Provides various official and user-released code examples. For code reference, you are welcome to exchange and learn simple descriptions of RBAC.
There are several methods for RBAC:
1. Authenticate () // authentication method to check whether the user model is passed in
You need to define USER_AUTH_MODEL in the configuration file. The general value is User. This is the name of your User table and is filled in according to the actual situation.
2. SaveAccessList ($ authId = null) // method used to detect user permissions and save it to the Session
3. GetRecordAccessList ($ authId = null, $ module = '') // obtain the access permission list of the record to which the module belongs. A record ID array with the permission is returned.
4. CheckAccess () // check whether authentication is required for the current operation
5. CheckLogin () // This is an important method to check whether a user logs on.
6. AccessDecision ($ appName = APP_NAME) // filter method for permission Authentication
7. GetAccessList ($ authId) // obtain the list of all permissions for the current authentication number
8. getModuleAccessList ($ authId, $ module) // read the record access permission of the module
The comments of official documents are more detailed and I will not repeat them here. This section describes the actual usage.
The first step I have mentioned is to create the relevant tables and configuration files, and then write the code. Here, we will add a configuration file parameter instance:
'User _ AUTH_ON '=> true, // enable authentication
'User _ AUTH_TYPE '=> 1, // use SESSION flag for USER Authentication
'User _ AUTH_KEY '=> 'authid', // sets the authentication SESSION tag name.
'Admin _ AUTH_KEY '=> 'admin', // indicates the administrator user
'User _ AUTH_MODEL '=> 'user', // verify the USER's table model u_user
'Auth _ PWD_ENCODER '=> 'md5', // user authentication password encryption method
'User _ AUTH_GATEWAY '=>'/Public/login', // Default Authentication Gateway
'Not _ AUTH_MODULE '=> 'public, Index', // default unauthenticated module 'a, B, C'
'Require _ AUTH_MODULE '=> '', // The default authentication module.
'Not _ AUTH_ACTION '=> '', // action that does NOT require authentication by default
'Require _ AUTH_ACTION '=> '', // the action to be authenticated by default
'Guest _ AUTH_ON '=> false, // whether to enable authorized access for visitors
'Est _ AUTH_ID '=> 0, // visitor tag
'Rbac _ ROLE_TABLE '=> 'Tao _ role', // role table
'Rbac _ USER_TABLE '=> 'Tao _ role_user', // role allocation table
'Rbac _ ACCESS_TABLE '=> 'Tao _ access', // permission Allocation Table
'Rbac _ NODE_TABLE '=> 'Tao _ node', // node table
You need to write the above configuration parameters in config. php In the conf folder.
Next, I will explain the RBAC verification process. First, the user accesses a page and the program determines whether it is public. Otherwise, the user jumps to the logon page. The logon is successful. Check whether you have access permissions. No permission error message is displayed. You can also click an operation or module to check whether you have the permission. In combination with the above class, the first step is to determine the access operation or the module is in the public access module group, or in the module group that does not need to be verified, check whether this module is in C ('not _ AUTH_MODULE '). If yes, you do NOT need to log on to the public group. Otherwise, you will be redirected to the logon page. Log on to the page and run the checkLogin method. After verification, the system jumps to the default homepage. The accessdemo-method is triggered when a user operates the link. In fact, this method internally calls the checkAccess method that checks the permission and has the permission to continue the operation without prompting an error. (Note: This is to first determine which user group the current user belongs to and then determine the permissions of the user group)
Basically, RBAC is such a process of use. Next lecture through the instance code instructions, do not understand add me QQ: 544828662, or go to my blog http://blog.kisscn.com message
AD: truly free, domain name + VM + enterprise mailbox = 0 RMB