Comments (12)
@Leowuqunqun @wanghaisheng
这样可以的。不过APIJSON提供了自动化权限校验,以及各种安全机制来保证后端的安全:
#12
from apijson.
前面再加一层api server来控制吧 用户和库表字段关联起来 字段可以过滤 库表应该可以灵活可配
from apijson.
@TommyLemon 开发者平台之类的要怎么办 文档要手动写了么
from apijson.
@Leowuqunqun
目前APIJSON提供了通用文档(GitHub主页) 和 自动化生成的数据库文档(APIJSON在线解析网页)、非开放请求格式的文档(网页底部),还能自动生成请求代码。
平台确实要写权限配置的文档,打算做一个自动解析model注解生成文档的工具,反正解析也很简单。
如果是内部用,Java后端的model类可以直接给Android客户端用,注解里权限配置很清楚。
@MethodAccess(
POST = {UNKNOWN, ADMIN} //只允许未登录角色和管理员角色新增User,默认配置是 {LOGIN, ADMIN}
)
public class User {}
默认的权限配置在MethodAccess里
/**请求方法权限,只允许某些角色通过对应方法访问
* @author Lemon
*/
@Documented
@Retention(RUNTIME)
@Target(TYPE)
public @interface MethodAccess {
/**@see {@link RequestMethod#GET}
* @return 该请求方法允许的角色 default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] GET() default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#HEAD}
* @return 该请求方法允许的角色 default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] HEAD() default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#GETS}
* @return 该请求方法允许的角色 default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] GETS() default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#HEADS}
* @return 该请求方法允许的角色 default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] HEADS() default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#POST}
* @return 该请求方法允许的角色 default {LOGIN, ADMIN};
*/
RequestRole[] POST() default {LOGIN, ADMIN};
/**@see {@link RequestMethod#PUT}
* @return 该请求方法允许的角色 default {OWNER, ADMIN};
*/
RequestRole[] PUT() default {OWNER, ADMIN};
/**@see {@link RequestMethod#DELETE}
* @return 该请求方法允许的角色 default {OWNER, ADMIN};
*/
RequestRole[] DELETE() default {OWNER, ADMIN};
}
这是角色属性类RequestRole
/**来访的用户角色
* @author Lemon
*/
public enum RequestRole {
/**未登录,不明身份的用户
*/
UNKNOWN,
/**已登录的用户
*/
LOGIN,
/**联系人,必须已登录
*/
CONTACT,
/**圈子成员(CONTACT + OWNER),必须已登录
*/
CIRCLE,
/**拥有者,必须已登录
*/
OWNER,
/**管理员,必须已登录
*/
ADMIN;
}
感谢支持^_^
from apijson.
@Leowuqunqun
已支持自动生成
数据字典(information_schema.tables,information_schema.columns)、
访问权限(Access.sql)、
远程函数(Funciton.sql)、
非开放请求(Request.sql)
4 种文档,
见自动化接口管理工具 APIJSONAuto 右侧上滑出来的具体文档。
http://apijson.org/
from apijson.
from apijson.
from apijson.
from apijson.
from apijson.
@Leowuqunqun @wanghaisheng APIJSON 3.6.5 已支持直接在数据库 Access 表配置权限,不需要写代码了
https://github.com/APIJSON/APIJSON/releases/tag/3.6.5
from apijson.
@TommyLemon nice
from apijson.
腾讯 APIJSON 的路由插件,对外暴露类 RESTful 接口,内部转成 APIJSON 接口执行。
https://github.com/APIJSON/apijson-router
APIJSON 最新版 5.0.0:
增强各种功能;腾讯负责人公开称赞;登记万科发起的采筑电商
https://github.com/Tencent/APIJSON/releases/tag/5.0.0
from apijson.
Related Issues (20)
- 在使用apijson-router 接口权限方案咨询 HOT 10
- [Bug] 批量新增和修改报错417 HOT 2
- [Bug] long类型返回给前端精度丢失问题 HOT 3
- 查询不到数据,出参应该有当前结构而不是什么都不返回怎么设置呢?数据库字段采用驼峰如何设置(除了用字段名映射) HOT 1
- 查询不到数据,期望出参返回key,value为空,而不是什么都不返回怎么设置呢? HOT 7
- [PUT 请求,remarks() 不合法!非开放请求不允许传远程函数 key():"fun()" !] HOT 4
- 如何进行not exists的查询
- 【where条件中有函数和比较运算】 HOT 2
- [Bug] join时 on语句生成时表没有使用别名导致SQL报错 HOT 2
- 【海尔】【500强】卡奥斯工业互联网平台官网备份了 APIJSON
- [Haier][Fortune500] backed up APIJSON on cosmoplat.com
- 远程函数执行结果如何作为数组条件进行传递 HOT 2
- app join查询当in () 主表的数据为空时,导致整个数据都返会空 HOT 3
- 请问现在还支持不导入request,access表吗我按着这里的配置改完之后还是提示不可用 Table 'mysql.access' doesn't exist HOT 2
- PUT, DELETE 请求将除id外的其他字段作为where条件如何使用 HOT 1
- PUT, DELETE 请求将除id外的其他字段作为where条件如何使用 HOT 1
- 多对多关联查询咨询 HOT 2
- post时,远程函数如何拿到自增的id值 HOT 5
- [Bug] "info@":"/[]/info"返回异常 HOT 5
- 请问是否支持SQLite数据库 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apijson.