权限控制
2017-05-22 本文已影响0人
流风夜雪
RBAC模式进行权限控制,即(Role-Based Access Control)基于角色的访问控制。
实现权限访问控制的基本思路:
1.user表(用户表)
2.role表(角色)
3.department表(部门表)
3.page表(页面表)
user:
user_name
department
roles
role:
name
department
department:
name
page:
name
roles
根据权限 返回模板
example:
user表
{
"_id" : ObjectId("5922c71ded9d322b2c304799"),
"user_name" : "hepeng@vipkid.com.cn",
"department" : "mk",
"roles" : [
"cltB",
"mkB"
],
"__v" : 0
}
```
department表
```
/* 1 */
{
"_id" : ObjectId("5922c85a0597852cd46f82fb"),
"name" : "mk",
"__v" : 0
}
/* 2 */
{
"_id" : ObjectId("5922c86287b4c20ad8015eee"),
"name" : "clt",
"__v" : 0
}
/* 3 */
{
"_id" : ObjectId("5922c879b10c4d39aca1abdc"),
"name" : "company",
"__v" : 0
}
```
page表
```
/* 1 */
{
"_id" : ObjectId("5922c8b74cd5c238c0d9b0a0"),
"name" : "clt_page1",
"roles" : [
"company",
"cltA",
"cltB",
"cltC"
],
"__v" : 0
}
/* 2 */
{
"_id" : ObjectId("5922c8c63257a93abc25ca3d"),
"name" : "clt_page2",
"roles" : [
"company",
"cltA",
"cltB"
],
"__v" : 0
}
/* 3 */
{
"_id" : ObjectId("5922c8d12860b50390ab915b"),
"name" : "clt_page3",
"roles" : [
"company",
"cltA"
],
"__v" : 0
}
/* 4 */
{
"_id" : ObjectId("5922c8df76e3ee26a0cde0b6"),
"name" : "mk_page1",
"roles" : [
"company",
"mkA"
],
"__v" : 0
}
/* 5 */
{
"_id" : ObjectId("5922c8f172914f3b4c7bb6ff"),
"name" : "mk_page2",
"roles" : [
"company",
"mkA",
"mkB"
],
"__v" : 0
}
```
roles表
```
/* 1 */
{
"_id" : ObjectId("5922c764f52b6e1520ade644"),
"name" : "cltA",
"department" : "clt",
"__v" : 0
}
/* 2 */
{
"_id" : ObjectId("5922c7be2ea65f3b2c8448ef"),
"name" : "mkA",
"department" : "mk",
"__v" : 0
}
/* 3 */
{
"_id" : ObjectId("5922c7d1b26b830dec0e59ea"),
"name" : "cltB",
"department" : "clt",
"__v" : 0
}
/* 4 */
{
"_id" : ObjectId("5922c7d731c9560e1c306498"),
"name" : "cltC",
"department" : "clt",
"__v" : 0
}
/* 5 */
{
"_id" : ObjectId("5922c80092be370154c93f25"),
"name" : "mkB",
"department" : "mk",
"__v" : 0
}
```
1.当访问某个页面的时,判断用户的权限是否有权限访问该页面。
如: 用户hepeng@vipkid.com.cn登录后访问clt_page3 ,clt_page3 能被拥有company 和 cltA权限的用户访问
hepeng@vipkid.com.cn的权限只有cltB 和 mkB 所以无法访问
2.权限(role)是有部门(department)来来区分的。每个department下有一个或者若干个role, 同一department下的role按能访问页面的多少划分。
如clt部门下 有cltA、cltB、cltC、cltD权限,能访问的页面有多到少
cltA能访问clt_page1,clt_page2,clt_page3;
cltB能访问clt_page1,clt_page2;
cltA能访问clt_page1;
