Implementing a simple ACL completion in PHP _php tutorial

Source: Internet
Author: User
Copy CodeThe code is as follows:
--ACL Tables
--The structure of the table ' Aclresources '
DROP TABLE IF EXISTS ' aclresources ';
CREATE TABLE IF not EXISTS ' aclresources ' (
' Rsid ' varchar (+) not NULL,
' Access ' int (4) is not NULL for default 0,
' desc ' varchar (+) not NULL default ' ',
' Created_at ' int (ten) unsigned not NULL default 1,
' Updated_at ' int (ten) unsigned not NULL default 0,
PRIMARY KEY (' Rsid ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' Aclroles '
DROP TABLE IF EXISTS ' aclroles ';
CREATE TABLE IF not EXISTS ' Aclroles ' (
' id ' int (ten) unsigned not NULL auto_increment,
' rolename ' varchar (+) not NULL,
' desc ' varchar (+) not NULL default ' ',
' Created_at ' int (ten) unsigned not NULL default 1,
' Updated_at ' int (ten) unsigned not NULL default 0,
PRIMARY KEY (' id '),
UNIQUE KEY ' rolename ' (' rolename ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' Ref_aclresources_aclroles '
DROP TABLE IF EXISTS ' ref_aclresources_aclroles ';
CREATE TABLE IF not EXISTS ' Ref_aclresources_aclroles ' (
' Rsid ' varchar (+) not NULL,
' role_id ' int (ten) unsigned not NULL,
PRIMARY KEY (' Rsid ', ' role_id ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' Ref_users_aclroles '
DROP TABLE IF EXISTS ' ref_users_aclroles ';
CREATE TABLE IF not EXISTS ' Ref_users_aclroles ' (
' user_id ' int (ten) unsigned not NULL auto_increment,
' role_id ' int (ten) unsigned not NULL,
PRIMARY KEY (' user_id ', ' role_id ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' users '
DROP TABLE IF EXISTS ' users ';
CREATE TABLE ' users ' (
' id ' int (ten) unsigned not NULL auto_increment,
' Email ' varchar (+) not NULL,
' Password ' varchar (+) not NULL,
' Nickname ' varchar (+) not NULL default ' ',
' Roles ' varchar (+) not NULL default ' ',
' Created_at ' int (ten) unsigned not NULL default 1,
' Updated_at ' int (ten) unsigned not NULL default 0,
PRIMARY KEY (' id '),
UNIQUE KEY ' user_email ' (' email ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;

PHP class
Copy CodeThe code is as follows:
/**
* Simple ACL permission control function
*
* Table Definition
*
* 1. Resource definition (RSID,ACCESS,DESC,CREATED_AT,UPDATED_AT)
* 2. Role Definitions (ID,ROLENAME,DESC,CREATED_AT,UPDATED_AT)
* 3. Resource-Role Association (RSID,ROLE_ID)
* 4. User-Role Association (USER_ID,ROLE_ID)
*
* Dependent db.php sqlobject.php
*
* @author vb2005xu.iteye.com
*/
Class Aclbase {
---ACL access authorization

/**
* No one is allowed to visit
*/
Const NOBODY = 0;

/**
* Allow anyone to access
*/
Const EVERYONE = 1;

/**
* Allow users with roles to access
*/
Const HAS_ROLE = 2;

/**
* Allow users without roles to access
*/
Const NO_ROLE = 3;
/**
* Roles defined in resource-Role association can be accessed
*/
Const ALLOCATE_ROLES = 4;

Define the associated table name
Public $tbResources = ' aclresources ';
Public $tbRoles = ' aclroles ';
Public $tbRefResourcesRoles = ' ref_aclresources_aclroles ';
Public $tbRefUsersRoles = ' ref_users_aclroles ';

/**
* Format the access rights of the resource and return
*
* @return int
*/
static function Formataccessvalue ($access) {
Static $arr = Array (self::nobody,self::everyone,self::has_role,self::no_role,self::allocate_roles);
Return In_array ($access, $arr)? $access: Self::nobody;
}

/**
* Create resource, return resource record primary key
*
* @param string $rsid
* @param int $access
* @param string $desc
*
* @return int
*/
function Createresource ($rsid, $access, $desc) {
if (empty ($rsid)) return false;

$resource = Array (
' Rsid ' = $rsid,
' Access ' = Self::formataccessvalue ($access),
' desc ' = $desc,
' Created_at ' = Current_timestamp
);

Return Singletablecrud::insert ($this->tbresources, $resource);
}

/**
* Modify resources to return to success status
*
* @param array $resource
* @return int
*/
function Updateresource (array $resource) {
if (!isset ($resource [' Rsid ')) return false;

$resource [' updated_at '] = current_timestamp;

Return Singletablecrud::update ($this->tbresources, $resource, ' rsid ');
}

/**
* Delete Resources
*
* @param string $rsid
* @return int
*/
function Deleteresource ($RSID) {
if (empty ($rsid)) return false;
Return Singletablecrud::d elete ($this->tbresources,array (' rsid ' = $rsid));
}

/**
* Create role, return role record primary key
*
* @param string $rolename
* @param string $desc
*
* @return int
*/
function Createrole ($rolename, $desc) {
if (empty ($rolename)) return false;

$role = Array (
' RoleName ' = $rolename,
' desc ' = $desc,
' Created_at ' = Current_timestamp
);

Return Singletablecrud::insert ($this->tbroles, $role);
}

/**
* Modify roles to return to success status
*
* @param array $role
* @return int
*/
function Updaterole (array $role) {
if (!isset ($role [' ID ')]) return false;

if (Isset ($role [' rolename ')]) unset ($role [' rolename ']);
$role [' updated_at '] = current_timestamp;

Return Singletablecrud::update ($this->tbroles, $role, ' id ');
}

/**
* Remove Roles
*
* @param int $role _id
* @return int
*/
function DeleteRole ($role _id) {
if (Empty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbroles,array (' role_id ' = = (int) $role _id));
}

/**
* Assign a role to a resource, remove all related records from the table and insert them each time
*
* @param int $rsid
* @param mixed $roleIds
* @param boolean $setNull whether to empty the resource from the associated table when the role ID does not exist
*/
function Allocaterolesforresource ($rsid, $roleIds, $setNull =false, $defaultAccess =-1) {
if (empty ($rsid)) return false;

$roleIds = Normalize ($roleIds, ', ');
if (empty ($roleIds)) {
if ($setNull) {
Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));

if ($defaultAccess! =-1) {
$defaultAccess = Self::formataccessvalue ($defaultAccess);
$this->updateresource (' rsid ' + $rsid, ' access ' = $defaultAccess));
}
return true;
}
return false;
}

Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));

$roleIds = Array_unique ($roleIds);

foreach ($roleIds as $role _id) {
Singletablecrud::insert ($this->tbrefresourcesroles,array (' rsid ' = $rsid, ' role_id ' = = (int) $role _id));
}
return true;
}

function Cleanrolesforresource ($RSID) {
if (empty ($rsid)) return false;
Return Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));
}

function Cleanresourcesforrole ($role _id) {
if (Empty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbrefresourcesroles,array (' role_id ' = = (int) $role _id));
}

/**
* Assign resources to a role, remove all related records from the table and insert them each time
*
* @param int $role _id
* @param mixed $rsids
*
* @return Boolean
*/
function Allocateresourcesforrole ($role _id, $rsids) {
if (Empty ($role _id)) return false;

$role _id = (int) $role _id;
$rsids = Normalize ($rsids, ', ');
if (empty ($rsids)) {
return false;
}

Singletablecrud::d elete ($this->tbrefresourcesroles,array (' role_id ' = $role _id));

$rsids = Array_unique ($rsids);

foreach ($rsids as $rsid) {
Singletablecrud::insert ($this->tbrefresourcesroles,array (' Rsid ' and $rsid, ' role_id ' + $role _id));
}
return true;
}

/**
* Assign roles to users, remove all related records from the table and insert them each time
*
* There may be performance issues when users are a lot ... How to optimize the back again
*
* @param int $user _id
* @param mixed $roleIds
*
* @return Boolean
*/
function Allocaterolesforuser ($user _id, $roleIds) {
if (Empty ($user _id)) return false;

$user _id = (int) $user _id;
$roleIds = Normalize ($roleIds, ', ');
if (empty ($roleIds)) {
return false;
}

Singletablecrud::d elete ($this->tbrefusersroles,array (' user_id ' = $user _id));

$roleIds = Array_unique ($roleIds);

foreach ($roleIds as $roleId) {
Singletablecrud::insert ($this->tbrefusersroles,array (' user_id ' = $user _id, ' role_id ' = $role _id));
}
return true;
}

/**
* Clear the user's role information
*
* @param int $user _id
*
* @return Boolean
*/
function Cleanrolesforuser ($user _id) {
if (Empty ($user _id)) return false;
Return Singletablecrud::d elete ($this->tbrefusersroles,array (' user_id ' = = (int) $user _id));
}

/**
* Clear user associations for roles
*
* @param int $role _id
*
* @return Boolean
*/
function Cleanusersforrole ($role _id) {
if (Empty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbrefusersroles,array (' role_id ' = = (int) $role _id));
}

}

The code for the specific test is as follows:
Copy CodeThe code is as follows:
/**
* ACL check on resources
*
* @param string $rsid resource ID
* @param array $user Specific user, do not specify to verify the current user
*
* @return Boolean
*/
function aclverity ($rsid, array $user = null) {

if (empty ($rsid)) return false;
if (! Coreapp:: $DEFAULTACL) {
Coreapp:: $defaultAcl = new Aclflat ();
}

$rsRow = Aclgetresource ($RSID);

Default access policy for resources not defined
if (! $rsRow) return false;

Coreapp::writelog ($rsRow, ' test ');

$rsRow [' access '] = Aclbase::formataccessvalue ($rsRow [' access ']);

Allow anyone to access
if (Aclbase::everyone = = $rsRow [' Access ']) return true;

No one is allowed to access
if (aclbase::nobody = = $rsRow [' Access ']) return false;

Get user Information
if (empty ($user)) $user = Isset ($_session[' Si-sysuser ')? $_session[' si-sysuser ': null;

User is not logged in, as no access rights
if (empty ($user)) return false;

$user [' roles '] = Empty ($user [' roles '])? Null:normalize ($user [' Roles '], '; ');

$userHasRoles =!empty ($user [' roles ']);

/**
* Allow users without roles to access
*/
if (aclbase::no_role = = $rsRow [' Access ']) return $userHasRoles? False:true;

/**
* Allow users with roles to access
*/
if (aclbase::has_role = = $rsRow [' Access ']) return $userHasRoles? True:false;

---resource <-> role verification for users
if ($userHasRoles) {
foreach ($user [' roles '] as $role _id) {
if (Aclgetrefresourcesroles ($rsid, $role _id))
return true;
}
Dump ($user);
}
return false;
}

Copy CodeThe code is as follows:
/**
* ACL check on resources
*
* @param string $rsid resource ID
* @param array $user Specific user, do not specify to verify the current user
*
* @return Boolean
*/
function aclverity ($rsid, array $user = null) {

if (empty ($rsid)) return false;
if (! Coreapp:: $DEFAULTACL) {
Coreapp:: $defaultAcl = new Aclflat ();
}

$rsRow = Aclgetresource ($RSID);

Default access policy for resources not defined
if (! $rsRow) return false;

Coreapp::writelog ($rsRow, ' test ');

/*
* The verification steps are as follows:
*
* 1. Validate the resource itself first access property
* EVERYONE = True,nobody and False * other properties continue to verify below
* 2. Get the Role ID collection from the session (or User session table)
* 3. Has_role = True if the user has a role, No_role = False, or vice versa
* 4. If resource access = = Allocate_roles
* 1. Gets the collection of role IDs for the resource from the cache (or $tbRefResourcesRoles)
* 2. To intersect the collection of role IDs owned by the user with the set of role IDs corresponding to the resource
* 3. Presence intersection = true; otherwise = False
*/

$rsRow [' access '] = Aclbase::formataccessvalue ($rsRow [' access ']);

Allow anyone to access
if (Aclbase::everyone = = $rsRow [' Access ']) return true;

No one is allowed to access
if (aclbase::nobody = = $rsRow [' Access ']) return false;

Get user Information
if (empty ($user)) $user = Isset ($_session[' Si-sysuser ')? $_session[' si-sysuser ': null;

User is not logged in, as no access rights
if (empty ($user)) return false;

$user [' roles '] = Empty ($user [' roles '])? Null:normalize ($user [' Roles '], '; ');

$userHasRoles =!empty ($user [' roles ']);

/**
* Allow users without roles to access
*/
if (aclbase::no_role = = $rsRow [' Access ']) return $userHasRoles? False:true;

/**
* Allow users with roles to access
*/
if (aclbase::has_role = = $rsRow [' Access ']) return $userHasRoles? True:false;

---resource <-> role verification for users
if ($userHasRoles) {
foreach ($user [' roles '] as $role _id) {
if (Aclgetrefresourcesroles ($rsid, $role _id))
return true;
}
Dump ($user);
}
return false;
}
/**
* Regenerate role resource access control table
*
* @param string $actTable ACL table name
* @param boolean $return whether to return the list of rebuilds
*
* @return Mixed
*/
function Aclrebuildact ($actTable, $return = False) {
if (empty ($actTable)) return false;

Global $globalConf;
$rst = null;
$cacheId = null;

Switch ($actTable) {
Case Coreapp:: $DEFAULTACL->tbresources:
$cacheId = ' acl-resources ';
$rst = Singletablecrud::findall (coreapp:: $defaultAcl->tbresources);
Turn into a hash table structure
if ($rst) {
$rst = Array_to_hashmap ($rst, ' rsid ');
}
Break
Case Coreapp:: $DEFAULTACL->tbroles:
$cacheId = ' acl-roles ';
$rst = Singletablecrud::findall (coreapp:: $defaultAcl->tbroles);
Turn into a hash table structure
if ($rst) {
$rst = Array_to_hashmap ($rst, ' id ');
}
Break
Case Coreapp:: $DEFAULTACL->tbrefresourcesroles:
$cacheId = ' acl-roles_has_resources ';
$rst = Singletablecrud::findall (coreapp:: $defaultAcl->tbrefresourcesroles);
if ($rst) {
$_ = Array ();
foreach ($rst as $row) {
$ref _id = "{$row [' rsid ']}<-|->{$row [' role_id ']}";
$_[$ref _id] = $row;
}
Unset ($rst);
$rst = $_;
}
Break
}

if ($cacheId)
Writecache ($globalConf [' Runtime '] [' cachedir '], $cacheId, $rst, true);

if ($return) return $rst;
}
/**
* Get Role Resource access control table data
*
* @param string $actTable ACL table name
*
* @return Mixed
*/
function Aclgetact ($actTable) {
if (empty ($actTable)) return false;

Static $rst = Array ();

$cacheId = null;

Switch ($actTable) {
Case Coreapp:: $DEFAULTACL->tbresources:
$cacheId = ' acl-resources ';
Break
Case Coreapp:: $DEFAULTACL->tbroles:
$cacheId = ' acl-roles ';
Break
Case Coreapp:: $DEFAULTACL->tbrefresourcesroles:
$cacheId = ' acl-roles_has_resources ';
Break

}

if (! $cacheId) return null;

if (Isset ($rst [$cacheId])) return $rst [$cacheId];

Global $globalConf;
900
$rst [$cacheId] = GetCache ($globalConf [' Runtime '] [' cachedir '], $cacheId, 0);
if (! $rst [$cacheId]) {
$rst [$cacheId] = Aclrebuildact ($actTable, true);
}

return $rst [$cacheId];
}
/**
* Get resource records
*
* @param string $rsid
*
* @return Array
*/
function Aclgetresource ($RSID) {
static $rst = null;
if (! $rst) {
$rst = Aclgetact (coreapp:: $defaultAcl->tbresources);
if (! $rst) $rst = Array ();
}
return Isset ($rst [$rsid])? $rst [$RSID]: null;
}
/**
* Get Role Records
*
* @param int $role _id
*
* @return Array
*/
function Aclgetrole ($role _id) {
static $rst = null;
if (! $rst) {
$rst = Aclgetact (coreapp:: $defaultAcl->tbroles);
if (! $rst) $rst = Array ();
}
return Isset ($rst [$role _id])? $rst [$role _id]: null;
}
/**
* Gets the user Role Association record, which verifies that the resource can be called by this role
*
* @param string $rsid
* @param int $role _id
*
* @return Array
*/
function Aclgetrefresourcesroles ($rsid, $role _id) {
static $rst = null;
if (! $rst) {
$rst = Aclgetact (coreapp:: $defaultAcl->tbrefresourcesroles);
if (! $rst) $rst = Array ();
}
$ref _id = "{$rsid}<-|->{$role _id}";
Coreapp::writelog (Isset ($rst [$ref _id]) $rst [$ref _id]: ' NoData ', $ref _id);
return Isset ($rst [$ref _id])? $rst [$ref _id]: null;
}

Http://code.google.com/p/php-excel/downloads/list Mini easy to use Excel XML output scheme

http://www.bkjia.com/PHPjc/324286.html www.bkjia.com true http://www.bkjia.com/PHPjc/324286.html techarticle Copy the code as follows:--ACL Tables--The structure of the table ' aclresources ' DROP table IF EXISTS ' aclresources '; CREATE TABLE IF not EXISTS ' aclresources ' (' rsid ' varchar (a) not NULL ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.