Permission control: the background controls the permissions. how can the foreground intelligently prompt for insufficient permissions? ?

  java, question

Hello everyone, the problem I recently encountered is that different users have different permissions. The judgment principle of this permission is to directly put th e address that each user can access into the database. When users log in, they will first display the corresponding menu according to the corresponding permissions in the database! Then intercept all requests in the interceptor and analyze whether the addresses of the requests match in the database, but now there is a problem

Although this can achieve the problem of authority control, the front desk cannot intelligently prompt and the authority is insufficient! ! ! After being intercepted by the interceptor, if I do not have the permission, I will directly return false. this effect is to click the button, but it has no effect!

The solution I think of now is to judge the return value in the callback function every time I request it. For example, if the return value is 3, it indicates insufficient permissions! However, there are too many such requests in the project now. If each one is judged manually, it is really too troublesome and is not conducive to the development of new functions in the future! I don’t know if there is the same scheme, which can keep the current operation page unchanged, and can pop up the window to indicate that the authority is insufficient? ? (The framework uses SpringMVC plus MyBatis plus EasyUI)

Let me briefly describe how our current architecture is handled: SpringMvc plus Hibernate plus Bootstrap

  1. For the permission system, the essence of our interception is actually URI, which is what we call link. For the menu, a menu usually corresponds to a page, and a button corresponds to a function. In the permission framework, it is required to display different buttons for different users, that is, only people with this permission can see this button, so the problem you mentioned does not exist, and there is only the problem that users force the path.

  2. Aiming at the problem that the user makes a path or URI request by force: firstly, we can know in the background that the user does not have permission to access this path. In our project, access to pages and data are separated, that is, the get method can only retrieve pages (of course, data can also be transferred from the background to the foreground from this get method) . post can only be used as ajax request and only return json data. Then when the user does not have permission to access, we will throw an exception without permission. At this time, the next processing is the “default exception processing center”. At this time, we will judge whether I want to throw a page or json data according to the requested method. The method of throwing a page is relatively simple and will not be described.

  3. Handling exceptions thrown by post methods: We will return a json data to the front end, which handles the following:
    First of all, we will have a unified data format such as:

bracket
 code: '403',
 Message:' You do not currently have permission to operate this function',
 data : {
 .....
 bracket
 bracket

Usually we encapsulate a series of js, like we encapsulate post. We deal with this data format, for example,

callback(data) {
 if(data.code == '200') {
 //display data: showData(data);
 } else if(data.code == '403') {
 //Prompt like pop-up window: showDialog(data.message);
 bracket
 bracket

In this way, you can basically deal with the problems you mentioned.