ThinkPHP5 ACL user permission module Usage Details, thinkphp5acl

ThinkPHP5 ACL user permission module Usage Details, thinkphp5acl

This document describes the usage of the thinkPHP5 ACL user permission module. We will share this with you for your reference. The details are as follows:

Thinkphp5 has recently been studied. It is completely different from the previous 3.x version. If you are a friend of thinkphp5, pay attention to the namespace idea.

A recently developed project, a detection management system, is switched to thinkphp5 for future API extension purposes. The user permission control module is completed today. I will mark this.

Database:

Role database table:

'Id' int (11) unsigned not null AUTO_INCREMENT, 'name' varchar (20) not null comment 'Role name', 'pid 'smallint (6) default null comment 'parent role id', 'rule_name' text comment' rule unique English identifier, all lowercase ', 'type' varchar (50) DEFAULT ''comment' permission rule category. Add the application prefix, such as admin _ 'and 'status' tinyint (1) unsigned default null comment' status ', 'remark' varchar (255) default null comment' COMMENT ', 'create _ time' int (11) unsigned not null default '0' comment' creation time ', 'Update _ time' int (11) unsigned not null default '0' COMMENT 'Update time', 'storder' int (3) not null default '0' comment' sorting field ',

Auth_rule database table:

'Id' mediumint (8) unsigned not null AUTO_INCREMENT COMMENT 'Rule id, auto-incrementing primary key', 'module' varchar (20) not null comment 'Rule's module ', 'type' varchar (30) not null default '1' comment' permission rule category. Add the application prefix, such as admin _ 'and 'name' varchar (255) not null default ''comment' rules are uniquely identified in English, all in lower case, 'param' varchar (255) default null comment' additional url parameter, 'title' varchar (20) not null default ''comment' Rule Chinese description ', 'status' tinyint (1) not null default '1' comment' is valid (0: Invalid, 1: Valid )', 'condition' varchar (300) not null default ''comment' rule appending condition ',

Add the following content to the user table:

'Pools 'varchar (20) DEFAULT ''comment' permission pool ', 'roleid' smallint (5) not null default '0' comment' permission id ',

The Code is as follows:

Public Library file for iAuth. php permission Authentication

Class iAuth {public $ user = null; // default value: protected $ _ config = array (); public function _ construct () {}/*** check permission * @ param name string | list of rules to be verified by array, you can use a comma-separated permission rule or an index array * @ param uid int to authenticate the user's id * @ param relation string. If it is set to 'or', any rule is verified; if it is 'and', it indicates that all rules must be met before verification * @ return boolean is passed. true is returned if verification fails. */public function check ($ uid, $ name, $ relation = 'or') {if (empty ($ uid) {return false;} if ($ Uid = 1) {return true;} if (is_string ($ name) {$ name = strtolower ($ name); if (strpos ($ name ,',')! = False) {$ name = explode (',', $ name);} else {$ name = array ($ name) ;}}$ list = array (); // Save the rule name that passes verification // get user information $ this-> getUserInfo ($ uid); // get user information, one-dimensional array $ groups = $ this-> user ['roleid']; if (in_array (1, $ groups) {return true;} if (empty ($ groups )) {return false;} $ rules = self: get_rules ($ this-> user ['roleid']); if (in_array ($ name, $ rules )) {return true;} return false;}/*** obtain user information */private funct Ion getUserInfo (& $ uid) {if (! Isset ($ this-> user) {$ user = new Users ($ uid); $ this-> user = $ user-> fields ;} return $ this-> user;}/*** obtain verification rules * @ param int $ id */public static function get_rules ($ id) {if (empty ($ id )) return false; $ rules = Cache: get (self: $ cache_prefix. $ id); if (empty ($ rules) {$ model = Db: name ('role'); $ model-> where ('id', $ id ); $ rules = $ model-> find (); $ rules ['Rule _ name'] = explode (',', strtolower ($ rules ['Rule _ name']); // set Cache: set (self: $ cache_prefix, $ rules);} return $ rules ;}}

Common. php Common function library

/*** Check user ID ** @ param name string | list of rules to be verified by array, supports comma-separated permission rules or index arrays * @ param uid int to authenticate the user's id */function sp_auth_check ($ uid, $ name = null) {if (empty ($ uid )) return false; if (empty ($ name) {$ name = strtolower (MODULE_NAME. "/". CONTROLLER_NAME. "/". ACTION_NAME) ;}$ iAuth_obj = new \ app \ Common \ Lib \ iAuth (); return $ iAuth_obj-> check ($ uid );}

AdminbaseController. php parent controller class for background management

Class AdminbaseController extends Controller {public $ uid = 0; // user instance public $ userObj = null;/*** constructor * Adminbase. */public function _ construct () {parent ::__ construct ();} public function _ initialize () {$ this-> uid = Session :: read ('adminid'); if (! Empty ($ this-> uid) {// check that you have logged on to $ this-> userObj = Db: name ('users')-> where ('uid ', $ this-> uid)-> find (); if (! $ This-> check_access ($ this-> uid) {$ this-> error ("You have no access permission! ", Url: build ('admin/index/login'); exit () ;}$ this-> assign ('admin', $ this-> userObj );} else {// $ this-> error ("You have not logged on! ", Url: build ('admin/index/login'); exit ();}} /*** check permission ** @ param $ uid */private function check_access (& $ uid) {if ($ uid = 1) {// super administrator return true ;} $ request = Request: instance (); // If the account is not in this application pool, it does not pass $ pools = explode (',', $ this-> userObj ['pools ']); if (! In_array (strtolower ($ request-> module (), $ pools) return false; $ rule = $ request-> module (). '_'. $ request-> controller (). '_'. $ request-> action (); $ no_need_check_rules = Config: get ('inc _ auth. no_need_check_rules '); if (! In_array (strtolower ($ rule), $ no_need_check_rules) {// return sp_auth_check ($ uid);} else {return true ;}}}

Inc_auth.php authentication configuration file

$config['no_need_check_rules'] = array('admin_index_index','admin_index_login');