thinkphp RABC Permissions Summary

Tonight, the authority of the thinkphp to understand the distribution, the burden of the heart immediately put down, feel that cool ah! Record a little bit.

Background: CMS system development (17DO).

Project group: admin (Background management), Home (foreground display).
The admin group contains manageraction, Useractin, articleaction three controllers

Part I: Table relationship correspondence (arrows refer to data sources)

The table structure is created according to the structure of RBAC.

Define the result: stationmaster 1 can access the project user and the article all the operation, the Administrator 3 can only to the article module operation cannot access the user module.

Part II: Project configuration
The project's config.php file is added

Permission Assignment settings
' user_auth_on ' =>true,//whether certification is required
' User_auth_type ' =>1,//authentication type
' User_auth_key ' = ' userId ',//Authentication identification number
' User_auth_model ' = ' user ',//model instance (user table name)
' Require_auth_module ' = ' User ',//requires authentication module
' Not_auth_module ' = ' and ',//No authentication module required
' User_auth_gateway ' = '/public/login ',//Authentication Gateway
RBAC_DB_DSN Database Connection DSN
' rbac_role_table ' = ' do_role ',//Role table name
' rbac_user_table ' = ' do_role_user ',//user and role correspondence table name
' rbac_access_table ' = ' do_access ',//Rights Assignment table name
' rbac_node_table ' = ' do_node ',//permission table name

Part III: Permission information written to the controller

Publicfunction CheckUser () {
form data cannot be empty
if ($this->_post (' username ') && $this->_post (' password ') && $this->_post (' Verifycode ')} {
$pwd = $this->_post (' password ');
$username = $this->_post (' username ');
Verify that the code is correct
$verify = $this->_post (' Verifycode ');
if ($this->_session (' verify ')! = MD5 ($verify)) {
$this->error ("Captcha error");
}else{
To create a database object
$user =m (' user ');
Query by user name
$cond [' username ']= $username;
$cond [' Active ']=array (' GT ', 0);
Load RBAC Classes
Import (' ORG. Util.rbac ');
Read user information via authenticate
$result =rbac::authenticate ($cond);
Dump ($result);
if ($result) {
if ($result [' Password ']==md5 ($pwd)) {
$_session[c (' User_auth_key ')]= $result [' id '];
$_session["Name"]= $result [' name '];
Using Saveaccesslist Cache access permissions
Rbac::saveaccesslist ();
$this->display (' Manager:index ');
}else{
$this->error ("User password error");
}
}else{
$this->error ("User name does not exist or has been disabled");
}

}

Part IV: Creating a validation permission controller

Class Commonaction extends action{

The _initialize () method is an entry method provided by thinkphp, similar to the __condition () constructor in the original PHP. All public information can be stored.
Function_initialize () {
Determine if authentication is turned on, and the current module needs to be validated
if (c (' user_auth_on ') &&!in_array (module_name, Explode (', ', C (' Not_auth_module '))) {
Import the Rbac class and start validating
Import (' ORG. Util.rbac ');
Obtaining permission information through Accessdecision
if (! Rbac::accessdecision ()) {
Code that needs to be executed without obtaining permission information
1. User not logged in
if (!$_session[c (' User_auth_key ')]) {
$url = U (' Public/login ');
$this->error ("You are not logged in cannot access", $url);
}
$this->error ("You do not have permission to operate");
}
}
}
}

Part V: Verifying controller invocation

As long as the controller that requires permission validation inherits Commonaction, yes!

Login with Admin account can be accessed normally

Unable to access user list page after login with Xiaoxiao account

thinkphp RABC Permissions Summary