Examples of ThinkPHP RBAC Official Website

I always wanted to learn RBAC, read the examples on the official website, and Baidu. I didn't find a suitable tutorial. So I can only study it myself. Let's take the example on the official website.

Think_access table

The function is to check whether a group has the permission to access methods under a module or to access a module. This table has only one pid field and you can add it yourself.

Think_node table, node table

The function is to add all required modules and methods under the module for management. You can also directly read the functions as background navigation.

The name field is the module and method name, such as the Index module and index method,

Pid, the parent id of this module or method,

Level, level. Generally, the project name is 1, the module is 2, and the method is 3.

Normally, add the project name, pid is 0, level is 1, and status must be 1.

Generally, there is a default Index module, and the Index module has the default index method,

Therefore, insert Index, pid is the id of the project name, level is 2, then insert index, pid is the module id, level is 3.

Table whose think_role is a group

Think_user (self-built, you can use another name, remember to change it in the configuration file), user table

Think_role_user is the association between user tables and group tables.

Next, create IndexAction, PublicAction, and CommonAction under Lib.

Copy the content in config. php under Conf In the RBAC example on the official website to your project,

All RBAC configurations

'User _ AUTH_ON '=> true,

'User _ AUTH_TYPE '=> 2, // Default Authentication Type 1 logon authentication 2 Real-Time Authentication

'User _ AUTH_KEY '=> 'authid', // USER Authentication SESSION tag

'Admin _ AUTH_KEY '=> 'admin ',

'User _ AUTH_MODEL '=> 'user', // The data table model is verified by default. If the USER table name is not a User, modify it by yourself.

'Auth _ PWD_ENCODER '=> 'md5', // user authentication password encryption method

'User _ AUTH_GATEWAY '=>'/Public/login', // default authenticated Gateway

'Not _ AUTH_MODULE '=> 'public', // no authentication module is required by default.

'Require _ AUTH_MODULE '=> '', // The authentication module is required by default.

'Not _ AUTH_ACTION '=> '', // no authentication is required by default.

'Require _ AUTH_ACTION '=> '', // authentication is required by default.

'Guest _ AUTH_ON '=> false, // whether to enable authorized access for visitors

'Est _ AUTH_ID '=> 0, // user ID of the visitor

'Db _ LIKE_FIELDS '=> 'title | remark ',

'Rbac _ ROLE_TABLE '=> 'think _ role ',

'Rbac _ USER_TABLE '=> 'think _ role_user ',

'Rbac _ ACCESS_TABLE '=> 'think _ access ',

'Rbac _ NODE_TABLE '=> 'think _ node ',

Then add

Function _ initialize (){

Import ('@. ORG. Util. cooker ');

// Check User Permissions

If (C ('user _ AUTH_ON ')&&! In_array (MODULE_NAME, explode (',', C ('not _ AUTH_MODULE ')))){

Import ('@. ORG. Util. RBAC ');

If (! RBAC: accessdemo ()){

// Check the authentication ID

If (! $ _ SESSION [C ('user _ AUTH_KEY ')]) {

// Jump to the authentication Gateway

Redirect (PHP_FILE. C ('user _ AUTH_GATEWAY '));

}

// No permission to throw an error

If (C ('rbac _ ERROR_PAGE ')){

// Permission definition error page

Redirect (C ('rbac _ ERROR_PAGE '));

} Else {

If (C ('guest _ AUTH_ON ')){

$ This-> assign ('jumpurl', PHP_FILE. C ('user _ AUTH_GATEWAY '));

}

// Error message

$ This-> error (L ('_ VALID_ACCESS _'));

}

}

}

To put it bluntly, check for permitted logon and access.

Then IndexAction inherits CommonAction

By default, if you do not have the logon permission or do not have the permission, you will be redirected to Public/login. For Public, refer to the example on the official website ~ It should be okay.

The most important thing is that the relationship between the access table and the node table should be clarified, as well as the relationship between the role, role_user, and user tables. It's actually that simple. If you have any questions, add group 252799167 to join us for discussion and discussion.

This article is from the "Thunder" blog, please be sure to keep this source http://a3147972.blog.51cto.com/2366547/1213321