Thinkphp RBAC Implementation principle

RBAC is an abbreviation of English role-based access control and a mechanism for controlling role-based access. It means setting a role for each user and then judging the user's permissions based on the role.

This is a simple summary of the thinkphp-based MVC pattern (thinkphp access is controlled by both the module and the operating section).

RBAC is generally composed of five tables, namely:

1. User tables

2. User Group table

3. Module table

4. Method table

5. User groups-Method table

As shown

When a user accesses a page, it is possible to get the ID of the current user through the session through the Thinkphp system constants module_name and Action_name.

Let all the modules of the site inherit one aclaction, while Aclaction inherits to the action.

Defining an initialization function in aclaction public function _initialize () {}, which means that the function is executed when a user accesses any page on the Web site.

In the Initialize () function, get the user ID, ModuleName, actionname, through the user ID database query to obtain the user group ID, the user group ID, modulename, actionname to the database in a long table connection query, Find Group-action-action-module in the presence of Groupip, ModuleID, ActionId Records, if there is the user has access to the current page, otherwise, the use of thinkphp built-in function $ This->error () to make a reminder and jump to the landing page.

At this point, the entire RBAC permissions to control the process of completion, the user rights authentication completed.

Thinkphp RBAC Implementation principle