Skip to content

Discussion and design of Soul-Admin menu and data permission scheme #917

Description

@nuo-promise

Preamble

As the soul user group grows larger and larger, enterprises attach importance to gateway configuration permissions. The
following is a list of added functions:

  • Authentication for soul-admin login
  • Menu permission control
  • Single-page function button permission control

Preparations

  • JWT (Json Web Token)
  • Shiro

Program Logic

  • Login logic
    • The user name and password of the front-end POST are logged in to/login. If an encrypted token is returned, the logon page is redirected if the token fails.
    • After that, you must add the X-Access-Token field to the header to Access each URL request that requires permissions. For example, X-Access-Token: token, the token is the key.
  • Logic after successful login
    • After the login is successful, the frontend sends a Token to the backend to request the user to use the resource interface. The backend obtains the user name from the token, retrieves the resource and returns it to the frontend.

Sequence Diagram of login and resource acquisition

image

User role permission table structure

  • Use existing user tables.
  • role table field description
Field Description
id unique id
role_name role name
description description
  • user_role table field description
Field Description
id unique id
user_id unique user id
role_id role unique id
  • resource table field description
Field Description
id unique id
parent_id parent menu id
title menu name
name frontend route name
url the url used by frontend route
component the name of frontend component
resource_type resource type 0: main menu 1: submenu 2: function button
sort menu display sorting
icon menu usage icon
is_leaf Entry recursion is judged by whether it is leaf or not
is_route whether it is a route (extended use) 1 yes 0 no
perms for example, sys:user:add/ sys:user:edit
status data status 1 is valid and 0 is invalid
  • permission table structure
Field Description
id unique id
objectId role id or user id
permissionType permission type ROLE role permission, USER user permission
resourceId resource id

image

Plan

  • Role, basic permission data currently does not interact with the page, use SQL to insert the default data, and add later; However, the soul-admin backend provides the corresponding add, delete, modify, and query development interface
  • Logon authentication control is preferred
  • User permission menu acquisition and control

Recommendations

  • Whether you need to provide certain permissions based on the time range for a single user but not for a role. eg: 2020-12-29 13:00:00~2020-12-29 14:00:00 a user has the new plug-in permission, and the timeout expires.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions