Question number :202206-3 The title of the test question : Role authorization The time limit :5.0s Memory limit :512.0MB Problem description :Students who want to check the real problems and solutions of other problems can go to check :CCF-CSP True problem with complete solution
In response to the national initiative to develop new infrastructure , West West iver data center has been built on West West iver island , Based on this, the company has operated sisi Aifu cloud . As the operation and maintenance party of the data center ,
The company attaches great importance to its network security management . as everyone knows , It is difficult to have both security and convenience , meanwhile ,
A confusing permission model may cause people to be granted unnecessary permissions , Thus causing safety risks . Therefore, I work in the network security department of West iver cloud company C
A scientific permission model is specially designed .
This security model divides the verification process into two steps . The first step is to verify the user's identity ( To identify ), The second step is to verify the user's permissions ( to grant authorization ). In the first step ,
First, verify whether a user is the identity claimed by the user . for example , By verifying the password provided by the user (Password) Whether it is right , Or verify whether the smart card provided by the user is legal and valid .
Next , In the authorization step , Permission policies are retrieved to determine whether a visiting user can operate a resource in the system .
In order to flexibly express the relationship between users and Authorization , Sisi evercloud has designed a simple and flexible authorization model : Role based authorization model . The idea is : First set up several roles ,
A list is indicated in each role , Indicates the types of resources that are allowed to be accessed 、 The name of the resource and the operation on the resource ; Then associate the user identified in the previous step with one or more roles .
What a user can do , Is the union of the allowed operations in all roles associated with it .
Small C It's up to you to implement the authorization model , I hope you can realize them .
user Represents an identified principal in the authorization model , The identification process is completed by the previous identification process . A user has the following elements :
An act to be authorized , Include the following elements :
Read、Open、Close etc. ;Door、File etc. ; In a particular resource category , The resource name uniquely identifies a resource . It should be noted that , The subject information of an action to be authorized , That is, the user name and the user group to which they belong , It is completed by the identification process of the previous step . therefore , During each authorization process ,
Each behavior to be authorized will contain the information of the principal user and its associated user group . Due to other factors in the authentication process , Users with the same name may belong to different user groups in the two behaviors to be authorized ,
It is not possible to store or memorize every previous act to be authorized , The association between users and user groups , It should be judged independently according to the information given in each act to be authorized .
role Is the basic unit of this authorization model , It indicates what a user can do , The list of roles describes the actions allowed by the role . A role contains the following elements :
The process of determining whether a role can perform an operation on a resource is :
*, Then the operation cannot be performed ;*, Then the operation cannot be performed ; for example , Suppose there is a role Doorman, The allowed operations are Open and Close, The resource types that are allowed to operate are Door, The allowed resource names are FrontDoor and BackDoor.
If a user is associated with this role , Then the user can perform a query named FrontDoor Of Door perform Open operation , But it can't be right BackDoor Of Door perform Delete operation .
meanwhile , The operations allowed by a role can be represented by wildcards . for example , Another role Admin, The allowed operations are *, The resource types allowed to operate are *, The list of allowed resource names is empty ,
Then all users associated with this role can perform any action . It is worth noting that , A list of actions for a role , You can only list the allowed operations of this role in the form of an allow list , You cannot prohibit a role from performing an operation .
Role Association Indicates the relationship between a user and one or more roles . A role Association contains the following elements :
The process of determining whether a user can perform an operation is :
thus it can be seen , A role association can associate a role with multiple users or user groups . for example , If there is a role Association , Its associated role name is Doorman, The list of associated users and user groups is
user foo1、 user foo2、 User group bar. Then these users will interact with Doorman Role Association :
foo1 Users of , Belongs to the user group bar;foo2 Users of , Belongs to the user group barz;foo3 Users of , Belongs to the user group bar and barz. however , Belongs to the user group barz The name is foo4 Users of cannot interact with Doorman Role associations for .
From the above judgment rules, we can know , A user may be associated with multiple roles , under these circumstances , The operations allowed by the user are a collection of the operations allowed by these roles Combine .
Reading data from standard input .
The first line of input contains three positive integers n、m、q, Each represents the number of roles 、 The number of role associations and the number of operations to be checked .
Enter the next n In line , Each line represents a role , Include several elements separated by spaces , In turn :
Enter the next m In line , Each row represents a role Association , Include several elements separated by spaces , In turn :
u or g, It indicates that the authorization object is a user name or a user group name , The last string is user name or user group name .Enter the next q In line , Each line represents an action to be authorized , Include several elements separated by spaces , In turn :
Output to standard output .
Output q That's ok , Each line indicates whether an operation can be performed ,0 To indicate that it is impossible to execute ,1 Indicates that... Can be executed .
1 2 3
op 1 open 1 door 0
op 1 g sre
op 1 u xiaop
xiaoc 2 sre ops open door room302
xiaop 1 ops open door room501
xiaoc 2 sre ops remove door room302
1
1
0
In this case , Defines a name op Role , Granted to any door Type of object open Authority to operate , Two points are defined at the same time op Role associations for .
Be careful , You can define more than one role Association for a role . This example shows three behaviors to be authorized . among , The first act , The authorized principal user is xiaoc,
The user group to which the user belongs sre Be associated op role , Therefore, the door opening action can be performed . In the second act , The authorized principal user is xiaop,
The user is directly associated with op role , Therefore, you can also open the door . In the third act , The authorized principal user is still xiaoc, The associated role is still op. however ,
because op The role has not been granted remove Authority to operate , So the action was rejected .
about 20% The data of , Yes n=m=1, And the roles given are similar to those used for examples in the body of the topic Admin, Allow any operation , And nv=no=ns=ng=1、nn=0.
about 40% The data of , Yes 1≤n,m≤50, And nv=no=ns=1、ng≤40、nn=0.
about 70% The data of , Yes 1≤n,m≤50, And nv,no,ns,ng≤40、nn≤400.
about 100% The data of , Yes :
*, Or contain only capital letters 、 Lowercase letters 、 Numbers (A-Za-z0-9), And the number of characters shall not exceed 10.The real question comes from : Role authorization
Interested students can go in and practice
20 Sub topic solution :
n, m, q = map(int, input().split())
peoples = [[i for i in map(str,input().split())] for j in range(n)]
datas = [[i for i in map(str,input().split())] for j in range(m)]
points = [[i for i in map(str,input().split())] for j in range(q)]
for point in points:
temp = 0
for data in datas:
for people in peoples:
if data[2] == 'g':
if point[2] == data[3]:
temp = 1
if data[2] == 'u':
if point[0] == data[3]:
temp = 1
if temp == 1:
print(1)
else:
print(0)Running results :
ccf-csp Practice column
https://blog.csdn.net/weixin_53919192/category_11828479.html?spm=1001.2014.3001.5482
https://blog.csdn.net/weixin_53919192/category_11828479.html?spm=1001.2014.3001.5482
