程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Python solves the real problem of ccf-csp 202206-3 - role authorization

編輯:Python

Students who want to check the real problems and solutions of other problems can go to check :CCF-CSP True problem with complete solution

Question number :202206-3 The title of the test question : Role authorization The time limit :5.0s Memory limit :512.0MB Problem description :

Background

In response to the national initiative to develop new infrastructure , West West iver data center has been built on West West iver island , Based on this, the company has operated sisi Aifu cloud . As the operation and maintenance party of the data center ,
The company attaches great importance to its network security management . as everyone knows , It is difficult to have both security and convenience , meanwhile ,
A confusing permission model may cause people to be granted unnecessary permissions , Thus causing safety risks . Therefore, I work in the network security department of West iver cloud company C
A scientific permission model is specially designed .

This security model divides the verification process into two steps . The first step is to verify the user's identity ( To identify ), The second step is to verify the user's permissions ( to grant authorization ). In the first step ,
First, verify whether a user is the identity claimed by the user . for example , By verifying the password provided by the user (Password) Whether it is right , Or verify whether the smart card provided by the user is legal and valid .
Next , In the authorization step , Permission policies are retrieved to determine whether a visiting user can operate a resource in the system .

In order to flexibly express the relationship between users and Authorization , Sisi evercloud has designed a simple and flexible authorization model : Role based authorization model . The idea is : First set up several roles ,
A list is indicated in each role , Indicates the types of resources that are allowed to be accessed 、 The name of the resource and the operation on the resource ; Then associate the user identified in the previous step with one or more roles .
What a user can do , Is the union of the allowed operations in all roles associated with it .

Small C It's up to you to implement the authorization model , I hope you can realize them .

Problem description

user Represents an identified principal in the authorization model , The identification process is completed by the previous identification process . A user has the following elements :

  • name : Is a string , Used to uniquely identify a user ;
  • User group : Is an array , Contains several strings , Indicates the user group to which the user belongs .

An act to be authorized , Include the following elements :

  • The main body : It's a user , Include the name of the user who attempted the behavior and the user group to which the user belongs ;
  • operation : Is a string , It's usually a verb , for example  ReadOpenClose  etc. ;
  • resources : The operands that represent this behavior , It is described by resource category and resource name . Resource types such as  DoorFile  etc. ; In a particular resource category , The resource name uniquely identifies a resource .

It should be noted that , The subject information of an action to be authorized , That is, the user name and the user group to which they belong , It is completed by the identification process of the previous step . therefore , During each authorization process ,
Each behavior to be authorized will contain the information of the principal user and its associated user group . Due to other factors in the authentication process , Users with the same name may belong to different user groups in the two behaviors to be authorized ,
It is not possible to store or memorize every previous act to be authorized , The association between users and user groups , It should be judged independently according to the information given in each act to be authorized .

role Is the basic unit of this authorization model , It indicates what a user can do , The list of roles describes the actions allowed by the role . A role contains the following elements :

  • name , Is a string , Used to uniquely identify a role ;
  • Action list , Is an array , Contains one or more operations , Represents the set of operations allowed by the role ;
  • List of resource categories , Is an array , Contains one or more resource categories , Represents the category collection of resources that the role allows to operate ;
  • List of resource names , Is an array , Contains several resource names , Represents the name collection of the resources that the role allows to operate .

The process of determining whether a role can perform an operation on a resource is :

  1. Check the action list for this role , If the action list of this role does not contain this action , And the action list of this role does not contain the string  *, Then the operation cannot be performed ;
  2. Check the list of resource types for this role , If the resource category list of this role does not contain the resource category , And the resource category list of this role does not contain a string  *, Then the operation cannot be performed ;
  3. Check the list of resource names for this role , If the resource name list of the role does not contain the name of the resource , And the resource name list of this role is not an empty array , Then the operation cannot be performed ;
  4. Allow this operation .

for example , Suppose there is a role  Doorman, The allowed operations are  Open  and  Close, The resource types that are allowed to operate are  Door, The allowed resource names are  FrontDoor  and  BackDoor.
If a user is associated with this role , Then the user can perform a query named  FrontDoor  Of  Door  perform  Open  operation , But it can't be right  BackDoor  Of  Door  perform  Delete  operation .
meanwhile , The operations allowed by a role can be represented by wildcards . for example , Another role  Admin, The allowed operations are  *, The resource types allowed to operate are  *, The list of allowed resource names is empty ,
Then all users associated with this role can perform any action . It is worth noting that , A list of actions for a role , You can only list the allowed operations of this role in the form of an allow list , You cannot prohibit a role from performing an operation .

Role Association Indicates the relationship between a user and one or more roles . A role Association contains the following elements :

  • Character name , Is a string , Used to indicate a role ;
  • List of authorized objects , Is an array , Contains one or more user names or user group names , Represents a collection of users and user groups associated with the role .

The process of determining whether a user can perform an operation is :

  1. Check the list of authorization objects associated with all roles , If the list contains the name of the user , Or the list contains the name of a user group to which the user belongs , Then select the role associated with the role Association ;
  2. For all selected roles , Determine whether these roles can perform the operation on the resource , If none of the roles can perform this operation , Then the operation cannot be performed ;
  3. Allow this operation .

thus it can be seen , A role association can associate a role with multiple users or user groups . for example , If there is a role Association , Its associated role name is  Doorman, The list of associated users and user groups is
user  foo1、 user  foo2、 User group  bar. Then these users will interact with  Doorman  Role Association :

  • be known as  foo1  Users of , Belongs to the user group  bar;
  • be known as  foo2  Users of , Belongs to the user group  barz;
  • be known as  foo3  Users of , Belongs to the user group  bar  and  barz.

however , Belongs to the user group  barz  The name is  foo4  Users of cannot interact with  Doorman  Role associations for .

From the above judgment rules, we can know , A user may be associated with multiple roles , under these circumstances , The operations allowed by the user are a collection of the operations allowed by these roles Combine .

Input format

Reading data from standard input .

The first line of input contains three positive integers  n、m、q, Each represents the number of roles 、 The number of role associations and the number of operations to be checked .

Enter the next  n  In line , Each line represents a role , Include several elements separated by spaces , In turn :

  • A string , Indicates the name of the role ;
  • A positive integer  nv, Indicates the number of operations included in the operation list ;
  • nv  A string , Represent the operations in the operation list in sequence ;
  • A positive integer  no, Indicates the number of resource categories included in the resource category list ;
  • no  A string , Represent the resource types in the resource type list in turn ;
  • A nonnegative integer  nn, Indicates the number of resource names included in the resource name list ;
  • nn  A string , Represent the resource names in the resource name list in turn .

Enter the next  m  In line , Each row represents a role Association , Include several elements separated by spaces , In turn :

  • A string , Indicates the role name associated with the role ;
  • A positive integer  ns, Indicates the number of authorization objects included in the authorization object list ;
  • 2ns  A string , Each two represents the authorization object in the authorization object list , The previous string is  u  or  g, It indicates that the authorization object is a user name or a user group name , The last string is user name or user group name .

Enter the next  q  In line , Each line represents an action to be authorized , Include several elements separated by spaces , In turn :

  • A string , Indicates the name of the user performing the operation ;
  • A positive integer  ng, Indicates the number of user groups to which the user belongs ;
  • ng  A string , Name of the user group to which the user belongs ;
  • A string , Indicates the name of the operation to be checked ;
  • A string , Indicates the type of resource being operated ;
  • A string , Indicates the name of the operated resource .

Output format

Output to standard output .

Output  q  That's ok , Each line indicates whether an operation can be performed ,0  To indicate that it is impossible to execute ,1  Indicates that... Can be executed .

The sample input

1 2 3
op 1 open 1 door 0
op 1 g sre
op 1 u xiaop
xiaoc 2 sre ops open door room302
xiaop 1 ops open door room501
xiaoc 2 sre ops remove door room302

Sample output

1
1
0

Sample explanation

In this case , Defines a name  op  Role , Granted to any  door  Type of object  open  Authority to operate , Two points are defined at the same time  op  Role associations for .
Be careful , You can define more than one role Association for a role . This example shows three behaviors to be authorized . among , The first act , The authorized principal user is  xiaoc,
The user group to which the user belongs  sre  Be associated  op  role , Therefore, the door opening action can be performed . In the second act , The authorized principal user is  xiaop,
The user is directly associated with  op  role , Therefore, you can also open the door . In the third act , The authorized principal user is still  xiaoc, The associated role is still  op. however ,
because  op  The role has not been granted  remove  Authority to operate , So the action was rejected .

The subtasks

about 20% The data of , Yes  n=m=1, And the roles given are similar to those used for examples in the body of the topic  Admin, Allow any operation , And  nv=no=ns=ng=1、nn=0.

about 40% The data of , Yes  1≤n,m≤50, And  nv=no=ns=1、ng≤40、nn=0.

about 70% The data of , Yes  1≤n,m≤50, And  nv,no,ns,ng≤40、nn≤400.

about 100% The data of , Yes :

  • 1≤n,m≤500;
  • 1≤q≤5000;
  • 1≤nv,no,ns,ng≤400;
  • 0≤nn≤400;
  • All strings or  *, Or contain only capital letters 、 Lowercase letters 、 Numbers (A-Za-z0-9), And the number of characters shall not exceed 10.

The real question comes from : Role authorization

  Interested students can go in and practice

20 Sub topic solution : 

n, m, q = map(int, input().split())
peoples = [[i for i in map(str,input().split())] for j in range(n)]
datas = [[i for i in map(str,input().split())] for j in range(m)]
points = [[i for i in map(str,input().split())] for j in range(q)]
for point in points:
temp = 0
for data in datas:
for people in peoples:
if data[2] == 'g':
if point[2] == data[3]:
temp = 1
if data[2] == 'u':
if point[0] == data[3]:
temp = 1
if temp == 1:
print(1)
else:
print(0)

Running results :


ccf-csp Practice column   

https://blog.csdn.net/weixin_53919192/category_11828479.html?spm=1001.2014.3001.5482https://blog.csdn.net/weixin_53919192/category_11828479.html?spm=1001.2014.3001.5482


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved