RBAC role-based Access Control
Permission control is very common in background management, and its model is largely the form of the following diagram
The fields I use are not the same as above, and the figure is just an example
A simple permission control model that requires only 3 tables.
User table: Record users ' information and users ' roles
->USER_ID: User's ID
->USER_ROLE_ID: User role information 0,1,2 for Super Admins, managers, employees, respectively
Other omitted ...
Role tables: Record different role information, and the permissions they have
->ROLE_ID: Role ID 1 is manager, 2 is employee, 0 no permission limit
->role_name: Role Name
->role_auth_ids: The ID of the storage permission
->ROLE_AUTH_AC: Pages that the role has access to
Auth table: Record specific information for each permission
->AUTH_ID: Permission ID
->auth_name: Permission Name
->auth_pid: The ID of the parent permission for the permission
->auth_c: Name of the controller
->auth_a: Displays the name of the page
->auth_path: The hierarchy of permissions with an ID of 0-level permissions is empty, such as user management ID 5 (assuming it is the highest), then its auth_path is 0, the forbidden user is a child, the ID is 10. Then its auth_path is 5-10.
->auth_level: The privilege level 0 is the highest permission in a directory, 1 is secondary, and 2 is sub-secondary such as: commodity Management (0), product List (1), add products. Some people can view the product, but not necessarily delete the product
When a user accesses a page, the user's information is first obtained
The user's role information is obtained from the users table, for example, the manager ID is 1.
Now go to the role information table to get the permissions of the role
There is a permission ID that can be accessed, and the page has it. As long as you get the route of the page, as long as within my permissions, you can access, no longer show no permissions
So the Auth_path watch seems useless? The permission table is empty at the beginning
When we add permissions, we generate the ID and the name of the page.
And then give these permissions to the manager and the employee role, so they have the corresponding information in the table
Then define the roles of managers, employees, etc. for each employee ....
RBAC permission control based on thinkphp