<>1. Related concepts of authority management

<>1.1 What is permission management

Authority management is an important part of almost all background systems , The main purpose is to control the authority of the whole background management system , The target is employees , Avoid risk problems caused by lack of authority control or improper operation , If the operation is wrong , Data leakage and other issues .

<>1.2 Authority classification

* Back end privilege management
The core of rights management is to service the data changes , So the back end is the key of privilege management
* How does the back end know which user sent the request
:Cookie Technology is the solution of client ,Cookie It is the special information sent by the server to the client , The information is stored in the client as a text file , Then the client will take these special information with them every time they send a request to the server
Session Is another mechanism for recording customer status , The difference is that Cookie Save in client browser , and Session Save on server . When the client browser accesses the server , The server records the client information on the server in some form . This is it. Session. When the client browser accesses again, it only needs to access from the Session Find the status of the customer in
token: It also means token . Create one for each session token( identifier , similar ID), The same will happen token Attached HTTP The head of , according to token Session verification

* Permission design of back end RBAC( Role based access control )
user management
Role management
Authority management

* Front end authority management
Front end authority control , It mainly controls the presentation of the view layer and the requests sent
<>1.3 What is the significance of front-end permissions

If only from the level of being able to modify the data in the database , Just doing control in the back end is enough
The main advantages of front-end authority control are as follows

* Reduce the possibility of illegal operation
* Eliminate unnecessary requests as much as possible , Reduce server stress
* Improve user experience
<>2. Key points of front end authority management

<>2.1 Authority control of menu

In login request , Get user's permission data , Front end according to authority data , Only the menu that the current user can access is displayed

<>2.2 Authority control of interface

If the user is not logged in , Manually input the address of the management interface in the address bar , You need to jump to the login page ;
If the user is already logged in , Manually enter the address that is not within the authority in the address bar , Need to jump to 404 page

<>2.3 Authority control of button

In the permission interface , You also need to update the data based on user permissions , Manage the permissions of the buttons on the page

<>2.4 Request and corresponding permission control

If the user uses unconventional operation , For example, through the browser debugging tool, the buttons that are not within the permissions will be turned into the enabled state to send requests , It should also be intercepted by the front end .