A comparison of the best implementation schemes for RBAC in PHP MVC

Personally think of the PHP MVC framework to implement the principle sequence of RBAC:

Data Sheet

1.tb_user(id,uname,roleid)2.tb_role(roleid,rolename)3.tb_module(moduleid,moudulename,mvc_url)4.tb_access(accessid,roleid,mouduleid)

Implementation principle

1. 根据$uid 得到 $roleid。2. 根据当前MVC参数 __CLASS__ __METHOD__ 拼接成路由网址 $mvc_url3. 根据 $mvc_url 去表 tb_module中查询，得到 $moduleid4. 根据 $roleid,$mouduleid 查询表 tb_access中是否有此条记录5. 如果 有，可以访问；如果没有，禁止访问该动作 action 方法

Disadvantages
If there is a module, class article, method function lists ();.
If the current user only has permission to view but not modify, add, delete permissions, then the lists page on the Add Modify Delete button How to judge?

A different method

Data Sheet

Where the value of permission has these kinds of

{1:查看,2:添加,4:修改,8:删除,16:...}

RBAC implementation Process
1. Get $roleid through the user's $userid
2. Through the user's current URL to query the corresponding link in the Tb_module table, get $moduleid. If the module has parent modules. Then get his parent module. For example, the current module MVC URL is article/add, then his real moduleid is

select moduleid from tb_module where id=(    select upid from tb_module where link='article/add')

3. Through $roleid and $moduleid to query tb_permission, get the sum of records

select sum(permission) as permission from tb_permissionwhere roleid=$roleid and moduleid=$moduleid

4. If the current access Article/lst

switch($permission){    case 1: //只有访问权限        break;    case 2://访问、添加权限        break;    case 4://访问、添加、修改权限        break;    case 8://访问、添加、修改、删除权限        break;    case 16:        break;}

For the second method, say the view, similar to the computer file 0777 this permission.

Reply content:

Personally think of the PHP MVC framework to implement the principle sequence of RBAC:

Data Sheet

1.tb_user(id,uname,roleid)2.tb_role(roleid,rolename)3.tb_module(moduleid,moudulename,mvc_url)4.tb_access(accessid,roleid,mouduleid)

Implementation principle

1. 根据$uid 得到 $roleid。2. 根据当前MVC参数 __CLASS__ __METHOD__ 拼接成路由网址 $mvc_url3. 根据 $mvc_url 去表 tb_module中查询，得到 $moduleid4. 根据 $roleid,$mouduleid 查询表 tb_access中是否有此条记录5. 如果 有，可以访问；如果没有，禁止访问该动作 action 方法

Disadvantages
If there is a module, class article, method function lists ();.
If the current user only has permission to view but not modify, add, delete permissions, then the lists page on the Add Modify Delete button How to judge?

A different method

Data Sheet

Where the value of permission has these kinds of

{1:查看,2:添加,4:修改,8:删除,16:...}

RBAC implementation Process
1. Get $roleid through the user's $userid
2. Through the user's current URL to query the corresponding link in the Tb_module table, get $moduleid. If the module has parent modules. Then get his parent module. For example, the current module MVC URL is article/add, then his real moduleid is

select moduleid from tb_module where id=(    select upid from tb_module where link='article/add')

3. Through $roleid and $moduleid to query tb_permission, get the sum of records

select sum(permission) as permission from tb_permissionwhere roleid=$roleid and moduleid=$moduleid

4. If the current access Article/lst

switch($permission){    case 1: //只有访问权限        break;    case 2://访问、添加权限        break;    case 4://访问、添加、修改权限        break;    case 8://访问、添加、修改、删除权限        break;    case 16:        break;}

For the second method, say the view, similar to the computer file 0777 this permission.

Better authentication mode than RBAC (Auth class authentication)

