Implementing a simple ACL in PHP

The code is as follows:
--ACL Tables
--The structure of the table ' Aclresources '
DROP TABLE IF EXISTS ' aclresources ';
CREATE TABLE IF not EXISTS ' aclresources ' (
' Rsid ' varchar (+) not NULL,
' Access ' int (4) is not NULL for default 0,
' desc ' varchar (+) not NULL default ' ',
' Created_at ' int (ten) unsigned not NULL default 1,
' Updated_at ' int (ten) unsigned not NULL default 0,
PRIMARY KEY (' Rsid ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' Aclroles '
DROP TABLE IF EXISTS ' aclroles ';
CREATE TABLE IF not EXISTS ' Aclroles ' (
' id ' int (ten) unsigned not NULL auto_increment,
' rolename ' varchar (+) not NULL,
' desc ' varchar (+) not NULL default ' ',
' Created_at ' int (ten) unsigned not NULL default 1,
' Updated_at ' int (ten) unsigned not NULL default 0,
PRIMARY KEY (' id '),
UNIQUE KEY ' rolename ' (' rolename ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' Ref_aclresources_aclroles '
DROP TABLE IF EXISTS ' ref_aclresources_aclroles ';
CREATE TABLE IF not EXISTS ' Ref_aclresources_aclroles ' (
' Rsid ' varchar (+) not NULL,
' role_id ' int (ten) unsigned not NULL,
PRIMARY KEY (' Rsid ', ' role_id ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' Ref_users_aclroles '
DROP TABLE IF EXISTS ' ref_users_aclroles ';
CREATE TABLE IF not EXISTS ' Ref_users_aclroles ' (
' user_id ' int (ten) unsigned not NULL auto_increment,
' role_id ' int (ten) unsigned not NULL,
PRIMARY KEY (' user_id ', ' role_id ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;
--The structure of the table ' users '
DROP TABLE IF EXISTS ' users ';
CREATE TABLE ' users ' (
' id ' int (ten) unsigned not NULL auto_increment,
' Email ' varchar (+) not NULL,
' Password ' varchar (+) not NULL,
' Nickname ' varchar (+) not NULL default ' ',
' Roles ' varchar (+) not NULL default ' ',
' Created_at ' int (ten) unsigned not NULL default 1,
' Updated_at ' int (ten) unsigned not NULL default 0,
PRIMARY KEY (' id '),
UNIQUE KEY ' user_email ' (' email ')
) DEFAULT Charset=utf8 collate=utf8_unicode_ci;

PHP class
The code is as follows:
<?php
/**
* Simple ACL permission control function
*
* Table Definition
*
* 1. Resource definition (RSID,ACCESS,DESC,CREATED_AT,UPDATED_AT)
* 2. Role Definitions (ID,ROLENAME,DESC,CREATED_AT,UPDATED_AT)
* 3. Resource-Role Association (RSID,ROLE_ID)
* 4. User-Role Association (USER_ID,ROLE_ID)
*
* Dependent db.php sqlobject.php
*
* @author vb2005xu.iteye.com
*/
Class Aclbase {
---ACL access authorization

/**
* No one is allowed to visit
*/
Const NOBODY = 0;

/**
* Allow anyone to access
*/
Const EVERYONE = 1;

/**
* Allow users with roles to access
*/
Const HAS_ROLE = 2;

/**
* Allow users without roles to access
*/
Const NO_ROLE = 3;
/**
* Roles defined in resource-Role association can be accessed
*/
Const ALLOCATE_ROLES = 4;

Define the associated table name
Public $tbResources = ' aclresources ';
Public $tbRoles = ' aclroles ';
Public $tbRefResourcesRoles = ' ref_aclresources_aclroles ';
Public $tbRefUsersRoles = ' ref_users_aclroles ';

/**
* Format the access rights of the resource and return
*
* @return int
*/
static function Formataccessvalue ($access) {
Static $arr = Array (self::nobody,self::everyone,self::has_role,self::no_role,self::allocate_roles);
Return In_array ($access, $arr)? $access: Self::nobody;
}

/**
* Create resource, return resource record primary key
*
* @param string $rsid
* @param int $access
* @param string $desc
*
* @return int
*/
function Createresource ($rsid, $access, $desc) {
if (empty ($rsid)) return false;

$resource = Array (
' Rsid ' = $rsid,
' Access ' = Self::formataccessvalue ($access),
' desc ' = $desc,
' Created_at ' = Current_timestamp
);

Return Singletablecrud::insert ($this->tbresources, $resource);
}

/**
* Modify resources to return to success status
*
* @param array $resource
* @return int
*/
function Updateresource (array $resource) {
if (!isset ($resource [' Rsid ')) return false;

$resource [' updated_at '] = current_timestamp;

Return Singletablecrud::update ($this->tbresources, $resource, ' rsid ');
}

/**
* Delete Resources
*
* @param string $rsid
* @return int
*/
function Deleteresource ($RSID) {
if (empty ($rsid)) return false;
Return Singletablecrud::d elete ($this->tbresources,array (' rsid ' = $rsid));
}

/**
* Create role, return role record primary key
*
* @param string $rolename
* @param string $desc
*
* @return int
*/
function Createrole ($rolename, $desc) {
if (empty ($rolename)) return false;

$role = Array (
' RoleName ' = $rolename,
' desc ' = $desc,
' Created_at ' = Current_timestamp
);

Return Singletablecrud::insert ($this->tbroles, $role);
}

/**
* Modify roles to return to success status
*
* @param array $role
* @return int
*/
function Updaterole (array $role) {
if (!isset ($role [' ID ')]) return false;

if (Isset ($role [' rolename ')]) unset ($role [' rolename ']);
$role [' updated_at '] = current_timestamp;

Return Singletablecrud::update ($this->tbroles, $role, ' id ');
}

/**
* Remove Roles
*
* @param int $role _id
* @return int
*/
function DeleteRole ($role _id) {
if (Empty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbroles,array (' role_id ' = = (int) $role _id));
}

/**
* Assign a role to a resource, remove all related records from the table and insert them each time
*
* @param int $rsid
* @param mixed $roleIds
* @param boolean $setNull whether to empty the resource from the associated table when the role ID does not exist
*/
function Allocaterolesforresource ($rsid, $roleIds, $setNull =false, $defaultAccess =-1) {
if (empty ($rsid)) return false;

$roleIds = Normalize ($roleIds, ', ');
if (empty ($roleIds)) {
if ($setNull) {
Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));

if ($defaultAccess! =-1) {
$defaultAccess = Self::formataccessvalue ($defaultAccess);
$this->updateresource (' rsid ' + $rsid, ' access ' = $defaultAccess));
}
return true;
}
return false;
}

Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));

$roleIds = Array_unique ($roleIds);

foreach ($roleIds as $role _id) {
Singletablecrud::insert ($this->tbrefresourcesroles,array (' rsid ' = $rsid, ' role_id ' = = (int) $role _id));
}
return true;
}

function Cleanrolesforresource ($RSID) {
if (empty ($rsid)) return false;
Return Singletablecrud::d elete ($this->tbrefresourcesroles,array (' rsid ' = $rsid));
}

function Cleanresourcesforrole ($role _id) {
if (Empty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbrefresourcesroles,array (' role_id ' = = (int) $role _id));
}

/**
* Assign resources to a role, remove all related records from the table and insert them each time
*
* @param int $role _id
* @param mixed $rsids
*
* @return Boolean
*/
function Allocateresourcesforrole ($role _id, $rsids) {
if (Empty ($role _id)) return false;

$role _id = (int) $role _id;
$rsids = Normalize ($rsids, ', ');
if (empty ($rsids)) {
return false;
}

Singletablecrud::d elete ($this->tbrefresourcesroles,array (' role_id ' = $role _id));

$rsids = Array_unique ($rsids);

foreach ($rsids as $rsid) {
Singletablecrud::insert ($this->tbrefresourcesroles,array (' Rsid ' and $rsid, ' role_id ' + $role _id));
}
return true;
}

/**
* Assign roles to users, remove all related records from the table and insert them each time
*
* There may be performance issues when users are a lot ... How to optimize the back again
*
* @param int $user _id
* @param mixed $roleIds
*
* @return Boolean
*/
function Allocaterolesforuser ($user _id, $roleIds) {
if (Empty ($user _id)) return false;

$user _id = (int) $user _id;
$roleIds = Normalize ($roleIds, ', ');
if (empty ($roleIds)) {
return false;
}

Singletablecrud::d elete ($this->tbrefusersroles,array (' user_id ' = $user _id));

$roleIds = Array_unique ($roleIds);

foreach ($roleIds as $roleId) {
Singletablecrud::insert ($this->tbrefusersroles,array (' user_id ' = $user _id, ' role_id ' = $role _id));
}
return true;
}

/**
* Clear the user's role information
*
* @param int $user _id
*
* @return Boolean
*/
function Cleanrolesforuser ($user _id) {
if (Empty ($user _id)) return false;
Return Singletablecrud::d elete ($this->tbrefusersroles,array (' user_id ' = = (int) $user _id));
}

/**
* Clear user associations for roles
*
* @param int $role _id
*
* @return Boolean
*/
function Cleanusersforrole ($role _id) {
if (Empty ($role _id)) return false;
Return Singletablecrud::d elete ($this->tbrefusersroles,array (' role_id ' = = (int) $role _id));
}

}

The code for the specific test is as follows:
Copy the code code as follows:
/**
* ACL check on resources
*
* @param string $rsid resource ID
* @param array $user Specific user, do not specify to verify the current user
*
* @return Boolean
*/
function aclverity ($rsid, array $user = null) {

if (empty ($rsid)) return false;
if (! Coreapp:: $DEFAULTACL) {
Coreapp:: $defaultAcl = new Aclflat ();
}

$rsRow = Aclgetresource ($RSID);

Default access policy for resources not defined
if (! $rsRow) return false;

Coreapp::writelog ($rsRow, ' test ');

$rsRow [' access '] = Aclbase::formataccessvalue ($rsRow [' access ']);

Allow anyone to access
if (Aclbase::everyone = = $rsRow [' Access ']) return true;

No one is allowed to access
if (aclbase::nobody = = $rsRow [' Access ']) return false;

Get user Information
if (empty ($user)) $user = Isset ($_session[' Si-sysuser ')? $_session[' si-sysuser ': null;

User is not logged in, as no access rights
if (empty ($user)) return false;

$user [' roles '] = Empty ($user [' roles '])? Null:normalize ($user [' Roles '], '; ');

$userHasRoles =!empty ($user [' roles ']);

/**
* Allow users without roles to access
*/
if (aclbase::no_role = = $rsRow [' Access ']) return $userHasRoles? False:true;

/**
* Allow users with roles to access
*/
if (aclbase::has_role = = $rsRow [' Access ']) return $userHasRoles? True:false;

---resource <-> role verification for users
if ($userHasRoles) {
foreach ($user [' roles '] as $role _id) {
if (Aclgetrefresourcesroles ($rsid, $role _id))
return true;
}
Dump ($user);
}
return false;
}

Copy the code code as follows:
/**
* ACL check on resources
*
* @param string $rsid resource ID
* @param array $user Specific user, do not specify to verify the current user
*
* @return Boolean
*/
function aclverity ($rsid, array $user = null) {

if (empty ($rsid)) return false;
if (! Coreapp:: $DEFAULTACL) {
Coreapp:: $defaultAcl = new Aclflat ();
}

$rsRow = Aclgetresource ($RSID);

Default access policy for resources not defined
if (! $rsRow) return false;

Coreapp::writelog ($rsRow, ' test ');

/*
* The verification steps are as follows:
*
* 1. Validate the resource itself first access property
* EVERYONE = True,nobody and False * other properties continue to verify below
* 2. Get the Role ID collection from the session (or User session table)
* 3. Has_role = True if the user has a role, No_role = False, or vice versa
* 4. If resource access = = Allocate_roles
* 1. Gets the collection of role IDs for the resource from the cache (or $tbRefResourcesRoles)
* 2. To intersect the collection of role IDs owned by the user with the set of role IDs corresponding to the resource
* 3. Presence intersection = true; otherwise = False
*/

$rsRow [' access '] = Aclbase::formataccessvalue ($rsRow [' access ']);

Allow anyone to access
if (Aclbase::everyone = = $rsRow [' Access ']) return true;

No one is allowed to access
if (aclbase::nobody = = $rsRow [' Access ']) return false;

Get user Information
if (empty ($user)) $user = Isset ($_session[' Si-sysuser ')? $_session[' si-sysuser ': null;

User is not logged in, as no access rights
if (empty ($user)) return false;

$user [' roles '] = Empty ($user [' roles '])? Null:normalize ($user [' Roles '], '; ');

$userHasRoles =!empty ($user [' roles ']);

/**
* Allow users without roles to access
*/
if (aclbase::no_role = = $rsRow [' Access ']) return $userHasRoles? False:true;

/**
* Allow users with roles to access
*/
if (aclbase::has_role = = $rsRow [' Access ']) return $userHasRoles? True:false;

---resource <-> role verification for users
if ($userHasRoles) {
foreach ($user [' roles '] as $role _id) {
if (Aclgetrefresourcesroles ($rsid, $role _id))
return true;
}
Dump ($user);
}
return false;
}
/**
* Regenerate role resource access control table
*
* @param string $actTable ACL table name
* @param boolean $return whether to return the list of rebuilds
*
* @return Mixed
*/
function Aclrebuildact ($actTable, $return = False) {
if (empty ($actTable)) return false;

Global $globalConf;
$rst = null;
$cacheId = null;

Switch ($actTable) {
Case Coreapp:: $DEFAULTACL->tbresources:
$cacheId = ' acl-resources ';
$rst = Singletablecrud::findall (coreapp:: $defaultAcl->tbresources);
Turn into a hash table structure
if ($rst) {
$rst = Array_to_hashmap ($rst, ' rsid ');
}
Break
Case Coreapp:: $DEFAULTACL->tbroles:
$cacheId = ' acl-roles ';
$rst = Singletablecrud::findall (coreapp:: $defaultAcl->tbroles);
Turn into a hash table structure
if ($rst) {
$rst = Array_to_hashmap ($rst, ' id ');
}
Break
Case Coreapp:: $DEFAULTACL->tbrefresourcesroles:
$cacheId = ' acl-roles_has_resources ';
$rst = Singletablecrud::findall (coreapp:: $defaultAcl->tbrefresourcesroles);
if ($rst) {
$_ = Array ();
foreach ($rst as $row) {
$ref _id = "{$row [' rsid ']}<-|->{$row [' role_id ']}";
$_[$ref _id] = $row;
}
Unset ($rst);
$rst = $_;
}
Break
}

if ($cacheId)
Writecache ($globalConf [' Runtime '] [' cachedir '], $cacheId, $rst, true);

if ($return) return $rst;
}
/**
* Get Role Resource access control table data
*
* @param string $actTable ACL table name
*
* @return Mixed
*/
function Aclgetact ($actTable) {
if (empty ($actTable)) return false;

Static $rst = Array ();

$cacheId = null;

Switch ($actTable) {
Case Coreapp:: $DEFAULTACL->tbresources:
$cacheId = ' acl-resources ';
Break
Case Coreapp:: $DEFAULTACL->tbroles:
$cacheId = ' acl-roles ';
Break
Case Coreapp:: $DEFAULTACL->tbrefresourcesroles:
$cacheId = ' acl-roles_has_resources ';
Break

}

if (! $cacheId) return null;

if (Isset ($rst [$cacheId])) return $rst [$cacheId];

Global $globalConf;
900
$rst [$cacheId] = GetCache ($globalConf [' Runtime '] [' cachedir '], $cacheId, 0);
if (! $rst [$cacheId]) {
$rst [$cacheId] = Aclrebuildact ($actTable, true);
}

return $rst [$cacheId];
}
/**
* Get resource records
*
* @param string $rsid
*
* @return Array
*/
function Aclgetresource ($RSID) {
static $rst = null;
if (! $rst) {
$rst = Aclgetact (coreapp:: $defaultAcl->tbresources);
if (! $rst) $rst = Array ();
}
return Isset ($rst [$rsid])? $rst [$RSID]: null;
}
/**
* Get Role Records
*
* @param int $role _id
*
* @return Array
*/
function Aclgetrole ($role _id) {
static $rst = null;
if (! $rst) {
$rst = Aclgetact (coreapp:: $defaultAcl->tbroles);
if (! $rst) $rst = Array ();
}
return Isset ($rst [$role _id])? $rst [$role _id]: null;
}
/**
* Gets the user Role Association record, which verifies that the resource can be called by this role
*
* @param string $rsid
* @param int $role _id
*
* @return Array
*/
function Aclgetrefresourcesroles ($rsid, $role _id) {
static $rst = null;
if (! $rst) {
$rst = Aclgetact (coreapp:: $defaultAcl->tbrefresourcesroles);
if (! $rst) $rst = Array ();
}
$ref _id = "{$rsid}<-|->{$role _id}";
Coreapp::writelog (Isset ($rst [$ref _id]) $rst [$ref _id]: ' NoData ', $ref _id);
return Isset ($rst [$ref _id])? $rst [$ref _id]: null;
}

Http://code.google.com/p/php-excel/downloads/list Mini easy to use Excel XML output scheme

