-
-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authority management #508
Authority management #508
Conversation
src/routes/Dashboard/Monitor.js
Outdated
sm={24} | ||
xs={24} | ||
style={{ marginBottom: 24 }} | ||
> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
改了好多代码格式,还不统一...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个为啥要改。
src/routes/Dashboard/Monitor.js
Outdated
subTitle="销售目标完成率" | ||
total="92%" | ||
/> | ||
<NumberInfo subTitle="销售目标完成率" total="92%" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
都是不必要的改动,建议把编辑器的自动格式化关掉。
不小心被prettier 给来了一下 |
rebase了 一下冲突怎么更多了 |
03e42e2
to
d77fa3d
Compare
thanks for this one! can you also showcase how to manage api token in dva model and how to dispatch actions on other models using the authorized auth token? |
src/components/Authorized/Secured.js
Outdated
ROLE = role; | ||
} | ||
} else { | ||
ROLE = 'All'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
默认不该是全权限吧,应该是无权限
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
我的考虑是 漏写会造成每个页面无法使用。
你说的也有道理
src/components/Authorized/Secured.js
Outdated
return true; | ||
} | ||
if (role.includes('!')) { | ||
const myrole = role.substr(1, role.length - 1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
碰到 '!user, !admin' 这种就挂了
src/components/Authorized/Secured.js
Outdated
* e.g. 'user' 只有user用户能访问 | ||
* e.g. 'user,admin' user和 admin 都能访问 | ||
* e.g. '!user' 除了user 都能访问 | ||
* e.g. '!user,!name'会报错 ! 只能使用一个用户 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这条没找到哪里有代码控制
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
会是全局403。 我表述不清
src/components/Authorized/Secured.js
Outdated
import { Spin } from 'antd'; | ||
import Exception from '../Exception/index'; | ||
|
||
let ROLE = 'ALL'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
默认不该是全权限
@chenshuai2144 感觉目前装饰类和 的用法有点分裂,比如支持的角色这个参数,应该统一下传参类型,像 |
那就去掉如何? |
0844282
to
23efb01
Compare
@chenshuai2144 不是以权限为基点吗?如果是角色的话,不好做通用化配置啊。 |
现在就是基于角色的呀.. |
通过后台获取用户信息以及权限信息,在每个菜单配置该菜单下所需子权限列表,符合则显示该菜单。每个权限可以控制一个页面元素(比如按钮,子组件显示)等等。 |
那也是个字符串对不对. |
的确是字符串,但是因为角色的可变性,如果一个角色所拥有的权限发生变更,以角色为基点的话,对应的页面代码也需要进行变更。但是页面元素所对应的权限是不可变性,即以权限为基点的话,只要变更角色下的权限即可,并不需要页面做编程化变更。 |
换个字符串名字就好了. |
主要区别在于前端是否可以做到用户角色所有权限在发生变更后,代码是否需要相应调整。这个涉及到可维护性的问题。 |
不需要吧 原来是user 变成 admin, |
比如:
关键点在于权限是不可变的,除非你更换了对应页面元素的权限编码。 |
给个demo?,我无法理解这个意思. |
在开发过程中或者系统维护过程中,经常会发生角色的权限发生变更的情况。 如果单纯以角色来作为基点设计这个前端的话,会出现角色下权限变更后需要修改前端代码的情况。 |
我也考虑过这个问题. |
我之前的一个系统就是基于权限来考虑的。 大概的思路就是:
|
* Increase the sliding menu * Add a simple animation * update mobile menu * update * update * update * rebase master * recovery import/first
Change "ALL" to "NONE" Remove the "!" Support After landing successfully reload Reset the format
😄 unified router and Secured parameters 😭 loginOut logout also changed to reload
2069b71
to
8ef57db
Compare
其实要么按#1276改造,只是与官方的思路不一致,比较别扭。 import RenderAuthorized from 'ant-design-pro/lib/Authorized'; const Authorized = RenderAuthorized('user'); ReactDOM.render( 那这里就需要我们登录的时候把用户角色和资源权限动态关系同步设置到前端。 目前来看,还是只能改造。。 |
@WhatAKitty @chenshuai2144 关于权限管理我的思路是这样 正在这么弄,不知道这种实现有没有问题? |
举个例子:企业OA系统是一个产品,对不同的企业来说,角色是不一样的。我们之前包括现在的项目基本上都实现有角色管理功能,允许企业管理员任意增减用户角色,所以在前端页面上写死角色标识是不现实的。其实我说的这种方案前后端耦合比较严重,但是由于历史原因及架构师水平问题,不允许实现为类似ant design pro提供的这种权限方案。 |
Add Authorized component, which contains:
<Authorized>
Can wrap any child which need to take different display strategies according to user's role.Authorized.create
Same as<Authorized>
, just for MenuItem, SubMenu and etc. which can not be wrapped by customized component. (A List ofantd
's components that cannot work with HOC ant-design#4853)<AuthorizedRoute>
A customized component built for<Route>
, based on<Authorized>
.By using of above component/function, we can get an authorized route/menu(and you need to set the acceptable roles in the menu.js/router.js).
#41