CN114564737A

Movatterモバイル変換

Info

Publication number: CN114564737A
Application number: CN202210122589.7A
Authority: CN
Inventors: 陈之辉; 杨恒
Original assignee: Hunan Tongyou Feiji Technology Co ltd
Current assignee: Hunan Tongyou Feiji Technology Co ltd
Priority date: 2022-02-09
Filing date: 2022-02-09
Publication date: 2022-05-31

Abstract

The invention discloses a method for defining upgrade maintenance authority based on configuration files and variables, which adopts the configuration files as carriers, writes authority entity definition, relation data (authority data AD, version change VC), behaviors, a data table structure, matching rules, data table storage types, default user roles and default role authorities into the configuration files, reads and assembles the configuration data by an upgrade maintenance unit to obtain data in a data table (authority database table) format, and then carries out data change according to the matching rules and the storage types to finally complete upgrade maintenance of a database. The authority system allows user-defined data arrangement through the configuration file, when data of the authority system is not responded, levels need to be arranged, criss-cross authority relation needs to be arranged, role authorities which are consistent with one group of mysterious roles are required to be arranged, the configuration file has good readability for any user, and maintainability is improved.

Description

Method for defining upgrade maintenance authority based on configuration file and variable

Technical Field

The present application relates to the field of electronic information technologies, and in particular, to a method and an apparatus for defining an upgrade maintenance permission based on a configuration file and a variable, a computer device, and a storage medium.

Background

With the development of electronic information technology, a role-based access control technology for authority has appeared, role-based access control (RBAC) is a relatively mature and effective security access strategy facing enterprises at present, authority (increasing, deleting, modifying and checking) for various operations is not directly associated to a specific user, but operation authority is integrated into a role, the user associates the role, the user has all authority of the associated role, and the management of the authority can be simplified; and finally, converting into a solving process for judging whether the value of the logic expression is true or not (whether the user can carry out operation on the function or not). The RBAC scheme is widely applied to application programs of various platforms, and in any multi-user application, the isolation of authority and division of responsibility, different rights and obligations are very similar to real social roles, such as each work post of an enterprise, the layer-by-layer departments above the post, and all the roles are respectively responsible; in one system, roles are created for completing various different works, a user endows roles according to responsibility qualifications, the roles can endow new authorities according to needs and can recover authorities according to needs, and the roles bear the objective relation between visitors and resources in the whole system. For military applications and some applications with higher safety requirements, there are military standard sexuality requirements of reliability, safety, maintainability, testability, supportability and environmental adaptation, and the sexuality requirements conversely also indicate that common applications are missing; under the forward thinking, simple or complex application programs belong to artificial innovative achievements, creativity means uncertainty, cannot be trusted, and is a constraint requiring sexuality. The authority control is that the predefined operation is associated with the user, the system is required to normally operate, and the operation is rejected or allowed to be within the controllable range of the system; the release of the application program is a boundary between production and use, and a use scene is expected as much as possible in the production stage, so that the use cannot be met at one time, the application program is possibly a defect per se and is possibly a new requirement of a user; unlike fixed tangible products, the nature of software applications dictates that the instruction data set delivered is modifiable with minimal modification costs, i.e., system upgrades. The system upgrade is the most important means in the maintenance work of the authority system and even the whole system, and the bug repair, the system optimization and the latest requirement satisfaction can be solved theoretically; the authority system is through the context of the whole application program, the stability of the authority system determines the stability of the application, the reason for error or breakdown of the authority system is not influenced by the authority logic from the structural level, the logic is not invariable, different people can adjust the authority logic at different time according to different requirements, and the robust logic structure can not resist the change of the requirements and the change of the use scene; upgrade maintenance of software products is the best way to get well, and such changes also mean destruction of the original structure, as the more the problem is changed, so many software users refuse to upgrade.

Several methods exist: the established rule method is a clever method for preventing in advance, avoids possible abnormal conditions as much as possible, increases a certain investment in the early stage, can well change from passive to active, is simply and physically increased on the basis of complete logic for subsequent maintenance and upgrade, covers more conditions including normal and abnormal conditions as much as possible, and is maintained and perfected according to established rules. Strong and complete set rule makers generally need to be experienced, have rich related experience and are very familiar with designers of system business logic; when the subsequent service is upgraded, the business needs are certainly started from the design, and finally the contradiction between the business needs and the existing architecture is formed; during system design, too strong design of a set rule is also a large amount of time investment, project cost is not allowed, and the design emphasizes that the project investment in the early stage is far away and indefinite and is also unrealistic; what is more, the design direction cannot meet the direction of the maintenance upgrading requirement or is completely contrary; in general, the root cause of the contradiction between the setting of the established rule and the later maintenance and upgrade comes from the unavoidable time difference, so that the authority system maintains and upgrades the rule, puts the attention on the prior established rule, is only suitable for the established rule and the business needs with little divergence, and is not suitable for the condition that the rule is changed greatly.

The graphical terminal method is characterized in that graphical authority management can be added on the basis of the authority system, and the method can also comprise the upgrading of the authority system, the graphical management has the advantages that complex and disordered authority data can be graphically displayed, then manual flexible management is adopted, no matter how complex a logic circuit is, the management can be greatly simplified and optimized, the upgrading of the authority system can be realized, and the graphical management has the advantage of the authority management of the current version. The direct problem faced by upgrading maintenance is the rights entity and compatibility problem of the new and old versions; the graphical management cannot well solve the problem that the authority entities and logics between the new version and the old version are compatible when the upgrade maintenance is carried out, and the actual use problem is difficult to predict in advance; after all, the graphical management scheme is only that the authority is difficult to manage from a use terminal, as the use time increases, more and more wrong data are generated, so that authority logic is wrong, and the authority system is further confused by introducing complex data cleaning. Generally, the unit granularity of graphical management is not enough, so that the graphical terminal is not suitable for upgrading and maintaining the authority system.

The data migration method is a data copy method in the complex root of the authority system, and the single data does not cause troubles, and the relationship between the data quantity and the data is a main cause that the authority system cannot be upgraded, managed and maintained; in the scene with sufficient deployment time, the existing data of the old version can be backed up through artificial repeated confirmation, the environment of the old version is completely cleared, and the backed-up authority data is imported when the new version is deployed. Old data migration belongs to a simple and rough scheme, and is very time-consuming and labor-consuming; the most fatal place of the manual data migration is that manual operation is easy to make mistakes, mistakes are not easy to find, testing is difficult seriously, serious hidden dangers are buried for the authority relationship network, and finally the authority relationship network is disordered and the system is difficult to maintain and crash. The most fundamental reason that the authority data relationship network cannot directly perform data migration by manpower is the complex relationship among data, which is complex and cannot be cleared up by manpower.

Disclosure of Invention

Based on the above, aiming at the above technical problems, a method, an apparatus, a computer device and a storage medium for defining the upgrade maintenance authority based on the configuration file and the variable are provided, which can solve the contradiction that the established rule of the authority system cannot predict the scene after the upgrade from the source.

In a first aspect, a method for defining upgrade maintenance rights based on configuration files and variables includes:

s1: calling an upgrade maintenance unit to read a configuration file specified by a user, wherein the configuration file comprises a plurality of configuration items, and defining ADF, authority data AD, a data table structure DST, a version change VC, a behavior OP, a matching rule MR, a data table storage type ST, a default user role DUR and a default role association authority DRA for an authority entity respectively;

s2: analyzing and assembling the configuration file: assembling authority data AD, a data table structure DST and a version change VC, processing default user role DUR and default role association authority DRA default data, replacing an authority entity definition ADF, and finishing reading and analyzing data;

s3: matching and writing into a database: finishing the modification of the database table according to the matching rule MR, the data table storage type ST and the data comparison result in the database table;

S4: and (4) completing the upgrade maintenance, and recording the steps S1 to S3 to the log unit in the whole process.

In the foregoing solution, optionally, the upgrading maintenance unit can be executed only in a single process sequence, where the step S1 includes: judging whether other upgrading maintenance unit processes are running or not through the process identification, if the upgrading maintenance unit processes are running, directly ending the execution, and if not, continuing the execution;

after step S1, if the rebild parameter is introduced, the original data is cleared and the data is directly written.

In the foregoing solution, further optionally, the analyzing the assembly configuration file in step S2 specifically includes: s201: analyzing the configuration file to read a target file needing matching of ADF, AD, DST, VC, OP, MR, ST, DUR and DRA;

s202: processing AD and DST data, and adding VC; replacing variable names of AD and DST according to ADF definition to complete the assembly of authority data; checking the consistency of the attributes of the AD and DST data fields, and directly exiting if the attributes are inconsistent;

s203: processing DUR, DRA default data and OP, replacing variables with ID according to ADF, and calculating according to ID rule to obtain all OP of DRA and role association authority data;

s204: integrating the merged DST and VC data into MS, and integrating the replaced and calculated AD, VC, OP, DUR and DRA into MD;

S205: writing the MS and the MD into a database;

s206: and the upgrading maintenance unit process exits and deletes the process identification. In the foregoing solution, further optionally, the upgrading maintenance unit in step S1 can be executed only in a single process sequence.

In the foregoing scheme, further optionally, the step S3 of matching and writing into the database specifically includes: S3-Step 1: starting to operate the database and backing up the database;

judging whether the REBUILD parameters need to be reconstructed or not, and entering a reconstruction Step S3-Step-reconstructed-1 or a structure matching Step S3-Step-Struct-1;

S3-Step-Rebuild-1: cleaning data and structures of relevant database tables;

S3-Step-Rebuild-2: creating a table in a database for the MS;

S3-Step-Rebuild-3: writing MD into the database table, and continuing to execute Step2 after the MD data writing is finished;

S3-Step-Struct-1: checking the field attributes of the MS and 103 tables, wherein the attribute consistency repeatedly indicates that the structure of the database table does not need to be modified, repeatedly executing S3-Step-Struct-1 to check the next, and continuously executing S3-Step-Struct-2 without consistency, wherein the database table does not execute S3-Step-Struct-3; executing S3-Step-Data-1 after the completion;

S3-Step-Struct-2: if the field attribute of the database table is changed and inconsistent, the data table needs to be rebuilt, a transaction is started, a temporary table is created, all data in the original data table are copied to the temporary table, and the data column is consistent with the changed MS; deleting the original table, renaming the temporary table to be the original table name, and submitting the transaction; repeatedly executing S3-Step-Struct-1;

S3-Step-Struct-3: creating a data table for the database and repeatedly executing Step-Struct-1;

S3-Step-Data-1: identifying the ST saving type and the MR matching type of the MD Data table, S3-ST _ NULL executing Step-Data-2, ST _ EQUAL, ST _ NOT _ EXIST executing S3-Step-Data-3;

S3-Step-Data-2: ST _ NULL type execution, judging whether the Data in the database table is empty, if so, executing S3-Step-Data-5, and repeatedly executing S3-Step-Data-1 after completion;

S3-Step-Data-3: according to whether matching and searching successful Data exist in the MR searching database table or not, when matching and searching are successful, the Data of the row of the database table in the memory is marked to be successfully matched, S3-Step-Data-3 is repeatedly executed, S3-Step-Data-5 is executed if matching is unsuccessful, Data is added, and S3-Step-Data-4 is executed after matching is completed;

S3-Step-Data-4: when the database table has Data which is not marked and matched successfully, the ST type is that ST _ EQUAL executes S3-Step-Data-5 deletion; repeatedly executing S3-Step-Data-1, and executing S3-Step2 after the execution is finished;

S3-Step-Data-5: adding the current row of data to a database table and returning to the previous step;

S3-Step-Data-6: deleting the data in the corresponding condition database table and returning to the previous step;

S3-Step 2: executing SQL statements defined in the VC, and updating VERSION to a database;

S3-Step 3: deleting the old database, renaming the temporary database table, updating the backup database into a formal database, and quitting data writing.

In the above scheme, further optionally, the authority entity definition ADF defines all authority variables and IDs corresponding to all authorities, and the authority variable names and IDs comply with the convention of hierarchy, and only have a simple hierarchical relationship; the entity adopts a tree structure, and the variables represent the meaning of the entity and are assisted with annotations; the ID is defined in a reservation mode, 2 16-system representation units represent a valid bit of a permission, the maximum of one permission supports 255 sub-permissions, 00 represents that the sub-permissions are invalid, and only a parent permission needs to be concerned in the situation, and 01-ff represents that the ID of the sub-permissions is valid.

In the above solution, further optionally, the hierarchy of the rights data AD is consistent with the hierarchy defined by the rights entity; the permission data AD is first version data, the version change VC is second version data, the second version data is an upgraded version of the first version data, the permission data AD and the permission data of the version change VC are combined to form a data table, the permission data AD data support identification addition, deletion and SQL, the permission data AD data are correspondingly added and deleted, or SQL sentences are directly used for a database at last; the version change VC also supports changing the data table structure DST, when the data table structure DST is modified, if the field attribute is deleted, the original data table is backed up, and if the field attribute is added, the new field is a default value or null.

In the foregoing scheme, further optionally, the matching rule MR is a field specified by a data table and used for data matching judgment, where matching is successful if the fields defined by matching are consistent, and only the common fields are compared if the fields are not consistent during matching;

the data table save type ST means: for each data table, there is a corresponding data saving type ST, and the data saving supports 3 types, which are: the ST _ NULL type indicates that default data is added when a certain data table is empty; the ST _ EQUAL type indicates that each piece of data can be compared with certain data, and the data can be added and deleted if the data are not added and inconsistent; the ST _ NOT _ EXIST type indicates that each piece of data is newly added when being checked to be absent, and other data are disregarded; the default save type is ST _ NULL, and ST _ EQAUL and ST _ NOT _ EXIST need to match the result of the rule MR when saved.

In a second aspect, a system for defining upgrade maintenance rights based on a configuration file and variables, the system comprising:

a configuration file module: for defining rights entities, associations and default data;

upgrading the maintenance unit module: the interface is used for system calling, is responsible for analyzing entity, relation, structure, authority behavior and data storage type configuration files, and is used for writing data results into an authority database table;

A database table module: the system is used for bearing calculation results of authority entities and relations in the process of upgrading and maintaining, and comparing old version data in the process of upgrading and maintaining again;

a log unit module: the system is used for recording the configuration file read by the upgrading maintenance unit, analyzing and assembling the configuration file and matching the configuration file and writing the configuration file into the database.

In a third aspect, a computer device comprises a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:

s1: calling an upgrade maintenance unit to read a configuration file, wherein the configuration file comprises an authority entity definition ADF, authority data AD, a data table structure DST, a version change VC, a behavior OP, a matching rule MR, a data table storage type ST, a default user role DUR and a default role association authority DRA;

s2: analyzing and assembling the configuration file: assembling authority data AD, a data table structure DST and a version change VC, replacing an authority entity definition ADF, processing default user role DUR and default role association authority DRA default data, replacing the authority entity definition ADF, and finishing reading and analyzing data;

In a fourth aspect, a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of:

s4: and completing upgrade maintenance, and recording the steps S1 to S3 to a log unit.

The invention has at least the following beneficial effects: the method adopts a configuration file as a carrier, writes authority entity definition, relational data (authority data AD, version change VC), behaviors, a data table structure, a matching rule, a data table storage type, a default user role and a default role authority into the configuration file, reads and assembles the configuration data by an upgrade maintenance unit to obtain data in a data table (authority database table) format, then carries out data change according to the matching rule and the storage type, and finally completes upgrade maintenance of the database; data in the file undertakes analysis and use of artificial modification and upgrading maintenance programs, the authority system allows user-defined data arrangement through the configuration file, when data corresponding to the authority system is not needed, hierarchy is required to be arranged, criss-cross authority relation is required to be arranged, role authorities like a group of mess are required, the configuration file has good readability for any user, and maintainability is improved. When a design developer performs version iteration, the data of the authority system can only be operated by adding, deleting and modifying the data, the old version of the version iteration is usually on-line, the old version of the version iteration is always on-line, the old version of the version iteration has customer valuable data, the database is very dangerous to directly operate manually, and the upgrade maintenance only needs to be performed by abandoning or completely repeating the data. For maintainers or users of the authority system, the complex relation between authorities is difficult to use, the method of the configuration file enables the maintenance and the use to be customizable and more convenient, and the authority can be smoothly and safely upgraded and maintained in a default mode without any modification.

Drawings

Fig. 1 is a schematic flowchart of a method for defining upgrade maintenance permissions based on configuration files and variables according to an embodiment of the present invention;

fig. 2 is a second flowchart of a method for defining upgrade maintenance rights based on a configuration file and a variable according to an embodiment of the present invention;

fig. 3 is a schematic flowchart of a specific process of parsing an assembly configuration file according to a method for defining an upgrade maintenance permission based on the configuration file and a variable according to an embodiment of the present invention;

fig. 4 is a schematic flowchart illustrating a specific process of matching and writing to a database according to a method for defining upgrade maintenance permissions based on configuration files and variables according to an embodiment of the present invention;

fig. 5 is a schematic flowchart illustrating specific flowchart of developing a default role permission of a method for defining an upgrade maintenance permission based on a configuration file and a variable according to an embodiment of the present invention;

fig. 6 is a schematic flowchart of a specific process of an upgrade maintenance unit of a method for defining an upgrade maintenance right based on a configuration file and a variable according to an embodiment of the present invention;

FIG. 7 is a diagram of the internal structure of a computer device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.

In an embodiment, as shown in fig. 1, a method for defining an upgrade maintenance right based on a configuration file and a variable is provided, which includes the following steps:

before S1, it is determined whether there is any other upgrade maintenance unit process running through the process identifier, if there is any upgrade maintenance unit process running, this execution is directly ended, otherwise, the execution is continued, and the authority entity definition ADF, the authority data AD, the data table structure DST, the version change VC, the behavior OP, the matching rule MR, the data table save type ST, the default user role DUR, and the default role association authority DRA are written into the configuration file. The upgrade maintenance unit may not run multiple processes at the same time but should be executed sequentially by a single process.

Wherein each profile data description: rights entity defines adf (access define): all authority variables and IDs corresponding to all authorities are defined, authority variable names and IDs must comply with the convention of the hierarchy, only a simple hierarchical relation exists, and other associations are not allowed; the purpose of the scheme is to maintain and manage, and the variable definition of the entity mainly solves the problem that old data is not readable when maintaining and managing; the entity definition mainly comprises variables and ID, the entities adopt tree structures, and the variables must represent entity meanings and be annotated as well as not be abbreviated as much as possible; the ID is defined in a reserved mode, 2 16-ary represents a valid bit of a permission, so that a permission supports 255(16 x 16-1) child permissions at maximum, 00 represents that the child permission is invalid, and in this case, only the parent permission needs to be concerned, and 01 to ff represent that the ID of the child permission is valid.

For example, the authorized entities are defined as follows:

#define RBAC_SPECIAL_BASE_INDEX 0x010000000

#define RBAC_DASHBOARD 0x001000000

#define RBAC_DASHBOARD_P1 0x001010000

#define RBAC_DASHBOARD_P2 0x001020000

#define RBAC_DASHBOARD_P3 0x001ff0000

RBAC _ SPECIAL _ BASE _ INDEX represents an authority root node, 0x001000000 represents a primary authority, the primary authority belongs to the highest authority, the root node does not represent any authority meaning and is only used for partial calculation, 0x001010000 represents a secondary authority, and all the authorities belong to child nodes of the root node; RBAC _ DASHBOARD _ P1, RBAC _ DASHBOARD _ P2, RBAC _ DASHBOARD _ P3 belong directly to RBAC _ DASHBOARD; if the sub-authority of the RBAC _ DASHBOARD needs to be found, only the target authority needs to be AND-operated with the RBAC _ DASHBOARD, and the result is consistent with the RBAC _ DASHBOARD and belongs to the sub-authority; and the variable name RBAC _ DASHBOARD may know from the variable definition that it is a top page; the authority entity is used in the authority relationship and the data definition, the authority entity is replaced by the ID when the upgrade maintenance unit analyzes, the ID is used for matching, and finally the ID is written into the database. Authority data ad (access data): the simple hierarchical relation of the entity definition is only used for increasing readability and is not the basis of the relation of the database table, the definition of the authority data determines the authority data relation of the database table, and a similar database table format is adopted; however, the hierarchy of the authority relationship must be consistent with the hierarchy defined by the authority entity, and if the definition is not defined according to the hierarchy, the maintenance difficulty of the authority system is increased after the data size is increased. In addition to the hierarchical relationship of the authority, the relationship data can also define the name and the sequence of the authority, if a certain authority needs to be deleted in the version maintenance process, the data in the AD can be deleted or annotated, the ADF still remains, the AD can be easily recovered only by adding the AD when the AD needs to be recovered, and the authority of the AD is considered invalid if the ADF does not exist.

Data table structure dst (data structure): the data table structures of RBAC authority, user, role and the like can also be self-defined data tables; the table structure also supports changes when versions change, but is not recommended.

Version change vc (version changes): the permission data AD belongs to initial data, namely data of a first version, the version change VC is the change of a subsequent upgrading version, the permission data AD and the permission data VC are combined to form a certain data table, the AD data supports identification addition, deletion and SQL, the AD data is correspondingly added and deleted, and SQL sentences can be directly used for a database at last. The VC also supports the change of a data table structure DST, when the DST is modified, if the field attribute is deleted, the source data table is backed up, and if the field attribute is added, the new field is a default value or null; the VERSION change VC is read by comparing it with the VERSION parameter of 102, and only the VERSION change matching the VERSION and the smaller VERSION change of VERSION are read in consideration of VERSION rollback.

Behavior op (operation): AD and VC belong to the core of the whole upgrading maintenance management and authority control authentication, authority entity data belong to the brain center of the whole authority system, each function of the system is equivalent to a limb, and an action OP is a neural network connecting the AD and the VC; the authority AD and the behavior OP are expressed in a 1-to-n relationship, the OP is not defined and multiplexed, and is similar to the AD and the VC, the OP is also in a data table format and comprises the AD and a pair of key values, the key values represent a behavior type and a behavior keyword, and finally the authority system calculates an authority authentication result according to the behavior type and the keyword; the OP may be identified by the upgraded maintenance unit as adding a delete in the VC, but the rights system or other management unit does not allow the change; the permission behavior types mainly comprise menus, pages, buttons, interfaces, remote interfaces and the like.

Matching rule mr (matching rule): specifying fields for data matching judgment for a certain data table, considering that matching is successful if the fields defined by matching are consistent, and only comparing the common fields if the fields are inconsistent during matching; all fields of a data table are matched by default.

Data table storage type st (save type): for each data table, there is a corresponding data saving type ST, and the data saving currently supports 3 types, ST _ NULL (save type: insert default value while table NULL), ST _ EQUAL (check every data, insert if NOT EXIST), ST _ NOT _ EXIST (check data, insert if NOT EXIST); the ST _ NULL type indicates that default data is added when a certain data table is empty; the ST _ EQUAL type indicates that each piece of data can be compared with certain data, and the data can be added and deleted if the data are not added and inconsistent; the ST _ NOT _ EXIST type indicates that each piece of data is newly added when being checked to be absent, and other data are disregarded; the default save type is ST _ NULL, ST _ EQAUL and ST _ NOT _ EXIST save the result that MR is needed.

Default user role, DUR (default user role): the default supported user table, role table, and user role relationship table for the RBAC.

Default role association authority dra (default role access): the role default associated authority behavior is that users or roles (some scenes are not only associated with roles, but also directly associated with users, but the standard RBAC is associated with roles, only the association with authority data is discussed here) and the default associated data of the authority data AD, an associated data table needs role ID, authority ID and types (authentication authority and authority giving authority), two processing modes of adding and deleting are defined in role relationship authority DRA configuration, the authority of all the adding modes and the sub-authority thereof are filled in during data assembly, the authority of all the deleting modes and the sub-authority thereof are removed, a certain large module is usually needed to be added, the authority of the adding module can be automatically filled in the module and the sub-authority thereof, the added module does not belong to the first-level authority and cannot be associated with the first-level authority step by step under the role thereof, and the self module is associated with the step by step upwards; if a certain small module needs to be removed, the small module and the sub-authority thereof need to be removed, and the simple deletion is meaningless, and the method for defining the DRA standard is to add a large module and remove the small module.

The database table is used for outputting calculation results of authority entities and relations during carrying upgrading maintenance, and is also used for comparing old version data during upgrading maintenance again; in order to protect the data consistency, the upgrading maintenance unit forbids other units to read and write the database when running.

The log unit is used for recording files and matching data analyzed by theupgrade maintenance unit 102, and recording if an unpredictable error occurs in the execution process of theupgrade maintenance unit 102; the value range is 0-15, 1 represents an information log, 2 represents a warning log, 4 represents an error log, and 8 represents a debugging log. If the error LOG and debug LOG need to be enabled, the configuration LOG is 12, and 0 means that no LOG is enabled.

The method comprises the following steps of adopting a configuration file as a carrier, writing authority entity definition, relational data (authority data AD and version change VC), behaviors, a data table structure, a matching rule, a data table storage type, a default user role and a default role authority into the configuration file, reading and assembling the configuration data by an upgrade maintenance unit to obtain data in a data table (authority database table) format, then carrying out data change according to the matching rule and the storage type, and finally finishing upgrade maintenance of a database; data in the file undertakes analysis and use of artificial modification and upgrading maintenance programs, the authority system allows user-defined data arrangement through the configuration file, when data corresponding to the authority system is not needed, hierarchy is required to be arranged, criss-cross authority relation is required to be arranged, role authorities like a group of mess are required, the configuration file has good readability for any user, and maintainability is improved. When a design developer performs version iteration, the data of the authority system can only be operated by adding, deleting and modifying the data, the old version of the version iteration is usually on-line, the old version of the version iteration is always on-line, the old version of the version iteration has customer valuable data, the database is very dangerous to directly operate manually, and the upgrade maintenance only needs to be performed by abandoning or completely repeating the data. For maintainers or users of the authority system, the complex relation between authorities is difficult to use, the method of the configuration file enables the maintenance and the use to be customizable and more convenient, and the authority can be smoothly and safely upgraded and maintained in a default mode without any modification.

In one embodiment, as shown in fig. 2, upgrademaintenance unit 102 reads ADF, AD, DST, VC, OP, MR, ST, DUR, DRA ofconfiguration file 101, assembles AD, DST, and VC, replaces ADF with default data processing for DUR, DRA, and replaces ADF, where ADF defines AD, DST, VC to be used in ADF, AD, DST, VC to be replaced when assembled, DUR, DRA to be used in ADF, and DUR, DRA to be replaced. Finishing the reading and analysis of the data; if the REBUILD parameters are transmitted, the original data are cleared and the data are directly written, otherwise, the database table modification is completed according to the ST and MR rules and the data comparison result of thedatabase 103 table by table, and the log is output to theserver 104 through the whole-course record.

As shown in fig. 3, the step of analyzing the parameters and the configuration file by theupgrade maintenance unit 102 is as follows:

in the scheme, configuration analysis, combination and calculation including structure and data are required;

intermediate table structure ms (middle structure): mainly through the combination of the data table structure DST and the version change VC.

Intermediate table data md (middle data): AD. VC, OP, DUR and DRA are subjected to replacement, combination and integration processing.

Step 1: theupgrade maintenance unit 102 is executed or invoked.

Step 2: judging whether otherupgrading maintenance unit 102 processes are running or not through the process identification, wherein the running 102 processes are directly finished in the execution, and otherwise, the execution is continued; judging whether the configuration file can be normally opened, whether the configuration structure of the data table is normal (fields, types, lengths and the like) and whether the data structure is normal (field attributes and data), and if not, directly finishing; and judging whether the 103 VERSION meets the target VERSION, and finishing directly.

Step 3: the received parameters DB _ PATH, LOG, VERSION, REBUILD are parsed 102.

Step 4: parsing 101 the configuration file reads ADF, AD, DST, VC, OP, MR, ST, DUR, DRA, VC needs to match VERSION.

Step 5: processing AD and DST data, and adding VC; replacing variable names of AD and DST according to ADF definition to complete the assembly of authority data; and checking the consistency of the attributes of the AD data field and the DST data field, and directly exiting when the inconsistency exists.

Step 6: and processing DUR, DRA default data and OP, replacing variables with ID according to ADF, and calculating all OP of DRA according to ID rule to obtain role association authority data.

Step 7: and integrating the merged DST and VC data into MS, and integrating the replaced and calculated AD, VC, OP, DUR and DRA into MD.

Step 8: and writing the MS, MD to 103 data table.

Step 9: 102, quitting the process and deleting the process identification; otherwise, if there is an abnormal condition, only the process identifier is deleted, and the process identifier is not updated 103, and all information, warnings, errors, and debug logs are reflected in 104.

Having completed parsing and assembling the profile data, FIG. 4 will illustrate if the assembled data is written to a database.

As shown in fig. 4, theupgrade maintenance unit 102 matches the MS and MD with thedatabase 103 and writes the procedures:

Step 1: startoperation 103,backup 103; and judging whether the REBUILD parameters need to be reconstructed or not, and entering a reconstruction Step-reconstructed-1 or a structure matching Step-Structure-1.

Step-Rebuild-1: and cleaning up the data and the structure of the relevant 103 table.

Step-Rebuild-2: a table is created at 103 for the MS.

Step-Rebuild-3: and writing the MD to the 103 table, and continuing to execute Step2 after the writing of the MD data is completed.

Step-Struct-1: checking the field attributes of the MS and the 103 table, wherein the attribute is consistent and repeatedly indicates that the 103 table structure does not need to be modified, repeatedly executing Step-Struct-1 to check the next one, continuously executing Step-Struct-2 if the attribute is inconsistent, and executing Step-Struct-3 if the 103 table does not exist; after completion, Step-Data-1 is executed.

Step-Struct-2: 103, if the field attribute of the table is changed and inconsistent, the data table needs to be rebuilt, a transaction is started, a temporary table is created, all data in the original data table are copied to the temporary table, and the data column is consistent with the changed MS; deleting the original table, renaming the temporary table to be the original table name, and submitting the transaction; and repeatedly executing Step-Struct-1.

Step-Struct-3: a data table is created for 103 and Step-Struct-1 is repeatedly performed.

Step-Data-1: and identifying the ST saving type and the MR matching type of the MD Data table, executing Step-Data-2 by ST _ NULL, and executing Step-Data-3 by ST _ EQUAL and ST _ NOT _ EXIST.

Step-Data-2: ST _ NULL type execution, judging whether the Data in the table 103 is empty, if so, executing Step-Data-5, and repeatedly executing Step-Data-1 after completion.

Step-Data-3: and (3) according to whether the MR is used for searching the 103 table, marking that the Data in the 103 table in the memory is successfully matched when the matching is successfully searched, repeatedly executing Step-Data-3, increasing Data when the Step-Data-5 is unsuccessfully executed, and executing Step-Data-4 after the matching is finished.

Step-Data-4: 103, when the Data which is not marked to be successfully matched exists in the table, the ST type is that ST _ EQUAL executes Step-Data-5 deletion; Step-Data-1 is repeatedly executed, and Step2 is executed after the execution is completed.

Step-Data-5: and adding the current row data to the 103 table and returning to the previous step.

Step-Data-6: and deleting the data in thecorresponding condition 103 table and returning to the previous step.

Step 2: and executing SQL statements defined in the VC and updating VERSION to 103.

Step 3: deleting theold version 103, renaming the temporary 103 table, updating the backup 103 to the normal 103, and quitting the data writing.

The detailed process of the upgrading maintenance unit is described above, the main object of the whole upgrading maintenance scheme management is the authority database table, the entrance is the configuration file, and the purpose of maintaining the authority data can be achieved only by maintaining the configuration file during each upgrading maintenance; the upgrading maintenance unit is only operated during upgrading maintenance, the operation duration is controlled to be completed within 1 minute, more interaction is not needed, and the operation process is not blocked or deadly.

And (3) expanding the default role authority: the DRA is an authority possessed by a default role, the DRA adopts a simplified definition, and 102 is processed and expanded, and the DRA expansion is as shown in fig. 5:

step 1: the default permission deployment begins executing the call.

Step 2: MD is empty or DRA is defined as empty and exits directly; find the DRA of the MD (which has replaced the ID), add the mode permission, and transfer the current permission to execute Step3 to obtain all the added mode permissions.

Step 3: and adding a mode authority Parent authority ID set, and executing Step-Parent-1 to obtain a Parent authority set to continue executingStep 4.

Step-Parent-1: performing AND operation on the incoming permission and 0xff, judging whether the result is 0 or not, and executing Step-Parent-2 when the result is 0; if not, executing Step-Parent-3.

Step-Parent-2: when the value is 0, the right shift is carried out for 1 time by 8 bits, the right shift times are recorded, and Step-Parent-1 is repeatedly executed.

Step-Parent-3: and right shift is performed by 8bits 1 time, and left shift records are performed by 8 bits for the second time to obtain a parent authority.

Step-Parent-4: and judging to obtain the Parent permission, comparing the Parent permission with 0x010000000, returning the Parent permission set to Step3 if the Parent permission is equal, adding the Parent permission to the Parent permission set if the Parent permission is not equal, and repeatedly executing Step-Parent-3.

Step 4: adding mode authority to search the child authority and the parent authority defining the authority, executing Step-Add-1 to obtain all the child authority and parent authority information, and continuing to execute Step 5.

Step-Add-1: and (3) transmitting an authority and parent authority set, searching the AD of the MD, comparing the AD with the transmitted authority and the parent authority, and executing Step-Add-2.

Step-Add-2: and carrying out AND operation on the incoming permission ID and the permission ID of the AD, judging that the result is equal to the incoming permission ID and belongs to the child permission of the incoming permission, or judging that the permission ID of the AD belongs to the parent permission of the incoming permission in the parent permission set, repeatedly executing Step-Add-1, and returning all the adding mode permissions to Step4 after the execution is finished.

Step 5: searching for the exclusion mode authority, executing Step-Del-1, transmitting all the addition mode authorities and the current exclusion mode authority, and executing Step6 after the completion.

Step-Del-1: and searching all the adding mode authorities, and executing Step-Del-2 and the current eliminating mode authority to match with the operation.

Step-Del-2: and performing AND operation on the exclusion mode authority ID and the addition mode authority ID, and excluding the corresponding authority if the result is equal to the exclusion mode authority ID.

Step-Del-3: and after the mode authority is added and the searching is completed, carrying out post-deletion processing.

Step-Del-4: the addition mode authority which is already subjected to deletion processing has the condition that any leaf (lowest level) authority does not exist, and the addition mode authority needs to be deleted in a first level and a second level; searching for sibling nodes (there is still no deletion of sibling nodes); and obtaining a direct father node of the exclusion mode node, circularly right shifting 8 bits to 0xff, performing 8 bits right shifting 1 time, and left shifting 8 bits corresponding to times.

Step-Del-5: searching the authority which is not equal to the direct father node in the adding pattern authority ID, but is equal to the direct father node after being matched with the operation, and indicating that the direct father node still has a direct child node, namely a brother node.

Step-Del-6: and the direct father node of the removal mode in the adding mode can not be found, and Step-Del-4 is executed in a circulating mode until all the adding mode authorities are processed.

Step 6: and storing the data obtained by combining the adding mode and the removing mode in the default role authority data of the MD, calling to quit, and returning the data to the main process.

If no special jump explanation exists, the method is directly executed in sequence, and some processing modes appearing for multiple times in the process are partially omitted, such as matching with operation, adding a mode, excluding a mode and the like;

and operation is carried out to judge whether the target authority belongs to the sub-authority: comparing the current authority ID and the target authority ID with the current authority ID, and comparing the operation result with the current authority ID, wherein the equal represents that the target authority belongs to the word authority (the target authority is also regarded as the sub-authority), and the unequal represents that the target authority does not belong to the sub-authority.

Finding parent authority: 2 bits with 16 bits represent valid permissions, namely 8 bits with 2 bits, therefore, 8 bits circularly right-shifted for 1 time represent to remove 2 0 bits on the right, right-shifted to and 0xff to carry out AND operation to determine whether the last 2 bits are 0 or not, so as to search all father permissions;

And (4) directly father node: the first parent authority node of one authority, leaf node representation and 0xff and operation are not 0, no child node is already available, and the lowest level authority is obtained.

In one embodiment, a system for defining upgrade maintenance rights based on configuration files and variables is provided, comprising the following program module configuration file modules: for defining rights entities, associations and default data;

For specific limitations of an apparatus for defining upgrade maintenance authority based on configuration files and variables, see the above limitations on a method for defining upgrade maintenance authority based on configuration files and variables, which are not described herein again. The modules in the above device for defining the upgrade maintenance authority based on the configuration file and the variables may be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

In one embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of upgrading maintenance rights based on a configuration file and a variable definition.

In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 7. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a method of upgrading maintenance rights based on a configuration file and a variable definition. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the configuration shown in fig. 7 is a block diagram of only a portion of the configuration associated with the present application, and is not intended to limit the computing device to which the present application may be applied, and that a particular computing device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer device is provided, which includes a memory and a processor, the memory storing a computer program, and relates to all or part of the flow of the method of the above embodiment.

In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, relating to all or part of the flow in the method of the above embodiment.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.

All possible combinations of the technical features in the above embodiments may not be described for the sake of brevity, but should be considered as being within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.

Claims

1. A method for defining upgraded maintenance rights based on configuration files and variables, the method comprising:

s1: calling an upgrade maintenance unit to read a configuration file specified by a user, wherein the configuration file comprises a plurality of configuration items, and defining ADF, authority data AD, a data table structure DST, version change VC, behavior OP, a matching rule MR, a data table storage type ST, a default user role DUR and a default role association authority DRA for an authority entity respectively;

S2: analyzing and assembling the configuration file: assembling authority data AD, a data table structure DST and a version change VC, processing default user role DUR and default role association authority DRA data, defining ADF by a replacement authority entity, and finishing reading and analyzing data;

s4: and completing upgrade maintenance, and recording the steps S1 to S3 to the log unit.

2. The method according to claim 1, wherein the step S1 is preceded by: judging whether other upgrading maintenance unit processes are running or not through the process identification, if the running upgrading maintenance unit processes exist, directly ending the execution, and if not, continuing the execution;

3. The method according to claim 1, wherein the step S2 of parsing the assembly configuration file specifically includes: s201: analyzing the configuration file to read a target file needing matching of ADF, AD, DST, VC, OP, MR, ST, DUR and DRA;

s205: writing the MS and the MD into a database;

s206: and the upgrading maintenance unit process exits and deletes the process identification.

4. The method of claim 1, wherein the step S3 of matching the write database specifically includes: S3-Step 1: starting to operate the database and backing up the database;

S3-Step-Rebuild-1: cleaning data and structures of relevant database tables;

S3-Step-Rebuild-2: creating a table in a database for the MS;

5. The method according to claim 1, wherein the authority entity definition ADF defines all authority variables and IDs corresponding to all authorities, and the authority variable names and IDs obey hierarchical convention with only simple hierarchical relationship; the entity adopts a tree structure, and variables represent entity meanings and are annotated; the ID is defined in a reservation mode, 2 16-system representation units represent a right valid bit, one right maximally supports 255 sub-rights, 00 represents that the sub-rights are invalid, in this case, only the parent right needs to be concerned, and 01-ff represent that the ID of the sub-rights is valid.

6. The method according to claim 5, characterized in that the hierarchy of rights data AD is consistent with the hierarchy defined by the rights entity; the permission data AD is first version data, the version change VC is second version data, the second version data is an upgraded version of the first version data, the permission data AD and the permission data of the version change VC are combined to form a data table, the permission data AD data support identification addition, deletion and SQL, the permission data AD data are correspondingly added and deleted, or SQL sentences are directly used for a database at last; the version change VC also supports changing the data table structure DST, when the data table structure DST is modified, if the field attribute is deleted, the original data table is backed up, and if the field attribute is added, the new field is a default value or null.

7. The method according to claim 1, wherein the matching rule MR is a data table defining fields for data matching judgment, the matching is considered successful if the fields defined by matching are consistent, and only the common fields are compared if the fields are not consistent during matching;

the data table save type ST means: for each data table, there is a corresponding data storage type ST, and the data storage supports 3 types, which are: the ST _ NULL type indicates that default data is added when a certain data table is empty; the ST _ EQUAL type indicates that each piece of data can be compared with certain data, and the data can be added and deleted if the data are not added and inconsistent; the ST _ NOT _ EXIST type indicates that each piece of data is newly added and the rest of data is disregarded when the data is checked to be absent; the default save type is ST _ NULL, and ST _ EQAUL and ST _ NOT _ EXIST need to match the result of the rule MR when saved.

8. A system for defining upgraded maintenance rights based on configuration files and variables, the system comprising:

A database table module: the system is used for bearing the calculation results of the authority entities and the relations during the upgrade maintenance and comparing the old version data during the upgrade maintenance;

a log unit module: the system is used for recording the configuration file read by the upgrading maintenance unit, analyzing and assembling the configuration file and matching and writing the configuration file into the database.

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.