User-oriented right management method and device, computer device and storage medium
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHENZHEN JINNIU TECH CO LTD
- Filing Date
- 2026-03-04
- Publication Date
- 2026-06-05
Smart Images

Figure CN122152838A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of computer software technology, and in particular to user-oriented rights management methods, devices, computer equipment, and storage media. Background Technology
[0002] In the SaaS (Software as a Service) field, document processing and collaborative office software products generally adopt a "basic free + value-added paid" business model. These systems typically rely on the RBAC (Role-Based Access Control) model to manage user permissions and rights. Currently, the mainstream rights management technology solution in the industry divides users into two categories: individual users and enterprise users. When the backend receives an API rights query request from the frontend, it uses an instant query method to complete the rights determination and data return. The specific process is as follows: first, it queries a database such as MySQL to obtain the user's personal membership status; then, it queries the enterprise / team ID associated with the user to further obtain the corresponding enterprise's membership status; subsequently, in the business code, it uses simple if-else logic to determine the highest value of the rights level between individual and enterprise members as the user's final rights; finally, the rights data is returned to the frontend.
[0003] However, the aforementioned existing technical solutions reveal several significant shortcomings in terms of technology and performance when dealing with complex multi-terminal collaboration scenarios and hybrid B-end (enterprise) and C-end (individual) architectures. These shortcomings manifest in four main aspects: First, database I / O bottlenecks exist in high-concurrency scenarios. When the number of users reaches millions and a single user belongs to multiple teams, each API call requires multiple join queries on the User, Team, and Rights tables, easily causing a surge in database CPU usage and a significant increase in API response latency, failing to meet the millisecond-level interaction requirements of mobile devices. Second, the logic for resolving conflicting rights is rigid. The traditional, single maximum value logic is insufficient to handle complex conflicting rights scenarios. For example, while the enterprise version offers unlimited storage, it restricts the export of watermark-free PDFs due to enterprise compliance requirements, whereas the personal version, despite limited storage space, supports this feature. The logic of rights coverage can lead to the incorrect shielding of users' legitimate rights and interests, or the ineffective implementation of corporate management strategies. Third, poor data consistency and difficulty in rights resynchronization mean that when corporate rights expire or administrators modify permission groups, changes occur in B-end rights, the lack of timely notification and rights recalculation mechanisms often requires logged-in C-end users to log back into the system or wait for the cache to expire naturally before they can perceive the rights changes. This process can easily lead to users illegally using rights and interests, or users may not be able to use newly activated rights and interests in a timely manner, thus causing customer complaints. Fourth, inconsistent interface response data structures mean that in order to adapt to the complex rights and interests management logic of B-end users, the data structure returned by the backend to B-end users includes complex hierarchical structures such as department trees and role trees, while C-end interfaces require a flat data structure. This results in technical personnel needing to maintain two independent sets of code logic, significantly increasing the development and maintenance costs of the system. Summary of the Invention
[0004] This invention provides a user-oriented rights management method, apparatus, computer device, and storage medium, aiming to overcome the problems of low rights calculation efficiency, inflexible conflict handling, and large multi-terminal synchronization latency in existing technologies under high-concurrency scenarios.
[0005] In a first aspect, embodiments of the present invention provide a user-oriented rights management method, including: Obtain all atomic rights of the service system, and perform bitmap modeling on the atomic rights to obtain the rights bitmap; When a user logs into the service system or when a request for rights is received from a user, a temporary rights inheritance tree for the user is constructed based on the rights bitmap using a directed acyclic graph. The temporary stake inheritance tree is calculated using a stake calculation engine and a preset conflict resolution matrix to obtain a stake mask. A multi-level caching strategy and write diffusion mechanism are used to cache the rights mask, and the service system is monitored for any changes in rights. When a change in rights is detected in the service system, the rights mask is updated and an update signal is pushed to the user.
[0006] Secondly, embodiments of the present invention provide a user-oriented rights management device, comprising: The bitmap modeling unit is used to obtain all atomic rights of the service system and perform bitmap modeling on the atomic rights to obtain a rights bitmap; The tree construction unit is used to construct a temporary rights inheritance tree for the user based on the rights bitmap and through a directed acyclic graph when the user logs into the service system or when a rights request is received from the user. The stake calculation unit is used to perform stake calculation on the temporary stake inheritance tree through the stake calculation engine and the preset conflict resolution matrix to obtain the stake mask; The rights caching unit is used to cache the rights mask using a multi-level caching strategy and a write diffusion mechanism, and to monitor whether the service system has undergone rights changes. The rights update unit is used to update the rights mask and push an update signal to the user when a rights change is detected in the service system.
[0007] Thirdly, embodiments of the present invention provide a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the user-oriented rights management method as described in the first aspect.
[0008] Fourthly, embodiments of the present invention provide a computer-readable storage medium storing a computer program, which, when executed by a processor, implements the user-oriented rights management method as described in the first aspect.
[0009] This invention provides a user-oriented rights management method, apparatus, computer device, and storage medium. The method includes: acquiring all atomic rights of a service system and performing bitmap modeling on the atomic rights to obtain a rights bitmap; when a user logs into the service system or a rights request is received from a user, constructing a temporary rights inheritance tree for the user based on the rights bitmap using a directed acyclic graph; performing rights calculation on the temporary rights inheritance tree using a rights calculation engine and a preset conflict resolution matrix to obtain a rights mask; caching the rights mask using a multi-level caching strategy and a write diffusion mechanism, and monitoring whether rights changes occur in the service system; when a rights change is detected in the service system, updating the rights mask and pushing an update signal to the user. This invention significantly improves the efficiency and accuracy of rights calculation by introducing bitmap modeling and directed acyclic graph technology. Simultaneously, it utilizes a conflict resolution matrix to flexibly handle complex rights conflict scenarios, ensuring the reasonable allocation and use of user rights. Furthermore, by employing a multi-level caching strategy and a write diffusion mechanism, the database I / O pressure of the system under high concurrency scenarios is effectively reduced, and real-time perception and rapid synchronization of equity changes are achieved, thereby overcoming the problems of low equity calculation efficiency, inflexible conflict handling, and large multi-terminal synchronization latency in existing technologies under high concurrency scenarios. Attached Figure Description
[0010] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the following description of the embodiments will be briefly introduced. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0011] Figure 1 A flowchart illustrating a user-oriented rights management method provided in an embodiment of the present invention; Figure 2 A schematic block diagram of a user-oriented rights management device provided in an embodiment of the present invention; Figure 3 This is an overall architecture diagram of a user-oriented rights management method provided in an embodiment of the present invention. Detailed Implementation
[0012] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0013] It should be understood that, when used in this specification and the appended claims, the terms "comprising" and "including" indicate the presence of the described features, integrals, steps, operations, elements and / or components, but do not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or collections thereof.
[0014] It should also be understood that the terminology used in this specification is for the purpose of describing particular embodiments only and is not intended to limit the invention. As used in this specification and the appended claims, the singular forms “a,” “an,” and “the” are intended to include the plural forms unless the context clearly indicates otherwise.
[0015] It should also be further understood that the term "and / or" as used in this specification and the appended claims refers to any combination of one or more of the associated listed items and all possible combinations, and includes such combinations.
[0016] Please see below. Figure 1 This invention provides a user-oriented rights management method, specifically including steps S101 to S105.
[0017] Step S101: Obtain all atomic rights of the service system, and perform bitmap modeling on the atomic rights to obtain a rights bitmap; Step S102: When a user logs into the service system or when a request for rights is received from a user, a temporary rights inheritance tree for the user is constructed based on the rights bitmap using a directed acyclic graph. Step S103: Perform equity calculation on the temporary equity inheritance tree using the equity calculation engine and the preset conflict resolution matrix to obtain the equity mask; Step S104: Cache the rights mask using a multi-level caching strategy and write diffusion mechanism, and monitor whether the service system has undergone rights changes; Step S105: When a change in rights is detected in the service system, the rights mask is updated and an update signal is pushed to the user.
[0018] In this embodiment, all atomic rights of the system are first obtained and bitmap modeling is performed to obtain a rights bitmap. Then, when a user logs in or sends a rights request, a temporary rights inheritance tree for the user is constructed based on the rights bitmap using a directed acyclic graph. Then, the rights mask is obtained by calculating the temporary rights inheritance tree using a conflict resolution matrix. Then, the rights are written to the cache through a multi-level caching strategy and a write diffusion mechanism. At the same time, the system monitors for rights changes, and when a rights change is detected, the corresponding update operation is performed and pushed to the user.
[0019] This embodiment significantly improves the efficiency and accuracy of stake calculation by introducing bitmap modeling and directed acyclic graph (DAG) techniques. Simultaneously, it utilizes a conflict resolution matrix to flexibly handle complex stake conflict scenarios, ensuring the reasonable allocation and use of user stakes. Furthermore, through a multi-level caching strategy and write diffusion mechanism, it effectively reduces the database I / O pressure on the system under high-concurrency scenarios and achieves real-time detection and rapid synchronization of stake changes. This overcomes the problems of low stake calculation efficiency, inflexible conflict handling, and large multi-terminal synchronization latency in existing technologies under high-concurrency scenarios.
[0020] In practical applications, this embodiment implements the above-mentioned rights management method based on a microservice architecture. The backend is developed in Go language and deployed on a Kubernetes (K8s) cluster. Hot data is cached through Redis, asynchronous message decoupling is achieved with the help of RabbitMQ, and inverted index retrieval of complex rights is completed using Elasticsearch (ES).
[0021] In one embodiment, the step of acquiring all atomic rights of the service system and performing bitmap modeling on the atomic rights to obtain a rights bitmap includes: Obtain the atomic rights and map them into a binary bitmap or a unique rights code to obtain the rights bitmap.
[0022] To significantly improve computational efficiency, this embodiment does not directly store rights in text form. Instead, it maps all atomic rights (such as OCR functions, Word conversion functions, watermark removal, and 10GB of storage space) to binary bitmaps or unique rights codes. In practical applications, when the Go service starts, the rights definition table is loaded into memory. Each rights point corresponds to one bit.
[0023] It's important to note that existing B2B SaaS technologies typically involve complex RBAC models (roles, permission groups, inheritance relationships), while C2C apps usually only care about "usability." Directly transmitting B2B data leads to extremely complex client-side parsing logic and is prone to app crashes due to backend model adjustments. This embodiment addresses the contradiction between the complex B2B structure and the flat C2C requirements by innovating multi-platform interface uniformity. Specifically, this embodiment first establishes a middleware adaptation layer in the backend to build a Virtual Rights Layer, then defines a mapping rule to map the deep B2B structure (e.g., Team→Dept→Role→Permission) to flat C2C tags (e.g., is_vip:true, max_storage: 1024). Furthermore, this embodiment's middleware adaptation layer supports multi-version output. Even if the backend B2B architecture is restructured, the mapping rule ensures that the interface data structure output to the old version of the app remains unchanged, guaranteeing backward compatibility of the C2C interface.
[0024] In one embodiment, when a user logs into the service system or a request for benefits is received from the user, constructing a temporary benefit inheritance tree for the user based on the benefit bitmap using a directed acyclic graph includes: When a user logs into the service system or when a request for rights is received from a user, the system retrieves the user's personal identity features and the features of the team to which the user belongs in parallel. Based on a directed acyclic graph, the individual identity features are set as nodes, and the team features are set as parent nodes, thereby constructing the temporary equity inheritance tree.
[0025] In this embodiment, when a user logs in or requests benefits, the system no longer performs a full database query, but instead triggers the benefits calculation engine. First, it retrieves the user's personal identity characteristics and team characteristics in parallel. Here, if there are purely individual users who are not part of any team, their team characteristics are initialized to an empty set or a default value of zero to ensure the consistency of the calculation process and avoid maintaining two sets of code logic. Then, the user is treated as a node, and the team they belong to is treated as a parent node, thus constructing a temporary benefits inheritance tree.
[0026] In one embodiment, the step of calculating the stake of the temporary stake inheritance tree using a stake calculation engine and a preset conflict resolution matrix to obtain a stake mask includes: Based on the concurrency features of programming languages, the individual rights set and team rights set of users are calculated separately; An initial rights mask is generated by combining the individual rights set and the team rights set; The initial stake mask is aggregated and resolved using a conflict resolution matrix to obtain the final stake mask; wherein, the conflict resolution matrix predefines a merging strategy corresponding to each stake item.
[0027] This embodiment utilizes the concurrency features of Go's Goroutines to calculate the individual stake set P and the stake sets T_1, T_2, ... for each team. A conflict resolution matrix is then introduced for aggregation and resolution. Specifically, through weighted union operations, combined with conflict rules (e.g., enterprise security policy > individual advanced stakes), the final stake mask is derived. The specific calculation formula is as follows: FinalRights = (P \cdot W_p) \cup (T_1 \cdot W_{t1}) \oplusConflictRules.
[0028] This formula is a symbolic expression of the rights aggregation logic, representing how the system merges rights from multiple sources and handles conflicts. Specifically, P / T_1 represent the user's individual rights set and the team rights set, respectively. W_p / W_{t1} represents the weight coefficient of each identity (e.g., the weight set by the enterprise > the weight set by the individual). oplusConflictRules represents the conflict resolution operator, which, based on the union, applies specific rules (such as mandatory enterprise security coverage) to modify the result, deriving the final rights mask, FinalRights.
[0029] It's also important to note that the conflict resolution matrix is not dynamically generated in real-time for each user. Instead, it's obtained as a globally preset rule configuration for the system. Specifically, the administrator can first predefine the merging strategy corresponding to each feature ID (e.g., MAX for storage space, OVERRIDE for watermark removal), and store this mapping relationship in JSON or YAML format in the configuration center (Nacos / Etcd) or a database. Then, when the service starts or the configuration changes, the computing engine directly pulls this rule table from the configuration center and loads it into the local memory of the service node for quick reference during subsequent calculations.
[0030] In a specific embodiment, the step of aggregating and resolving the initial stake mask using a conflict resolution matrix to obtain the final stake mask includes: An aggregation strategy is used to aggregate and resolve the individual stake set and team stake set in the initial stake mask; wherein, the aggregation strategy includes a maximum value strategy, a union strategy, a priority overlay strategy, and a value overlay strategy.
[0031] Traditional solutions typically employ simple priority overriding or maximum value logic, failing to handle sophisticated combinations of benefits. For example, they might allow inheritance of a company's storage space but mandate the use of the company's security watermark while retaining individual ad-blocking privileges. This embodiment addresses this by defining each benefit (Feature) a unique FeatureID through atomic definition. Furthermore, it introduces a configurable Strategy Matrix to define specific aggregation strategies for each FeatureID. Based on the aforementioned Conflict Resolution Matrix, this embodiment defines specific aggregation strategies (such as MAX, SUM, OVERRIDE, etc.) for each FeatureID, thereby decoupling computational logic from business code.
[0032] Specifically, strategy types include: (1) MAX_VALUE (take the larger value): used for storage space, concurrency quota, etc.
[0033] (2) BOOLEAN_OR (union): Used for function switches, it is owned as long as one side is owned.
[0034] (3) PRIORITY_OVERRIDE: Enterprise settings are forced to override personal settings (such as forcibly enabling watermarks).
[0035] (4) NUMERIC_SUM (numerical summation): used to accumulate resource packages from multiple sources (such as OCR points).
[0036] In this embodiment, the essence of conflict refers to the inconsistency in value or state of the same interest item across individual and team identities. Conflict resolution, in essence, involves using a pre-defined aggregation strategy to forcibly merge ambiguous data into a uniquely definite result. The strategy is the rule; once the rule is established, the conflict resolves itself.
[0037] For example: Scenario A: Storage space (using MAX_VALUE strategy) a. Current Conflict: A user purchased 10GB of personal storage space (P=10), but the company the user joined has 100GB of employee storage space (T=100). The system faces a data conflict: How much storage space should the user be given? b. Resolution process: The system checks the matrix and finds that the strategy corresponding to the storage space is MAX_VALUE, so it executes the calculation of \\max(10, 100).
[0038] c. Resolution Result: The final right was determined to be 100GB. The conflict was resolved, and the user's interests were maximized.
[0039] Scenario B: Forced watermarking (using the PRIORITY_OVERRIDE strategy) a. Current conflict: The user has turned off the watermark in their personal settings (P=False), but the company requires the watermark to be turned on for security reasons (T=True).
[0040] b. Resolution process: The system checks the matrix and finds that the policy corresponding to the watermark is PRIORITY_OVERRIDE (and is configured as enterprise priority).
[0041] c. Resolution Result: The system forcibly ignores personal settings, and the final rights and interests are determined as True (watermark enabled). The conflict is resolved, and corporate compliance is ensured.
[0042] In addition, a directed acyclic graph (DAG) of users and teams is constructed in memory. The computing engine traverses all nodes and performs merging operations on each feature according to the strategy defined in the matrix, ultimately outputting a unique equity fingerprint.
[0043] In one embodiment, the step of caching the stake mask using a multi-level caching strategy and a write diffusion mechanism, and monitoring whether a stake change occurs in the service system, includes: The calculation rules are cached in memory through a first-level cache; wherein, the calculation rules include a conflict resolution matrix and equity metadata and a basic template; The rights mask is written to the Redis database through a second-level cache.
[0044] This embodiment solves the performance problems existing in the prior art through multi-level caching and write diffusion mechanism. Among them, the first-level cache (Local Cache) is used to cache the calculation rules in the Pod memory. The calculation rules include the conflict resolution matrix and the rights metadata and basic template. The rights metadata and basic template refer to (1) rights definition: defining the data type (e.g., boolean value or integer) and unit (e.g., GB or number of times) of FeatureID; (2) level template: defining the initial rights set corresponding to "personal VIP level" or "enterprise package level" (e.g., the rule defines Gold_Level={Storage:100GB,OCR:500 times}).
[0045] The second-level cache (Redis Cluster) stores the calculated final rights snapshot in Redis with the key User_Rights_{UserID}.
[0046] In this embodiment, when a front-end interface request is made, a snapshot in Redis can be directly retrieved without any database queries, increasing the QPS (queries per second) to over ten thousand. This embodiment solves the database performance bottleneck caused by complex permission calculations in high-concurrency scenarios by adopting compute-on-write and read-write separation architecture. Traditional solutions use compute-on-read, where the backend performs real-time database queries and calculations every time a user calls an interface. However, when the B-end organizational structure is complex (multiple nested departments), this leads to slow single-interface responses and significant database pressure. In contrast, this embodiment moves the complex rights calculation process forward to the moment of rights change (such as when purchasing a package or joining a team). After the calculation is completed, the final result is serialized into flat JSON or Protobuf binary data (Snapshot) and stored in the Redis cache. Furthermore, all C-end business interfaces (PC / mobile / Web) in this embodiment no longer involve any SQL queries; they directly read this snapshot from Redis using the UserID. This transforms the heavy operation that originally required 5-10 database join queries into a single Redis O(1) read operation, with the interface response time remaining stable in the millisecond range.
[0047] In one embodiment, updating the rights mask and pushing an update signal to the user when a change in rights is detected in the service system includes: Listen for any equity change event messages through the equity calculation service; If a change of rights event message is detected, the corresponding scope of the change is obtained; Retrieve the corresponding user list based on the scope of the change; Based on the user list, the corresponding rights snapshot is recalculated to update the rights mask.
[0048] This embodiment introduces an event-driven architecture to ensure the system can respond to equity changes in real time and resolve consistency issues when updating the equity mask. Specifically, the equity calculation service first listens for equity change event messages. Once a change is detected, the scope of the change is obtained, a user list is retrieved based on this scope, and finally, the equity snapshot is recalculated based on this user list to complete the equity mask update.
[0049] In practical applications, this embodiment uses event-driven change synchronization based on MQ. When a change in benefits occurs on the B-end (cloud / enterprise management backend) (such as the enterprise purchasing a new package or removing a member), a RightsChangeEven message is first sent to RabbitMQ through the business service. The benefits calculation service (Consumer) listens to this queue. Upon receiving the message, it quickly retrieves the list of affected users using Elasticsearch based on the scope of the change (e.g., by reverse lookup of all user IDs belonging to the TeamID using ES). Subsequently, the calculation engine is triggered to recalculate the benefit snapshots of these users and atomically update the Redis cache. Then, a signal can be pushed to online clients via WebSocket or Server-Sent Events (SSE) to force the clients to refresh their local configurations.
[0050] Furthermore, this embodiment also addresses the problem of "how to quickly notify a massive number of C-end users when B-end changes." In existing technologies, when an enterprise administrator modifies the permissions of all employees, traditional solutions require traversing the user table, which is extremely inefficient; or they wait for the user's next login to trigger an update, leading to delays in the effectiveness of permissions (data inconsistency). This embodiment uses RabbitMQ to decouple the permission change action into asynchronous messages and uses Elasticsearch to build an "organization-user" inverted index. Thus, when a message such as "TeamID=A has changed" is received, instead of scanning the entire table, Elasticsearch directly retrieves a list of all UserIDs belonging to TeamID=A. Then, after obtaining the list of affected UserIDs, Go's Goroutine pool is used for high-concurrency batch recalculation and cache updates.
[0051] Combination Figure 3 In practical applications, the user-oriented rights management method provided in this embodiment can specifically include three stages, namely the change generation stage ( Figure 3 (1-3 in the text), asynchronous computing stage ( Figure 3 (4-7 in the middle) and the request read phase ( Figure 3 (8) Specifically, during the change generation phase, the business service first writes the change to MySQL and synchronously updates the Elasticsearch index, then sends the change event to the Message Queue (MQ). During the asynchronous computation phase, the stake calculation service first consumes the change message, then retrieves the affected users from Elasticsearch, loads the configuration rules from MySQL, and updates the Redis snapshot after completing the calculation. During the request read phase, when a client makes a request, it directly reads the stake snapshot from Redis.
[0052] Based on the user-oriented rights management method provided in this embodiment, the following are achieved: First, by constructing a rights aggregation model that combines bitwise operations and in-memory computing, the computational performance issues at complex levels are addressed. Second, a configurable conflict resolution matrix strategy enables intelligent integration of individual rights and multi-team rights. Third, based on an event-driven mechanism, changes from the B-side are synchronized to the C-side within milliseconds, ensuring strong data consistency. Fourth, a unified Virtual Rights Layer shields the differences between the B / C sides from the outside world, providing a unified interface output structure.
[0053] This embodiment, by introducing a bitwise-based in-memory computing model, a read-write separation architecture, and an event-driven synchronization mechanism, achieves significant technical improvements in system performance, data consistency, and maintenance costs compared to traditional real-time database join query schemes. Specific performance comparisons are as follows: (1) Comparison of system response performance and load Traditional solutions require real-time joins and queries across multiple large tables (User, Team, Role, Permission) during user authentication, resulting in high database CPU usage. This embodiment pre-processes the computation, requiring only access to Redis for reads, achieving an extremely fast response time of O(1). Details are shown in Table 1 below: Table 1 Table 1 above shows a comparison of performance metrics under high concurrency scenarios. The test environment was set to have 10 million users and a concurrent request QPS of 10,000.
[0054] (2) Comparison of the timeliness of simultaneous rights and interests across multiple platforms For scenarios where B-end enterprises purchase packages and C-end employees need to know when the changes take effect, traditional solutions rely on cache expiration or client polling, resulting in extremely high latency. This embodiment utilizes RabbitMQ and Elasticsearch to achieve millisecond-level change propagation. Details are shown in Table 2 below: Table 2 The above Table 2 shows a comparison of the timeliness of changes in equity.
[0055] (3) Comparison of architecture scalability and maintenance costs When facing complex B2B organizational restructuring, this embodiment achieves logical decoupling through a virtual rights layer and a conflict resolution matrix, as shown in Table 3 below: Table 3 Table 3 shows a comparison of system architecture scalability.
[0056] Figure 2 This is a schematic block diagram of a user-oriented rights management device 200 provided in an embodiment of the present invention. The device 200 includes: Bitmap modeling unit 201 is used to obtain all atomic rights of the service system and perform bitmap modeling on the atomic rights to obtain a rights bitmap; Tree construction unit 202 is used to construct a temporary rights inheritance tree for the user based on the rights bitmap and through a directed acyclic graph when the user logs into the service system or when a rights request is received from the user. The equity calculation unit 203 is used to perform equity calculation on the temporary equity inheritance tree through the equity calculation engine and the preset conflict resolution matrix to obtain the equity mask; The rights caching unit 204 is used to cache the rights mask using a multi-level caching strategy and a write diffusion mechanism, and to monitor whether the service system has undergone rights changes. The rights update unit 205 is used to update the rights mask and push an update signal to the user when a rights change is detected in the service system.
[0057] In one embodiment, the bitmap modeling unit 201 includes: The rights mapping unit is used to obtain the atomic rights and map the atomic rights to a binary bitmap or a unique rights code to obtain the rights bitmap.
[0058] In one embodiment, the tree building unit 202 includes: The feature retrieval unit is used to retrieve the user's personal identity features and team characteristics in parallel when the user logs into the service system or when a rights request is received from the user. The node setting unit is used to construct the temporary rights inheritance tree by setting the individual identity features as nodes and the team features as parent nodes based on the directed acyclic graph.
[0059] In one embodiment, the rights calculation unit 203 includes: The set calculation unit is used to calculate the individual rights set and team rights set of users based on the concurrency features of programming languages; A mask generation unit is used to generate an initial rights mask by combining the individual rights set and the team rights set; The aggregation and resolution unit is used to aggregate and resolve the initial stake mask through the conflict resolution matrix to obtain the final stake mask; wherein, the conflict resolution matrix predefines the merging strategy corresponding to each stake item.
[0060] In one embodiment, the polymerization digestion unit includes: The strategy resolution unit is used to aggregate and resolve the individual stake set and team stake set in the initial stake mask using aggregation strategies; wherein, the aggregation strategies include the maximum value strategy, the union strategy, the priority overlay strategy, and the value superposition strategy.
[0061] In one embodiment, the rights cache unit 204 includes: A first-level cache unit is used to cache computation rules in memory through a first-level cache; wherein, the computation rules include a conflict resolution matrix and equity metadata and a basic template; The second-level cache unit is used to write the rights mask to the Redis database through the second-level cache.
[0062] In one embodiment, the rights update unit 205 includes: The event listening unit is used to listen for the existence of equity change event messages through the equity calculation service; The scope acquisition unit is used to acquire the corresponding scope of change if a change of rights event message is detected. The list retrieval unit is used to retrieve the corresponding user list based on the scope of the change. The mask update unit is used to recalculate the corresponding rights snapshot based on the user list in order to update the rights mask.
[0063] Since the embodiments of the apparatus and the embodiments of the method correspond to each other, please refer to the description of the embodiments of the method for the embodiments of the apparatus, which will not be repeated here.
[0064] This invention also provides a computer-readable storage medium storing a computer program thereon, which, when executed, can perform the steps provided in the above embodiments. The storage medium may include various media capable of storing program code, such as a USB flash drive, a portable hard drive, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
[0065] This invention also provides a computer device, which may include a memory and a processor. The memory stores a computer program, and when the processor calls the computer program in the memory, it can implement the steps provided in the above embodiments. Of course, the computer device may also include various network interfaces, power supplies, and other components.
[0066] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the systems disclosed in the embodiments, since they correspond to the methods disclosed in the embodiments, the descriptions are relatively simple; relevant parts can be referred to in the method section. It should be noted that those skilled in the art can make various improvements and modifications to this application without departing from the principles of this application, and these improvements and modifications also fall within the protection scope of the claims of this application.
[0067] It should also be noted that, in this specification, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
Claims
1. A user-oriented rights management method, characterized in that, include: Obtain all atomic rights of the service system, and perform bitmap modeling on the atomic rights to obtain the rights bitmap; When a user logs into the service system or when a request for rights is received from a user, a temporary rights inheritance tree for the user is constructed based on the rights bitmap using a directed acyclic graph. The temporary stake inheritance tree is calculated using a stake calculation engine and a preset conflict resolution matrix to obtain a stake mask. A multi-level caching strategy and write diffusion mechanism are used to cache the rights mask, and the service system is monitored for any changes in rights. When a change in rights is detected in the service system, the rights mask is updated and an update signal is pushed to the user.
2. The user-oriented rights management method according to claim 1, characterized in that, The process involves acquiring all atomic rights of the service system and performing bitmap modeling on these atomic rights to obtain a rights bitmap, including: Obtain the atomic rights and map them into a binary bitmap or a unique rights code to obtain the rights bitmap.
3. The user-oriented rights management method according to claim 1, characterized in that, When a user logs into the service system or a request for rights is received from a user, a temporary rights inheritance tree for the user is constructed based on the rights bitmap using a directed acyclic graph, including: When a user logs into the service system or when a request for rights is received from a user, the system retrieves the user's personal identity features and the features of the team to which the user belongs in parallel. Based on a directed acyclic graph, the individual identity features are set as nodes, and the team features are set as parent nodes, thereby constructing the temporary equity inheritance tree.
4. The user-oriented rights management method according to claim 1, characterized in that, The process of calculating the stake in the temporary stake inheritance tree using a stake calculation engine and a preset conflict resolution matrix to obtain a stake mask includes: Based on the concurrency features of programming languages, the individual rights set and team rights set of users are calculated separately; An initial rights mask is generated by combining the individual rights set and the team rights set; The initial stake mask is aggregated and resolved using a conflict resolution matrix to obtain the final stake mask; wherein, the conflict resolution matrix predefines a merging strategy corresponding to each stake item.
5. The user-oriented rights management method according to claim 1, characterized in that, The process of aggregating and resolving the initial stake mask using a conflict resolution matrix to obtain the final stake mask includes: An aggregation strategy is employed to aggregate and resolve the individual stake sets and team stake sets in the initial stake mask; wherein, the aggregation strategy includes a maximum value strategy, a union strategy, a priority overlay strategy, and a value overlay strategy.
6. The user-oriented rights management method according to claim 1, characterized in that, The step of caching the rights mask using a multi-level caching strategy and write diffusion mechanism, and monitoring whether the service system experiences rights changes, includes: The calculation rules are cached in memory through a first-level cache; wherein, the calculation rules include a conflict resolution matrix and equity metadata and a basic template; The rights mask is written to the Redis database through a second-level cache.
7. The user-oriented rights management method according to claim 1, characterized in that, When a change in rights is detected in the service system, the rights mask is updated, and an update signal is pushed to the user, including: Listen for any equity change event messages through the equity calculation service; If a change of rights event message is detected, the corresponding scope of the change is obtained; Retrieve the corresponding user list based on the scope of the change; Based on the user list, the corresponding rights snapshot is recalculated to update the rights mask.
8. A user-oriented rights management device, characterized in that, include: The bitmap modeling unit is used to obtain all atomic rights of the service system and perform bitmap modeling on the atomic rights to obtain a rights bitmap; The tree construction unit is used to construct a temporary rights inheritance tree for the user based on the rights bitmap and through a directed acyclic graph when the user logs into the service system or when a rights request is received from the user. The stake calculation unit is used to perform stake calculation on the temporary stake inheritance tree through the stake calculation engine and the preset conflict resolution matrix to obtain the stake mask; The rights caching unit is used to cache the rights mask using a multi-level caching strategy and a write diffusion mechanism, and to monitor whether the service system has undergone rights changes. The rights update unit is used to update the rights mask and push an update signal to the user when a rights change is detected in the service system.
9. A computer device, characterized in that, It includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements the user-oriented rights management method as described in any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the user-oriented rights management method as described in any one of claims 1 to 7.