/**
* Simple ACL permission control function
*
* Table Definition
*
* 1. Resource definition (RSID,ACCESS,DESC)
* 2. Role Definitions (ID,ROLENAME,DESC)
* 3. Resource-Role Association (RSID,ROLE_ID)
* 4. User-Role Association (USER_ID,ROLE_ID)
*
* Dependent db.php sqlobject.php
*
* @author vb2005xu.iteye.com
*/
Class Aclbase {
/**
* No one is allowed to visit
*/
Const NOBODY = 0;
/**
* Allow anyone to access
*/
Const EVERYONE = 1;
/**
* Allow users with roles to access
*/
Const HAS_ROLE = 2;
/**
* Allow users without roles to access
*/
Const NO_ROLE = 3;
/**
* Roles defined in resource-Role association can be accessed
*/
Const ALLOCATE_ROLES = 4;
Define the associated table name
Public $tbResources = ' aclresources ';
Public $tbRoles = ' aclroles ';
Public $tbRefResourcesRoles = ' aclresources_aclroles ';
Public $tbRefUsersRoles = ' users_aclroles ';
/**
* Format the access rights of the resource and return
*
* @return int
*/
static function Formataccessvalue ($access) {
Static $arr = Array (self::nobody,self::everyone,self::has_role,self::no_role,self::allocate_roles);
Return In_array ($access, $arr)? $access: Self::nobody;
}
/**
* Create resource, return resource record primary key
*
* @param string $rsid
* @param int $access
* @param string $desc
*
* @return int
*/
function Createresource ($rsid, $access, $desc) {
if (Emptyempty ($RSID)) return false;
$resource = Array (
' Rsid ' = $rsid,
' Access ' = Self::formataccessvalue ($access),
' desc ' = $desc,
' Created_at ' = Current_timestamp
);
Return Singletablecrud::insert ($this->tbresources, $resource);
}
/**
* Modify resources to return to success status
*
* @param array $resource
* @return int
*/
function Updateresource (array $resource) {
if (!isset ($resource [' Rsid ')) return false;
$resource [' updated_at '] = current_timestamp;
Return Singletablecrud::update ($this->tbresources, $resource, ' rsid ');
}
/**
* Delete Resources
*
* @param string $rsid
* @return int
*/
function Deleteresource ($RSID) {
if (Emptyempty ($RSID)) return false;
Return Singletablecrud::d elete ($this->tbresources,array (' rsid ' = $rsid));
}
/**
* Create role, return role record primary key
*
* @param string $rolename
* @param string $desc
*
* @return int
*/
function Createrole ($rolename, $desc) {
if (Emptyempty ($rolename)) return false;
$role = Array (
' RoleName ' = $rolename,
' desc ' = $desc,
' Created_at ' = Current_timestamp
);
Return Singletablecrud::insert ($this->tbroles, $role);
}
/**
* Modify roles to return to success status
*
* @param array $role
* @return int
*/
function Updaterole (array $role) {
if (!isset ($role [' ID ')]) return false;
if (Isset ($role [' rolename ')]) unset ($role [' rolename ']);
$role [' updated_at '] = current_timestamp;
Return Singletablecrud::update ($this->tbroles, $role, ' id ');
}
/**
* Remove Roles
*
* @param int $role _id
* @return int
*/
function DeleteRole ($role _id) {
if (Emptyempty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbroles,array (' role_id ' = = (int) $role _id));
}
/**
* Assign a role to a resource, remove all related records from the table and insert them each time
*
* @param int $rsid
* @param mixed $roleIds
* @param boolean $setNull whether to empty the resource from the associated table when the role ID does not exist
*/
function Allocaterolesforresource ($rsid, $roleIds, $setNull =false, $defaultAccess =-1) {
if (Emptyempty ($RSID)) return false;
$roleIds = Normalize ($roleIds, ', ');
if (Emptyempty ($roleIds)) {
if ($setNull) {
Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));
if ($defaultAccess! =-1) {
$defaultAccess = Self::formataccessvalue ($defaultAccess);
$this->updateresource (' rsid ' + $rsid, ' access ' = $defaultAccess));
}
return true;
}
return false;
}
Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));
$roleIds = Array_unique ($roleIds);
foreach ($roleIds as $role _id) {
Singletablecrud::insert ($this->tbrefresourcesroles,array (' rsid ' = $rsid, ' role_id ' = = (int) $role _id));
}
return true;
}
function Cleanrolesforresource ($RSID) {
if (Emptyempty ($RSID)) return false;
Return Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));
}
function Cleanresourcesforrole ($role _id) {
if (Emptyempty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbrefresourcesroles,array (' role_id ' = = (int) $role _id));
}
/**
* Assign resources to a role, remove all related records from the table and insert them each time
*
* @param int $role _id
* @param mixed $rsids
*
* @return Boolean
*/
function Allocateresourcesforrole ($role _id, $rsids) {
if (Emptyempty ($role _id)) return false;
$role _id = (int) $role _id;
$rsids = Normalize ($rsids, ', ');
if (Emptyempty ($rsids)) {
return false;
}
Singletablecrud::d elete ($this->tbrefresourcesroles,array (' role_id ' = $role _id));
$rsids = Array_unique ($rsids);
foreach ($rsids as $rsid) {
Singletablecrud::insert ($this->tbrefresourcesroles,array (' Rsid ' and $rsid, ' role_id ' + $role _id));
}
return true;
}
/**
* Assign roles to users, remove all related records from the table and insert them each time
*
* There may be performance issues when users are a lot ... How to optimize the back again
*
* @param int $user _id
* @param mixed $roleIds
*
* @return Boolean
*/
function Allocaterolesforuser ($user _id, $roleIds) {
if (Emptyempty ($user _id)) return false;
$user _id = (int) $user _id;
$rsids = Normalize ($rsids, ', ');
if (Emptyempty ($rsids)) {
return false;
}
Singletablecrud::d elete ($this->tbrefusersroles,array (' user_id ' = $user _id));
$roleIds = Array_unique ($roleIds);
foreach ($roleIds as $roleId) {
Singletablecrud::insert ($this->tbrefusersroles,array (' user_id ' = $user _id, ' role_id ' = $role _id));
}
return true;
}
function Cleanrolesforuser ($user _id) {
if (Emptyempty ($user _id)) return false;
Return Singletablecrud::d elete ($this->tbrefusersroles,array (' user_id ' = = (int) $user _id));
}
function Cleanusersforrole ($role _id) {
if (Emptyempty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbrefusersroles,array (' role_id ' = = (int) $role _id));
}
}
/**
* ACL check on resources
*
* @param string $rsid resource ID
* @param array $user Specific user, do not specify to verify the current user
*
* @return Boolean
*/
function aclverity ($rsid, array $user = null) {
if (Emptyempty ($RSID)) return false;
}
Java code
/*
* The verification steps are as follows:
*
* 1. Validate the resource itself first access property
* EVERYONE = True,nobody and False * other properties continue to verify below
* 2. Get the Role ID collection from the session (or User session table)
* 3. Has_role = True if the user has a role, No_role = False, or vice versa
* 4. If resource access = = Allocate_roles
* 1. Gets the collection of role IDs for the resource from the cache (or $tbrefresourcesroles)
* 2. To intersect the collection of role IDs owned by the user with the set of role IDs corresponding to the resource
* 3. Presence intersection = true; otherwise = False
*/
It took me half an hour to die.
http://www.bkjia.com/PHPjc/478723.html www.bkjia.com true http://www.bkjia.com/PHPjc/478723.html techarticle PHP code? PHP/** * Simple ACL permission control function * * Table definition * * 1. Resource definition (RSID,ACCESS,DESC) * 2. Role definition (ID,ROLENAME,DESC) * 3. Resource-Role Association (RSID,R ole_id ...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
