The use of RBAC on TP

If you are a heavy user of TP, please automatically skip the author's following text

Rights Management I became a developer in 1.5, in contact with 2 kinds, one is the mathematical way such as our folder permissions 755 this way of permission management, this kind of binary rights management is shameless to introduce http://www.cnblogs.com/qfcndtt/ Archive/2012/08/03/2621713.html Here is also more detailed, but this approach is suitable for a relatively small number of permissions nodes of the system. is also very light.

The following formally began the thinkphp of the RBAC explained

Rbac.class.php in the Librar/org/util directory under the system directory

in config

Has an associated configuration file for RBAC

　　

Database, I take one of my current systems as an example

Roles table role

　　

User-corresponding Role table Role_user

　　

Nodes Table node

　　

Permissions table Access

　　

First, we analyze the more important methods in RBAC.

Saveaccesslist ($authId =null)

This saves the null value if you want to save the user's UID in $_session[c (' User_auth_key ') when the user logs in, and then save the permissions of the user's corresponding role in $_session[' _access_ List ']. There are 2 exceptions are not saved, one is an administrator user (this user is more special, so need to specify a $_session[c (' Admin_auth_key ') when the administrator logs on). A real-time authentication is turned on (Real-time authentication he is not to save the permissions of each permission to judge the time will regain access to the user)

CheckAccess ()

This is to determine whether the modules and methods accessed by the user Require permission authentication (this method does not need to be related to internal calls)

Checklogin ()

This method is to determine whether the user is logged in, if not logged in to jump to the specified path, the normal system will jump to the user login page

Accessdecision ()

This method is the key point of authority judgment here, because this method is to determine whether the user has access rights, the specific logic is to determine whether the need for permission authentication (checkAccess), and then to see if it is an administrator, if not the administrator to see if the real-time authentication is turned on, if it is open, Once again go to the user's permission list, and then to determine whether the access permissions in the array, if not open directly from $_session[' _access_list ') read judgment.

Getaccesslist ($AUTHID)

Personally, this is the most important method in this class. Specifically, the author still hope that the reader himself to see the code here, should be the core is that a few SQL statements, to do the role of inheritance, but I do the rights management, or the default to give up the function, feel not too convenient to expand.

/*********** Now I'll explain how to use this rbac*************/

1: In case of user login

The user logs on successfully, saves Authid, determines whether it is an administrator, and then calls Saveaccesslist to save permissions

　　

2: When the user accesses the system, we must do the authority to judge

First to determine whether the user is logged in, if not logged in to jump back to the login page

Then to determine whether the user has access permissions, if not a given AJAX or page access error mode

　　

See it is so simple, but I still recommend users, especially the developers often use TP, more to see the source code of these methods, after all, read the source code for personal promotion is very large.

The use of RBAC on TP