Comments (12)
@Leowuqunqun @wanghaisheng
这样可以的。不过APIJSON提供了自动化权限校验,以及各种安全机制来保证后端的安全:
#12
from apijson.
前面再加一层api server来控制吧 用户和库表字段关联起来 字段可以过滤 库表应该可以灵活可配
from apijson.
@TommyLemon 开发者平台之类的要怎么办 文档要手动写了么
from apijson.
@Leowuqunqun
目前APIJSON提供了通用文档(GitHub主页) 和 自动化生成的数据库文档(APIJSON在线解析网页)、非开放请求格式的文档(网页底部),还能自动生成请求代码。
平台确实要写权限配置的文档,打算做一个自动解析model注解生成文档的工具,反正解析也很简单。
如果是内部用,Java后端的model类可以直接给Android客户端用,注解里权限配置很清楚。
@MethodAccess(
POST = {UNKNOWN, ADMIN} //只允许未登录角色和管理员角色新增User,默认配置是 {LOGIN, ADMIN}
)
public class User {}
默认的权限配置在MethodAccess里
/**请求方法权限,只允许某些角色通过对应方法访问
* @author Lemon
*/
@Documented
@Retention(RUNTIME)
@Target(TYPE)
public @interface MethodAccess {
/**@see {@link RequestMethod#GET}
* @return 该请求方法允许的角色 default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] GET() default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#HEAD}
* @return 该请求方法允许的角色 default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] HEAD() default {UNKNOWN, LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#GETS}
* @return 该请求方法允许的角色 default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] GETS() default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#HEADS}
* @return 该请求方法允许的角色 default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
*/
RequestRole[] HEADS() default {LOGIN, CONTACT, CIRCLE, OWNER, ADMIN};
/**@see {@link RequestMethod#POST}
* @return 该请求方法允许的角色 default {LOGIN, ADMIN};
*/
RequestRole[] POST() default {LOGIN, ADMIN};
/**@see {@link RequestMethod#PUT}
* @return 该请求方法允许的角色 default {OWNER, ADMIN};
*/
RequestRole[] PUT() default {OWNER, ADMIN};
/**@see {@link RequestMethod#DELETE}
* @return 该请求方法允许的角色 default {OWNER, ADMIN};
*/
RequestRole[] DELETE() default {OWNER, ADMIN};
}
这是角色属性类RequestRole
/**来访的用户角色
* @author Lemon
*/
public enum RequestRole {
/**未登录,不明身份的用户
*/
UNKNOWN,
/**已登录的用户
*/
LOGIN,
/**联系人,必须已登录
*/
CONTACT,
/**圈子成员(CONTACT + OWNER),必须已登录
*/
CIRCLE,
/**拥有者,必须已登录
*/
OWNER,
/**管理员,必须已登录
*/
ADMIN;
}
感谢支持^_^
from apijson.
@Leowuqunqun
已支持自动生成
数据字典(information_schema.tables,information_schema.columns)、
访问权限(Access.sql)、
远程函数(Funciton.sql)、
非开放请求(Request.sql)
4 种文档,
见自动化接口管理工具 APIJSONAuto 右侧上滑出来的具体文档。
http://apijson.org/
from apijson.
from apijson.
from apijson.
from apijson.
from apijson.
@Leowuqunqun @wanghaisheng APIJSON 3.6.5 已支持直接在数据库 Access 表配置权限,不需要写代码了
https://github.com/APIJSON/APIJSON/releases/tag/3.6.5
from apijson.
@TommyLemon nice
from apijson.
腾讯 APIJSON 的路由插件,对外暴露类 RESTful 接口,内部转成 APIJSON 接口执行。
https://github.com/APIJSON/apijson-router
APIJSON 最新版 5.0.0:
增强各种功能;腾讯负责人公开称赞;登记万科发起的采筑电商
https://github.com/Tencent/APIJSON/releases/tag/5.0.0
from apijson.
Related Issues (20)
- [Ecosystem 生态] apijson-mongodb,NoSQL 数据库 MongoDB 的 APIJSON 插件
- [InfluxDB] APIJSON 新增支持时序数据库(物联网) InfluxDB
- 【CHINA TELECOM **电信】【500 强】天翼云申请了 APIJSON 相关发明专利
- APIJSON 插件 apijson-influxdb 开源,支持物联网时序数据库
- APIJSON 插件 apijson-milvus 开源,支持 AI 向量数据库 Milvus
- APIJSON 6.3 发布,阿里专家推荐・登记企业 +2
- [Bug] APIJSON-DEMO中的Function.sql父类方法名错误 HOT 3
- APIJSON 是否可以集成 dynamic-datasource 作为多数据源的注入 HOT 6
- 【SHEIN】全球跨境电商巨头 SHEIN 内网链接了 APIJSON, apijson-framework, APIJSON-Demo
- 不能生成admin角色的用户 HOT 2
- 希望对apijson事务有一个系统的介绍 HOT 2
- 【Lenovo 联想】【500 强】全球最大电脑厂商联想内网链接了 APIJSON
- [SHEIN] The intranet of China's biggest cross-border e-commerce company SHEIN linked APIJSON and apijson-framework
- [Lenovo][Fortune 500] The intranet of the biggest PC company Lenovo linked APIJSON
- 【Xiaomi 小米】【500 强】内网部署的飞书内部文档链接了 APIJSON-Demo
- [Xiaomi][Fortune 500] Linked APIJSON-Demo in its official Lark(by ByteDance) website
- [CHINA TELECOM][Fortune 500] China's biggest network provider CHINA TELECOM applied an OpenAPI patent for a low-code platform using APIJSON
- 两张表进行内链查询时,第二张表查询生成的库为默认sys HOT 7
- [Bug]字符 getMethodDefination(method,arguments,type,exceptions,language) 对应的远程函数 getMethodDefination(JSONObject request, String method, String arguments, String type, String exceptions, String language) 不在后端 apijson.demo.DemoFunctionParser 内,也不在父类中!如果需要则先新增对应方法! 请检查函数名和参数数量是否与已定义的函数一致! HOT 1
- [ORACLE] 子查询内部默认添加分页语句,导致in函数无法实现,提示Error Msg = ORA-00913: 值过多的报错 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apijson.