1. Write at the front
Recently I wanted to write a simple thing about permission handling, and I've learned that bit operations with binary numbers can do this very well. On the binary number of bit operations, the common is "or, and, not" the three simple operations, of course, I also looked at the next PHP manual, there are "XOR, left shift, right shift," the three operations. Remember in junior high school when the math teacher began to nag, and I do not want this operation to make additional explanations, directly into the topic.
2. How to define Permissions
The permissions are defined by a value of 2 N, and so on. Why do you define this? This definition guarantees that there is only one 1 in each permission value (binary), and that it corresponds to exactly one permission. Like what:
Copy CodeThe code is as follows:
Define (' ADD ', 1); Increase permissions
Define (' UPD ', 2); Modify Permissions
Define (' SEL ', 4); Find permissions
Define (' DEL ', 8); Delete permissions
3. Permission actions
Permission operations actually involve the concept of "role". Permission operations are done by giving a role a certain permission, prohibiting certain permissions, and detecting whether a role has some kind of permission. Relative to these three operations. It can be conveniently implemented with the operation of binary number.
Copy CodeThe code is as follows:
Give a certain permission to use the bitwise OR operator
$a _access = ADD | UPD | SEL | DEL; A has the ability to delete and change the check
$b _access = ADD | UPD | SEL; B has the right to increase the change check
$c _access = ADD | UPD; C has the privilege of adding changes
Disallow certain permissions with the bitwise AND and bitwise NON operators
$d _access = $c _access & ~upd; D has only increased permissions
Detect whether you have a permission to use the bitwise AND operator
Var_dump ($b _access & ADD); 1 on behalf of B has increased permissions
Var_dump ($b _access & DEL); 0 on behalf of B does not have permission to delete
4. Implement simple permission classes and role classes
Using the above permissions operation method, you can simply encapsulate a permission class and a role class.
Copy CodeThe code is as follows:
/**
* Simple Permission class
*/
Class Peak_auth {
/**
* Permission Class counter
* function is to generate permission values
*
* @var int
*/
protected static $authCount = 0;
/**
* Permission Name
*
* @var String
*/
protected $authName;
/**
* Permission Details
*
* @var String
*/
protected $authMessage;
/**
* Permission value
*
* @var int 2 n-th square
*/
protected $authValue;
/**
* Constructor function
* Initialize permission names, permissions details, and permission values
*
* @param string $authName permission name
* @param string $authMessage permission details
*/
Public function __construct ($authName, $authMessage = ") {
$this->authname = $authName;
$this->authmessage = $authMessage;
$this->authvalue = 1 << self:: $authCount;
Self:: $authCount + +;
}
/**
* This class does not allow object copy operations
*/
Private Function __clone () {
}
/**
* Set Permissions Details
*
* @param string $authMessage
*/
Public Function Setauthmessage ($authMessage) {
$this->authmessage = $authMessage;
}
/**
* Get permission Name
*
* @return String
*/
Public Function Getauthname () {
return $this->authname;
}
/**
* Get permission values
*
* @return int
*/
Public Function Getauthvalue () {
return $this->authvalue;
}
/**
* Get permission Details
*
* @return String
*/
Public Function Getauthmessage () {
return $this->authmessage;
}
}
/**
* Simple Character class
*
* @author 27_man
*/
Class Peak_role {
/**
* Role Name
*
* @var String
*/
protected $roleName;
/**
* Role-owned permission values
*
* @var int
*/
protected $authValue;
/**
* Parent Role Object
*
* @var Peak_role
*/
protected $parentRole;
/**
* Constructor function
*
* @param string $roleName role name
* @param peak_role $parentRole Parent Role Object
*/
Public function __construct ($roleName, peak_role $parentRole = null) {
$this->rolename = $roleName;
$this->authvalue = 0;
if ($parentRole) {
$this->parentrole = $parentRole;
$this->authvalue = $parentRole->getauthvalue ();
}
}
/**
* Get permissions for the parent role
*/
protected function Fetchparenauthvalue () {
if ($this->parentrole) {
$this->authvalue |= $this->parentrole->getauthvalue ();
}
}
/**
* Give some kind of permission
*
* @param peak_auth $auth
* @return Peak_role for chain operation
*/
Public function allow (Peak_auth $auth) {
$this->fetchparenauthvalue ();
$this->authvalue |= $auth->getauthvalue ();
return $this;
}
/**
* Block a certain kind of permission
*
* @param peak_auth $auth
* @return Peak_role for chain operation
*/
Public function deny (Peak_auth $auth) {
$this->fetchparenauthvalue ();
$this->authvalue &= ~ $auth->getauthvalue ();
return $this;
}
/**
* Detect if you have some kind of permission
*
* @param peak_auth $auth
* @return Boolean
*/
Public Function Checkauth (Peak_auth $auth) {
Return $this->authvalue & $auth->getauthvalue ();
}
/**
* Get permission values for a role
*
* @return int
*/
Public Function Getauthvalue () {
return $this->authvalue;
}
}
5. Examples of simple operations on permission classes and role classes
Copy CodeThe code is as follows:
Create three permissions: Readable, writable, executable
$read = new Peak_auth (' CanRead ');
$write = new Peak_auth (' CanWrite ');
$exe = new Peak_auth (' Canexe ');
Create a role User
$user = new Peak_role (' user ');
Create another role Admin, who has all the permissions of User
$admin = new Peak_role (' admin ', $user);
Give User-readable, writable permissions
$user->allow ($read)->allow ($write);
Give Admin permission to execute, plus he has User privileges
$admin->allow ($exe);
Disable the writable permission of Admin
$admin->deny ($write);
Detect if Admin has some kind of permission
Var_dump ($admin->checkauth ($read));
Var_dump ($admin->checkauth ($write));
Var_dump ($admin->checkauth ($exe));
http://www.bkjia.com/PHPjc/327987.html www.bkjia.com true http://www.bkjia.com/PHPjc/327987.html techarticle 1. Write in front of the most recently want to write a simple thing about permission handling, I have also learned that using binary number of bit operations can do a good job. Bit about binary number ...
