computer, or smart watch, among others. In addition, the terminal can also be an intelligent vehicle-mounted device. The intelligent vehicle-mounted equipment provides relevant services by applying the block access control method of the embodiment, and driving experience is improved. The server can be an independent server, and can also be a cloud server for providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content Delivery Network (CDN), big data and artificial intelligence platforms and the like; or may be service nodes in a blockchain system, where a Peer-To-Peer (P2P) network is formed among the service nodes in the blockchain system, and the P2P Protocol is an application layer Protocol operating on a Transmission Control Protocol (TCP). The server may be installed with a server of the block access control system, and the server may interact with the terminal through the server, for example, corresponding software is installed on the server, and the software may be an application for implementing the block access control method, but is not limited to the above form. The terminal and the server may be connected through communication connection manners such as bluetooth, USB (Universal Serial Bus), or network, which is not limited herein.
The invention is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In order to facilitate understanding of the embodiments of the present application, the following briefly introduces a process of block access control in conjunction with an example of a specific application scenario.
First, the block access control method of this embodiment may be applied to a network page display system, where a page displayed by the network page display system includes a plurality of service blocks, and the service blocks displayed by users with different permissions are different. It is understood that the web page presentation system may be an online web page system or a local client system. The network page display system is used as a service system for realizing service management and information management standardization and can efficiently process or display service related information. For example, when handling office business, the business system is an office system; when processing information presentation service such as news, the service system may be a web portal system or the like.
In an application scenario of an office system, referring to fig. 1, the office system includes 3 service blocks, which are: block 1, block 2 and block 3, the service blocks that different users can access are different, for example, the visitors to block 1 are: user 1, user 3, and user 4; the visitors to Block 2 are: user 1, user 2, and user 4; the visitors to Block 3 are: user 2 and user 3. Then, the access control method in the embodiment of the present application is applied to perform access control, and a service block is displayed adaptively for each user, referring to fig. 2a, a user interface of a user 1 displays a block 1 and a block 2. Referring to fig. 2b, the user interface of user 2 displays tile 2 and tile 3. Referring to fig. 2c, the user interface of user 3 displays tile 1 and tile 3. Referring to FIG. 2a, a user interface of user 4, such as user 1, also displays tile 1 and tile 2.
The block access control method in the embodiment of the present invention is described below.
Fig. 3 is an alternative flowchart of a block access control method according to an embodiment of the present invention, and the method in fig. 1 may include, but is not limited to, steps S110 to S160. Meanwhile, it is understood that, in this embodiment, the sequence from step S110 to step S160 in fig. 3 is not specifically limited, and the step sequence may be adjusted or some steps may be reduced or increased according to actual requirements.
Step S110: and acquiring the target authority of the user.
Step S120: and acquiring the block authority of each service block.
For example, referring to fig. 4, the scenario includes five business departments, and the department IDs of the five business departments are: a department B1, a department B2, and a department B3.
Each department comprises 4 users, and due to business intersection, a certain user may belong to multiple departments, for example, a certain financial user belongs to a market department and a financial department. Referring to fig. 4, the correspondence between the user and the department is:
department B1 contains users as: a user A1, a user A2, a user A3 and a user A4;
department B2 contains users as: user A2, user A4, user A5, and user A6;
department B3 contains users as: user A4, user A7, user A8, and user A9;
in one embodiment, A1, A2, \ 8230, A9, above, are user IDs, and in this scenario, the user ID of each user is unique and non-repeating.
Fig. 5 is a schematic diagram of a service block in the above scenario. The scene comprises 3 service blocks, namely a block Q1, a block Q2 and a block Q3, wherein each service block comprises different authority information for carrying out authority limitation on different users.
Wherein, the block Q1 has authority to all users in the department B3, so the block authority of the block Q1 is represented as: A4B3, A7B3, A8B3, and A9B3.
The block Q2 has authority over part of users in the department B2 and the department B3, such as the user A2 and the user A4 in the department B2, and the user A8 and the user A9 in the department B3, so the block authority of the block Q2 is expressed as: A2B2, A4B2, A8B3, and A9B3.
The block Q3 has authority over all users in the department B1 and part of users in the department B2, for example, the users A5 and A6 in the department B2, so the block authority of the block Q3 is expressed as: A1B1, A2B1, A3B1, A4B1, A5B2, and A6B2.
From the above, the target permissions of different users in this scenario are:
the target permissions of the user A1 include: A1B1;
the target permissions of user A2 include: A2B1, A2B2;
the target rights of the user A3 include: A3B1;
the target permissions of user A4 include: A4B1, A4B2 and A4B3;
the target permissions of user A5 include: A5B2;
the target permissions of user A6 include: A6B2;
the target permissions of user A7 include: A7B3;
the target permissions of user A8 include: A8B3;
the target rights of the user A9 include: and A9B3.
As can be seen from the above, different users include authorities of different departments corresponding to authorities of different service blocks, and thus, in an embodiment, a database in which user information is stored in advance may be established, where the database includes a correspondence between a user ID and a department ID and a block authority of each service block. In this embodiment, a unique user ID and a unique department ID may be used to generate a corresponding string key as the blocking right according to a key generation rule, where the string may be a number of an integer, and the obtained blocking right is uniquely distinguishable.
It should be understood that the format of the block authority is only illustrated, and the embodiment of the present application does not limit the specific format of the block authority.
In an embodiment, the process of establishing the database for storing the user information in advance specifically includes: firstly, the configuration authority of each service block is obtained, and then the block authority for each service block is generated according to the configuration authority. The configuration authority here includes: the system comprises a first authority and/or a second authority, wherein the first authority is the authority of the service block to different departments, and the second authority is the authority of the service block to different users. Therefore, in an embodiment, when configuring the block right of a certain service block, the rights of all users in the department may be used as a part of the block right according to the department right, or the rights of the users may be directly used as a part of the block right.
As can be seen from the above, the block authority of each service block in the embodiment of the present application includes authority information of different users.
In an embodiment, referring to fig. 6, which is a flowchart illustrating a specific implementation of step S110 in an embodiment, in this embodiment, the step S110 of obtaining the target authority of the user includes:
step S111: and obtaining login information of the user.
In one embodiment, the login information of the user may be an account password or auxiliary information for performing authentication, such as face recognition, fingerprint recognition, and the like, which is negotiated with the user and recorded in the database.
Step S112: and acquiring the user number of the user according to the login information.
In an embodiment, the database stores a mapping relationship between the login information and the user number, and the login information according to the above steps can obtain a uniquely determined user number, where the user number may be the user ID in fig. 4.
Step S113: and acquiring the target authority according to the user number.
In an embodiment, the target permission is formed by acquiring the related permissions of all the service blocks under the user number according to the user number.
In an embodiment, referring to fig. 7, which is a flowchart illustrating a specific implementation of step S120 in an embodiment, in the embodiment, the step S120 of obtaining the blocking right of each service block includes:
step S121: and acquiring the display sequence of the service blocks.
Step S122: and obtaining the block authority of each service block according to the display sequence.
In an embodiment, the block authority of the service block may be obtained according to a preset display order. For example, the display order may be from top to bottom, and the same row is from left to right, and the display order is not particularly limited in this embodiment.
From the above, the target authority of the user is obtained for the user, and the block authority of the service block is obtained for the service block.
Step S130: and obtaining the merging authority of each service block according to the target authority and the block authority.
In an embodiment, referring to fig. 8, which is a flowchart illustrating a specific implementation of step S130 in an embodiment, in the embodiment, the step S130 of obtaining the merge right of each service block according to the target right and the block right includes:
step S131: a first permission array is generated.
In one embodiment, a corresponding first permission array is generated for each service block for storing target permissions and block permissions.
Step S132: and converting the target authority and the block authority of each service block into a preset format to obtain a target authority parameter and a block authority parameter.
In one embodiment, the target permissions and the blocking permissions may be converted to a format that facilitates storage of the array, i.e., a predetermined format, for example, the predetermined format may be an integer value, for storage in the array. And after format conversion, obtaining a corresponding target permission parameter according to the target permission, and obtaining a corresponding block permission parameter according to the block permission. It will be appreciated that if the block rights and target rights themselves satisfy the format of the array store, the preset format is its own data format.
Step S133: and storing the target authority parameters and the block authority parameters into a first authority array to obtain merging authority.
In an embodiment, the target permission parameters and the block permission parameters with the appropriate formats are stored in the first permission array one by one to obtain the merging permission.
With reference to fig. 4 and 5, the user A2 and the user A4 will be described as an example.
The block authority for block Q1 is represented as: A4B3, A7B3, A8B3, and A9B3; the block right of block Q2 is represented as: A2B2, A4B2, A8B3, and A9B3; the block right for block Q3 is represented as: A1B1, A2B1, A3B1, A4B1, A5B2, and A6B2.
For user A2, the target rights of user A2 include: A2B1 and A2B2, thus:
the merge rights array for block Q1 is represented as: { A4B3, A7B3, A8B3, A9B3, A2B1, A2B2};
the merge right for block Q2 is represented as: { A2B2, A4B2, A8B3, A9B3, A2B1, A2B2};
the merge right for block Q3 is represented as: { A1B1, A2B1, A3B1, A4B1, A5B2, A6B2, A2B1, A2B2}.
For user A4, the target permissions of user A4 include: A4B1, A4B2, and A4B3, thus:
the merge rights array for block Q1 is represented as: { A4B3, A7B3, A8B3, A9B3, A4B1, A4B2, A4B3};
the merge right for block Q2 is represented as: { A2B2, A4B2, A8B3, A9B3, A4B1, A4B2, A4B3};
the merge right for block Q3 is represented as: { A1B1, A2B1, A3B1, A4B1, A5B2, A6B2, A4B1, A4B2, A4B3}.
It can be understood that, the above block right and target right, that is, the block right parameter and target right parameter after format conversion, are only illustrated in this embodiment, and are not limited in particular.
As can be seen from the above, for the user, each service block can obtain a merge right.
Step S140: and carrying out deduplication on the merging authority so as to obtain the deduplication authority of the merging authority.
In an embodiment, referring to fig. 9, which is a flowchart illustrating a specific implementation of step S140 in an embodiment, in the embodiment, the step S140 of performing deduplication on merge permissions to obtain deduplication permissions of the merge permissions includes:
step S141: and generating a deduplication authority array.
In an embodiment, the merge permission deduplication is performed using a data format of Redis Set, thus generating a deduplication permission array of the Set data format. Because the data format of the Redis Set comprises two data formats, one is the IntSet data format, and the other is the HashTable data format, the deduplication authority array comprises a first deduplication authority array and a second deduplication authority array.
Step S142: and storing the target permission parameters and the block permission parameters in the merging permission in a first de-duplication permission array according to a first preset storage rule to obtain de-duplication permission.
In one embodiment, the first preset storage rule includes two defining conditions, and the first defining condition is: if the target authority parameters and the block authority parameters can be converted into Int integer types, storing the target authority parameters and the block authority parameters in the duplication elimination authority array in the IntSet data format; the second limiting condition is: when the total length of the elements in the first deduplication authority array needs to be less than or equal to a preset storage length.
In an embodiment, referring to fig. 10, which is a flowchart illustrating a specific implementation of step S142 in an embodiment, in this embodiment, the step S142 of storing the target permission parameter and the block permission parameter in the merge permission in the first deduplication permission array according to a first preset storage rule to obtain the deduplication permission includes:
step S1421: a first storage element value is obtained.
In an embodiment, the first storage element value is a target permission parameter or a block permission parameter obtained according to a preset sequence, where the preset sequence is obtained by arranging the target permission parameter and the block permission parameter in a descending order, that is, the target permission parameter or the block permission parameter is obtained as the first storage element value in a descending order.
Step S1422: and comparing the value of the first storage element with the value of the array element in the first deduplication permission array, and judging whether writing is needed or not.
In an embodiment, if there is no duplication between the first storage element value and the value of the group element in the first deduplication right array, the first storage element value is written into the first deduplication right array according to the value size, and the array size of the first deduplication right array is incremented by one. Otherwise, the first storage element value is not written.
In one embodiment, the first deduplication rights data is an array in the IntSet data format. The Int set array stores Int integer data, and when the Int set array stores Int integer data, the Int set array stores Int integer data in order, for example, according to the index of the array, the data value is changed from small to large.
The foregoing deduplication process is described below with reference to fig. 4 and fig. 5 by taking the permission check process of the user A2 on the block Q2 as an example.
The merge right for block Q2 is represented as: { A2B2, A4B2, A8B3, A9B3, A2B1, A2B2}, assuming that the values in the merge right for block Q2 are arranged from small to large:
{A2B2,A2B2,A2B1,A8B3,A4B2,A9B3}。
a first deduplication authority array for block Q2 is constructed, denoted as S2.
The first step is as follows:
S2={}
the second step is that:
the first storage element value is: A2B2, which is written in S2, S2= { A2B2}.
The third step:
the first storage element value is: A2B2, which is compared with the array element A2B2 in S2, and if a duplicate is found, then the first memory element value of this step is not written, and S2= { A2B2}.
The fourth step:
the first storage element value is: A2B1, which is compared with the tuple element A2B2 in S2 and found not to be repeated, writes the first storage element value of this step, S2= { A2B2, A2B1}.
The fifth step:
the first storage element value is: and A8B3, comparing the values with the array elements A2B2 and A2B1 in S2 one by one, and writing the first storage element value in S2= { A2B2, A2B1, A8B3} if no duplication is found.
And a sixth step:
the first storage element value is: A4B2, which is compared with the array elements A2B2, A2B1, and A8B3 in S2 one by one, and if no duplication is found, the first storage element value of this step is written, and S2= { A2B2, A2B1, A8B3, A4B2}.
The seventh step:
the first storage element value is: A9B3, which is compared one by one with the array elements A2B2, A2B1, A8B3 and A4B2 in S2, and if no duplication is found, the first memory element value of this step is written, S2= { A2B2, A2B1, A8B3, A4B2, A9B3}.
Thus, a first deduplication right array S2 of the block Q2 is obtained, which is expressed as: s2= { A2B2, A2B1, A8B3, A4B2, A9B3}, where the elements in the first deduplication permission array S2 are arranged from small to large according to the array subscript, the array element values are also arranged from small to large, and there are no duplicate array elements.
In the above process, if one of the two limiting conditions in the first preset storage rule is not satisfied, for example, the target permission parameter and the block permission parameter cannot be converted into Int integer type, or the length of the element in the first deduplication permission array needs to be greater than the preset storage length. And storing the target permission parameters and the block permission parameters in the combined permission in a second duplication-removing permission array according to a second preset storage rule to obtain duplication-removing permission, wherein the data format of the second duplication-removing permission array is a HashTable data format.
In an embodiment, when the deduplication authority array is deduplicated, format conversion is performed on the target authority parameter and the block authority parameter stored in the array, if the target authority parameter and the block authority parameter can be converted into an Int type, the Int type is stored in a first deduplication authority array IntSet, and if the target authority parameter and the block authority parameter cannot be converted into the format, the IntSet is stored in a second deduplication authority array in a HashTable data format. In addition, because the IntSet data format has a limit on the number of the stored array elements, if the total length of the elements of the array elements stored in the IntSet data format reaches a preset storage length, the subsequent storage is stored in the HashTable data format.
It will be appreciated that the length of the elements of the array in the first deduplication rights array is not equal to the number of elements in the first deduplication rights array. For example, if the array elements in the first deduplication authority array are Int16 type integers, the length of each array element is 16, and if 5 array elements are included, the total length of the array elements in the first deduplication authority array is 16 × 5=80.
In an embodiment, the preset storage length is 512, that is, when the total length of the array elements of the first deduplication permission array is greater than 512, the subsequent target permission parameters or block permission parameters are stored in the second deduplication permission array in a HashTable data format.
In an embodiment, referring to fig. 11, the process of storing the target permission parameter and the block permission parameter in the merge permission in the second deduplication permission array according to the second preset storage rule to obtain the deduplication permission includes the following steps.
Step S1110: a second storage element value is obtained.
In an embodiment, the second deduplication permission array is an array stored in a HashTable form, wherein the second storage element value is a target permission parameter or a block permission parameter.
Step S1120: a preset encoding value for the second storage element value is obtained.
In an embodiment, the predetermined code value is a hash value of the target privilege parameter or the block privilege parameter calculated according to a predetermined hash function. In this embodiment, the hash value is used to calculate a storage location of the corresponding second storage element value in the second deduplication authority array.
Step S1130: and comparing the preset code value with the preset code value of the array element in the second deduplication authority array, and judging whether to write in.
In an embodiment, the preset encoding values, namely hash values, of all array elements in the second deduplication permission array are obtained first, and the preset encoding values of the second storage element values and the preset encoding values of other array elements in the second deduplication permission array are not repeated, so that the second storage element values are written into the second deduplication permission array, and the array size of the second deduplication permission array is increased by one; otherwise, the second storage element value is not written.
It can be understood that, through the above process, the deduplication authority array obtained by using the Redis Set data format does not contain repeated elements. Because Redis Set utilizes the hash table to calculate, the hash table is actually a one-dimensional array, the data structure solves the defects of the addition and deletion elements of the array and the query efficiency of the linked list, corresponding data can be found only by calculating the hash value once during calculation, and if the hash values are the same, the linked list is returned, and the elements of the linked list are compared. Therefore, the processing efficiency can be improved by obtaining the deduplication permission array by using the Redis Set data format.
Step S150: and obtaining the authority information of each service block according to the lengths of the de-duplication authority and the combination authority.
In an embodiment, referring to fig. 12, which is a flowchart illustrating a specific implementation of step S150 in an embodiment, in this embodiment, the step S150 of obtaining the authority information of each service block according to the lengths of the deduplication authority and the merge authority includes:
step S151: and acquiring the first array length of the merging authority.
Step S152: and acquiring the second array length of the deduplication authority.
Step S153: and if the length of the first array is larger than that of the second array, the authority information is that the access authority exists.
Step S154: and if the first array length is equal to the second array length, the authority information is without access authority.
In an embodiment, if a certain service block has an authority to a user, the block authority of the service block includes a target authority of the user to the service block, and therefore the merge authority includes the block authority of the service block and the target authority of the user, and the deduplication authority array of the service block obtained after deduplication is performed by using the above process does not include repeated array elements, so it can be understood that if a certain service block has an authority to a user, the merge array includes two sets of same target authorities, and the deduplication authority array includes one set of target authorities.
For example, in an embodiment, the user A2 and the user A4 are taken as examples and explained with reference to the above embodiments.
For user A2, the target permissions of user A2 include: A2B1 and A2B2, thus:
the merge rights array for block Q1 is represented as: { A4B3, A7B3, A8B3, A9B3, A2B1, A2B2}, the deduplication rights array is represented as: { A4B3, A7B3, A8B3, A9B3, A2B1, A2B2}.
The merge right for block Q2 is represented as: { A2B2, A4B2, A8B3, A9B3, A2B1, A2B2}, the deduplication authority array is represented as: { A2B2, A4B2, A8B3, A9B3, A2B1}.
The merge right for block Q3 is represented as: { A1B1, A2B1, A3B1, A4B1, A5B2, A6B2, A2B1, A2B2}, the deduplication authority array is represented as: { A1B1, A2B1, A3B1, A4B1, A5B2, A6B2, A2B2}.
As can be seen from the above, for the user A2, the first array length of the merge permission array of the block Q1 is 6, and the second array length of the deduplication permission array is 6; the first array length of the merging permission array of the block Q2 is 6, and the second array length of the de-duplication permission array is 5; the first array length of the merge rights array of block Q3 is 8, and the second array length of the deduplication rights array is 7.
For user A4, the target permissions of user A4 include: A4B1, A4B2 and A4B3, thus:
the merge rights array for block Q1 is represented as: { A4B3, A7B3, A8B3, A9B3, A4B1, A4B2, A4B3}, the deduplication authority array is represented as: { A4B3, A7B3, A8B3, A9B3, A4B1, A4B2}.
The merge right for block Q2 is represented as: { A2B2, A4B2, A8B3, A9B3, A4B1, A4B2, A4B3}, the deduplication authority array is represented as: { A2B2, A4B2, A8B3, A9B3, A4B1, A4B3}.
The merge right for block Q3 is represented as: { A1B1, A2B1, A3B1, A4B1, A5B2, A6B2, A4B1, A4B2, A4B3}, the deduplication authority array is represented as: { A1B1, A2B1, A3B1, A4B1, A5B2, A6B2, A4B2, A4B3}.
For the user A4, the first array length of the merging permission array of the block Q1 is 7, and the second array length of the deduplication permission array is 6; the first array length of the merging authority array of the block Q2 is 7, and the second array length of the deduplication authority array is 6; the first array length of the merge right array of block Q3 is 9, and the second array length of the deduplication right array is 8.
As can be seen from the above, for the user A2, if the first array length of the block Q1 is equal to the second array length, there is no access right to the service block; if the first array length of the block Q2 is larger than the second array length, the access right to the service block is 5; if the first array length of the block Q3 is larger than the second array length, the service block has access right.
For the user A4, if the first array length of the block Q1 is larger than the second array length, the service block has access right; if the first array length of the block Q2 is larger than the second array length, the service block has access right; if the first array length of the block Q3 is larger than the second array length, the service block has access right.
In the related art, for example, since the permissions of the service blocks for different users are different in a plurality of service blocks included in an interface of a portal website, each service block needs to record information of all users having access permissions, and different users may have the permissions of a plurality of service blocks, therefore, when the permissions are verified, multiple sets of permission information are compared and confirmed, the comparison period is long, different service blocks are independently calculated, so that calculation needs to be performed for a long time during access, and page rendering is performed on all blocks after calculation is completed, which takes a long time. When a portal website or an office system is developed in a browser by adopting Javascript language, because the Javascript language structure brings the problem of slow traversal speed, if the data volume of a user is large, the calculation time consumption is multiplied along with the increase of the data volume, a long-time no-response process even a thread is used for blocking a white screen of a page, and a sound process with large data volume cannot be received in the page, so that the user has long waiting time and the use experience of the user is influenced.
According to the embodiment of the application, whether the user has the access right to the service block is indirectly obtained by comparing the first array length of the combined right with the second array length of the duplication removal right, the traditional mode that the target right of the user is searched one by one in each block right is not directly known whether the user has the right, the size of the array is only required to be judged, the calculation speed can be greatly increased, the CPU utilization rate is reduced, and only the service block with the right of the user is subjected to targeted rendering, so that the access efficiency is further improved, and the effects of enabling the page not to be blocked, not to be blank and quickly rendering are achieved.
In an embodiment, the operation efficiency of the indirect method for knowing whether the user has the access right to the service block in the embodiment of the present application and the direct method in the related art are compared, and the following table is referred to.
| Data volume | Original time (ms) | Consumption time (ms) | Multiplying power |
| 100 | 0.53 | 0.15 | 3.53 |
| 1000 | 2.18 | 0.19 | 11.47 |
| 3000 | 11.21 | 1.17 | 9.58 |
| 8000 | 81.03 | 3.31 | 24.28 |
| 13000 | 171.88 | 5.35 | 32.13 |
| 20000 | 414.09 | 7.51 | 55.21 |
| 50000 | 2390.23 | 21.63 | 110.51 |
| 80000 | 5522.79 | 35.52 | 155.48 |
| 100000 | 7908.37 | 48.05 | 164.59 |
| 200000 | 19941.56 | 91.36 | 218.27 |
| 1000000 | 576969.13 | 468.4 | 1231.79 |
As can be seen from the above table, the time consumption of the indirect method in the embodiment of the present application is much lower than that of the direct search method in the related art, and along with the increase of the data volume, the time consumption optimization is gradually obvious, that is, the optimization magnification is higher and higher.
Step S160: and displaying the target service block of the user according to the authority information.
In an embodiment, referring to fig. 13, which is a flowchart illustrating a specific implementation of step S160 in an embodiment, in this embodiment, the step S160 of displaying the target service block of the user according to the authority information includes:
step S161: and acquiring the authority information of each service block.
In an embodiment, the permission information of the service block, that is, the access permission of the user to the service block, includes an access permission and no access permission.
Step S162: and taking the service block with the access authority as a target service block.
In an embodiment, according to the access authority of the user to the service block, the service block with the access authority of the user is screened as a target service block.
Step S163: and generating layout information according to the target service block.
Step S164: and displaying the target service block according to the layout information.
In an embodiment, since the target service blocks that each user may display are different, the layout information of the corresponding number is preset according to the number of the target service blocks, for example, when there is only one target service block, the layout information may be: the up-down direction and the left-right direction of the target service block are both centered, or the left-right direction of the target service block is centered and the top of the up direction is arranged. If there are two target service blocks, the layout information may be: the two target service blocks are centered up and down, equally spaced in the left and right directions, or equally spaced up and down, and centered in the left and right directions. In an embodiment, a plurality of sets of layout information may also be generated in advance according to the number and size of the service blocks, and after the number of the target service blocks is obtained in the above steps, the target service blocks are displayed according to the preset layout information. It can be understood that, in order to increase the rendering speed, the target service block may be displayed at the position of the target service block under the original layout of all the service blocks, and the layout information of the target service block is not specifically limited in this embodiment.
Referring to fig. 14a, a display interface of the user A2 in the above embodiment is shown, and fig. 14b is a display interface of the user A4.
Since user A2 has no access rights to tile Q1, there are access rights to tile Q2 and tile Q3. User A4 has access to tile Q1, tile Q2, and tile Q3. Thus, FIG. 14a shows the tile Q2 and the tile Q3 for the user A2, and FIG. 14b shows the tile Q1, the tile Q2 and the tile Q3 for the user A4.
According to the technical scheme provided by the embodiment of the invention, the target authority of the user and the block authority of each service block are obtained, the merging authority of each service block is obtained according to the target authority and the block authority, the de-duplication authority is carried out on the merging authority so as to obtain the de-duplication authority of the merging authority, the authority information of each service block is obtained according to the de-duplication authority and the length of the merging authority, and the target service block of the user is displayed according to the authority information.
According to the method and the device, the authority information is obtained according to the array length relation between the de-duplication authority and the merging authority, the target authority and the block authority do not need to be compared one by one, the authority comparison time is further shortened, and the phenomenon that response time is too slow due to authority access is avoided. And the target service block is obtained according to the target authority of the user, so that the corresponding target service block can be displayed for display interfaces of different users. On one hand, the display interface of each user is prevented from rendering all the service blocks, and the rendering time is reduced; and on the other hand, the interference information of the display interface is reduced, so that a user can quickly select a target service block according to requirements, and the access efficiency of a service system is improved.
The embodiment of the present invention further provides an authentication method, referring to fig. 15, the method flow includes:
step S1510: acquiring a target authority of a user;
step S1520: acquiring the module authority of each service module;
step S1530: obtaining the merging authority of each service module according to the target authority and the module authority;
step S1540: removing the duplicate of the merging authority to obtain the duplicate removal authority of the merging authority;
step S1550: and obtaining the authority information of each service module according to the lengths of the de-duplication authority and the combination authority.
It can be understood that the authentication method of the embodiment of the present application can be used in a plurality of service systems, and the service systems include different service modules. The service module may be a service block as in the foregoing embodiment, or a function module inside the service system, and the permissions of the users are different and are different for the service modules that can be accessed, so that the permission of different blocks or function modules can be authenticated quickly by using the authentication method of this embodiment, thereby improving the access efficiency of the service system.
For example, when the authentication method of the embodiment of the present application can be applied to the network page display system, the specific implementation is substantially the same as the specific implementation of the block access control method, and for related description, reference is made to the description of the foregoing embodiment, which is not repeated herein.
An embodiment of the present invention further provides a block access control device, which can implement the block access control method described above, and with reference to fig. 16, the block access control device includes:
the target authority acquiring unit 1610: for obtaining the target rights of the user.
The block right acquiring unit 1620: for obtaining the block right of each service block.
Merge permissions unit 1630: and the method is used for obtaining the merging authority of each service block according to the target authority and the block authority.
Authority deduplication unit 1640: and the device is used for removing the duplicate of the merging authority so as to obtain the duplicate removal authority of the merging authority.
Authority information determination unit 1650: and the authority information of each service block is obtained according to the lengths of the de-duplication authority and the combination authority.
Service block display unit 1660: and the system is used for displaying the target service block of the user according to the authority information.
The specific implementation of the block access control apparatus in this embodiment is substantially the same as the specific implementation of the block access control method, and is not described herein again.
An embodiment of the present invention further provides an electronic device, including:
at least one memory;
at least one processor;
at least one program;
the programs are stored in the memory and the processor executes the at least one program to implement the block access control method of the present invention as described above. The electronic device can be any intelligent terminal including a mobile phone, a tablet computer, a Personal Digital Assistant (PDA for short), a vehicle-mounted computer and the like.
Referring to fig. 17, fig. 17 illustrates a hardware structure of an electronic device according to another embodiment, where the electronic device includes:
the processor 1701 may be implemented by a general CPU (central processing unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits, and is configured to execute a related program to implement the technical solution provided in the embodiment of the present invention;
the memory 1702 may be implemented in the form of a ROM (read only memory), a static storage device, a dynamic storage device, or a RAM (random access memory). The memory 1702 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present disclosure is implemented by software or firmware, the relevant program codes are stored in the memory 1702 and called by the processor 1701 to execute the block access control method according to the embodiments of the present disclosure;
an input/output interface 1703 for implementing information input and output;
a communication interface 1704, configured to implement communication interaction between the device and another device, where the communication may be implemented in a wired manner (e.g., USB, network cable, etc.), or in a wireless manner (e.g., mobile network, WIFI, bluetooth, etc.); and
a bus 1705 that transfers information between various components of the device (e.g., the processor 1701, the memory 1702, the input/output interface 1703, and the communication interface 1704);
wherein the processor 1701, the memory 1702, the input/output interface 1703 and the communication interface 1704 enable communication connections within the device with each other through the bus 1705.
An embodiment of the present application further provides a storage medium, which is a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the block access control method is implemented.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
According to the block access control method, the block access control device, the electronic equipment and the storage medium, the target authority of the user and the block authority of each service block are obtained, the merging authority of each service block is obtained according to the target authority and the block authority, the merging authority is deduplicated to obtain the deduplication authority of the merging authority, the authority information of each service block is obtained according to the deduplication authority and the length of the merging authority, and the target service block of the user is displayed according to the authority information. According to the method and the device, the authority information is obtained according to the array length relation between the de-duplication authority and the merging authority, the target authority and the block authority do not need to be compared one by one, the time for comparing the authorities is further shortened, and the phenomenon that response time is too slow due to authority access is avoided. And the target service block is obtained according to the target authority of the user, so that the corresponding target service block can be displayed for display interfaces of different users. On one hand, the display interface of each user is prevented from rendering all the service blocks, and the rendering time is reduced; and on the other hand, the interference information of the display interface is reduced, so that a user can quickly select a target service block according to requirements, and the access efficiency of a service system is improved.
The embodiments described in the embodiments of the present application are for more clearly illustrating the technical solutions of the embodiments of the present application, and do not constitute a limitation to the technical solutions provided in the embodiments of the present application, and it is obvious to those skilled in the art that the technical solutions provided in the embodiments of the present application are also applicable to similar technical problems with the evolution of technology and the emergence of new application scenarios.
It will be appreciated by those skilled in the art that the embodiments shown in the figures are not intended to limit the embodiments of the present application and may include more or fewer steps than those shown, or some of the steps may be combined, or different steps may be included.
The above described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.
The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Moreover, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" is used to describe the association relationship of the associated object, indicating that there may be three relationships, for example, "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b and c may be single or plural.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is only one type of division of logical functions, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application, which are essential or part of the technical solutions contributing to the prior art, or all or part of the technical solutions, may be embodied in the form of a software product stored in a storage medium, which includes multiple instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing programs, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The preferred embodiments of the present application have been described above with reference to the accompanying drawings, and the scope of the claims of the embodiments of the present application is not limited thereto. Any modifications, equivalents and improvements that may occur to those skilled in the art without departing from the scope and spirit of the embodiments of the present application are intended to be within the scope of the claims of the embodiments of the present application.
Claims (14)
1. A block access control method is applied to a network page display system, a page displayed by the network page display system comprises a plurality of service blocks, and the service blocks displayed by users with different authorities are different, and the method comprises the following steps:
acquiring a target authority of a user;
acquiring the block authority of each service block; the target authority is formed by the block authorities of all the service blocks with authority of the user;
obtaining the merging authority of each service block according to the target authority and the block authority;
removing the duplication of the merging authority to obtain the duplication removing authority of the merging authority;
acquiring authority information of each service block according to the length of the de-duplication authority and the length of the merging authority;
displaying a target service block of the user according to the authority information;
the block authority comprises at least one user authority; the obtaining of the merging authority of each service block according to the target authority and the block authority includes:
generating a first permission array;
converting the target authority and each block authority into a preset format to obtain a target authority parameter and a block authority parameter;
and storing the target authority parameters and the block authority parameters into the first authority array to obtain the merging authority.
2. A block access control method as claimed in claim 1, wherein said removing the duplicate of the merged right to obtain the duplicate right of the merged right comprises:
generating a deduplication authority array, wherein the deduplication authority array comprises a first deduplication authority array;
and storing the target permission parameters and the block permission parameters in the merging permission in the first deduplication permission array according to a first preset storage rule to obtain the deduplication permission.
3. A block access control method as claimed in claim 2, wherein the storing the target right parameter and the block right parameter in the merge right in the first deduplication right array according to a first preset storage rule comprises:
acquiring a first storage element value, wherein the first storage element value is the target permission parameter and the block permission parameter acquired according to a preset sequence;
comparing the first storage element value with the values of the array elements in the first deduplication permission array, if no duplication exists, writing the first storage element value into the first deduplication permission array according to the numerical value, and adding one to the array size of the first deduplication permission array;
otherwise, the first storage element value is not written.
4. A block access control method as claimed in claim 2, wherein the deduplication rights array further comprises a second deduplication rights array; if the total length of the elements in the first deduplication authority array is larger than a preset storage length:
and storing the target permission parameters and the block permission parameters in the merging permission in the second deduplication permission array according to a second preset storage rule to obtain the deduplication permission.
5. A block access control method as claimed in claim 4, wherein the storing the target right parameter and the block right parameter in the merge right in the second deduplication right array comprises:
acquiring a second storage element value, wherein the second storage element value is the target permission parameter and the block permission parameter;
acquiring a preset coding value of the second storage element value;
comparing the preset code value with the preset code value of the array element in the second deduplication authority array, if no duplication exists, writing the value of the second storage element into the second deduplication authority array, and adding one to the array size of the second deduplication authority array;
otherwise, the second storage element value is not written.
6. A block access control method as claimed in claim 1, wherein said obtaining the permission information of each service block according to the lengths of the de-duplication permission and the merge permission comprises:
acquiring a first array length of the merging authority;
acquiring a second array length of the deduplication authority;
if the length of the first array is larger than that of the second array, the authority information is that the access authority exists;
and if the length of the first array is equal to the length of the second array, the permission information is no access permission.
7. A block access control method as claimed in claim 6, wherein said displaying the target service block of the user according to the authority information comprises:
acquiring authority information of each service block;
taking the service block with the access authority of the authority information as a target service block;
generating layout information according to the target service block;
and displaying the target service block according to the layout information.
8. A block access control method as claimed in any one of claims 1 to 7, wherein said obtaining target permissions of users comprises:
acquiring login information of a user;
acquiring a user number of the user according to the login information;
and acquiring the target permission according to the user number.
9. A block access control method according to any of claims 1 to 7, wherein said obtaining block permissions of each service block comprises:
acquiring a display sequence of the service blocks;
and obtaining the block authority of each service block according to the display sequence.
10. A block access control method according to any one of claims 1 to 7, wherein before obtaining block permissions for each service block, the method further comprises:
acquiring configuration rights, wherein the configuration rights comprise: a first right and/or a second right;
and generating the block authority according to the configuration authority.
11. An authentication method, comprising:
acquiring a target authority of a user;
acquiring the module authority of each service module; the target authority is formed by the module authorities of all the service modules with authority of the user;
obtaining the merging authority of each service module according to the target authority and the module authority;
removing the duplication of the merging authority to obtain the duplication removing authority of the merging authority;
acquiring authority information of each service module according to the length of the de-duplication authority and the length of the combination authority;
the module permissions comprise permissions of at least one user; the obtaining of the merging permission of each service module according to the target permission and the module permission comprises:
generating a first permission array;
converting the target authority and each module authority into a preset format to obtain a target authority parameter and a block authority parameter;
and storing the target authority parameters and the block authority parameters into the first authority array to obtain the merging authority.
12. A block access control device is applied to a network page display system, a page displayed by the network page display system comprises a plurality of service blocks, and the service blocks displayed by users with different authorities are different, the device comprises:
a target authority acquisition unit: the system is used for acquiring the target authority of a user;
a block right acquisition unit: the block authority is used for acquiring the block authority of each service block; the target authority is formed by the block authority of all the service blocks which are authorized by the user;
a merging authority unit: the merging authority is used for obtaining the merging authority of each service block according to the target authority and the block authority;
an authority deduplication unit: the de-duplication module is used for de-duplicating the merging authority to acquire the de-duplication authority of the merging authority;
an authority information determination unit: the authority information of each service block is obtained according to the length of the de-duplication authority and the length of the combination authority;
a service block display unit: the target service block is used for displaying the target service block of the user according to the authority information;
the block authority comprises at least one user authority; the obtaining of the merging authority of each service block according to the target authority and the block authority comprises:
generating a first permission array;
converting the target authority and each block authority into a preset format to obtain a target authority parameter and a block authority parameter;
and storing the target authority parameters and the block authority parameters into the first authority array to obtain the merging authority.
13. An electronic device, characterized in that the electronic device comprises a memory and a processor, the memory stores a computer program, and the processor implements the block access control method of any one of claims 1 to 10 or the authentication method of claim 11 when executing the computer program.
14. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the block access control method of any one of claims 1 to 10, or the authentication method of claim 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211611832.8A CN115688195B (en) | 2022-12-15 | 2022-12-15 | Block access control method, authentication method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211611832.8A CN115688195B (en) | 2022-12-15 | 2022-12-15 | Block access control method, authentication method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115688195A CN115688195A (en) | 2023-02-03 |
| CN115688195B true CN115688195B (en) | 2023-04-07 |
Family
ID=85055988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211611832.8A Active CN115688195B (en) | 2022-12-15 | 2022-12-15 | Block access control method, authentication method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115688195B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020497A (en) * | 2011-09-20 | 2013-04-03 | 镇江金软计算机科技有限责任公司 | RBAC (Role-Based Access Control) model based temporary authorizing system |
| CN112199656B (en) * | 2020-12-03 | 2021-02-26 | 湖北亿咖通科技有限公司 | Access authority acquisition method of service platform and access control method of service platform |
| CN114528274A (en) * | 2022-01-28 | 2022-05-24 | 深圳希施玛数据科技有限公司 | Authority management method and related device |
| CN114880678A (en) * | 2022-04-13 | 2022-08-09 | 南京苏宁加电子商务有限公司 | Rights management method, apparatus, device and storage medium |
| CN115114643B (en) * | 2022-06-30 | 2025-03-11 | 广东横琴数说故事信息科技有限公司 | A row-column level data authority management and access query method and system |
-
2022
- 2022-12-15 CN CN202211611832.8A patent/CN115688195B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115688195A (en) | 2023-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8219575B2 (en) | Method and system for specifying, preparing and using parameterized database queries | |
| US9015494B2 (en) | Methods and apparatus for digital steganography | |
| US20150066873A1 (en) | Policy based deduplication techniques | |
| US11373343B2 (en) | Systems and methods of generating color palettes with a generative adversarial network | |
| CN115905168B (en) | Self-adaptive compression method and device based on database, equipment and storage medium | |
| CN114996675A (en) | Data query method and device, computer equipment and storage medium | |
| CN116842012A (en) | Method, device, equipment and storage medium for storing Redis cluster in fragments | |
| CN111898135A (en) | Data processing method, data processing apparatus, computer device, and medium | |
| CN116263659A (en) | Data processing method, apparatus, computer program product, device and storage medium | |
| CN114357032A (en) | Data quality monitoring method and device, electronic equipment and storage medium | |
| CN115688195B (en) | Block access control method, authentication method, device, equipment and storage medium | |
| CN112445873B (en) | List display processing method, related device, equipment and medium | |
| CN112487039B (en) | Data processing method, device, equipment and readable storage medium | |
| US20240320587A1 (en) | System for quantitative software risk determination and visualization | |
| CN111984631A (en) | Production data migration method, device, computer equipment and storage medium | |
| CN113742582B (en) | Resource processing method, device, electronic device and storage medium | |
| WO2024210843A1 (en) | A fast convolution algorithm for composition determination | |
| CN114238218A (en) | Bidding data processing method, device, computer equipment and storage medium | |
| CN116136844A (en) | Entity identification information generation method, device, medium and electronic equipment | |
| CN115827093A (en) | Data processing method and related equipment | |
| CN113674083A (en) | Internet financial platform credit risk monitoring method, device and computer system | |
| US9654140B1 (en) | Multi-dimensional run-length encoding | |
| CN118034629B (en) | LED display screen splicing optimization method and device, electronic equipment and medium | |
| CN115378601B (en) | Webpage URL encryption and decryption methods and devices, storage medium and electronic equipment | |
| CN118642688B (en) | Method and device for processing comment private message data on multiple social media platforms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |