An idea of permission Control

Database Table Structure

()()()()()()

Suppose we use the MVC structure and access the corresponding modules, classes, and functions through URLs.

The first row in the table indicates an operation. title indicates the operation name. menu_id indicates the menu option, module indicates the module name (which can be skipped), class indicates the class name, and method indicates the function name.

In addition, we also need a user group table, which is roughly as follows:

The permission ID of the current user group saved in access_list (corresponding to the ID in the previous permission table)

Of course, we also need a user table to correspond to the user group table.

The user group corresponding to the user indicated by group_id

When we access a url, for example:

Http://testApp.test.com/index.php/module/testModule/testClass/testAction

Through route analysis, we get the corresponding data:

Module> testModule

Class-> testClass

Function> testAction

With the three parameters, we can find the data in the permission table and obtain a unique id value.

Then compare the data in access_list in the user group. If the data contains this id, the current user has the permissions for the current operation, and vice versa.

 

How can we control menu options and display them only when users have the right?

Because each operation in the permission table has a menu_id, that is, the menu option. We can find information about the user group that the current user belongs to, get the operation ID of the user's permissions, and then obtain the menu options of the user, in this way, the menu permissions of the current user are obtained.