Modified thinkPHP3.1.3Auth permission

Provides various official and user-released code examples. For code reference, you are welcome to learn thinkPHP 3.1.3 Auth permission modification edition. Only data in the rule table can be verified!

This is my issue: http://www.thinkphp1.cn/topic/16890.html

There is almost no good way to meet my requirements, but I have no choice but to open Auth. class. php to modify it!

Myqq: 171313244
I have no choice but to modify it. I can't help the original author! // + ----------------------------------------------------------------------
// | ThinkPHP [we can do it just think it]
// + ----------------------------------------------------------------------
// | Copyright (c) 2011 http://thinkphp1.cn All rights reserved.
// + ----------------------------------------------------------------------
// | Licensed (http://www.apache.org/licenses/LICENSE-2.0)
// + ----------------------------------------------------------------------
// | Author: luofei614 　
// + ----------------------------------------------------------------------
/**
* Permission Authentication
* Features:
* 1. It authenticates rules rather than nodes. Users can authenticate nodes as Rule names.
* $ Auth = new Auth (); $ auth-> check ('Rule name', 'user id ')
* 2. You can authenticate multiple rules at the same time and set the relationship (or and) between the rules)
* $ Auth = new Auth (); $ auth-> check ('Rule 1, Rule 2', 'user id', 'and ')
* If the third parameter is "and", the user must have both the permissions of rule 1 and rule 2. When the third parameter is or, it indicates that the user value must meet one of the conditions. The default value is or.
* 3. A user can belong to multiple user groups (the think_auth_group_access table defines the user group to which the user belongs ). We need to set the rules for each user group (think_auth_group defines the user group permissions)
*
* 4. Rule expressions are supported.
* When defining a rule in the think_auth_rule table, if the type is 1, the condition field can define the rule expression. For example, if {score}> 5 and {score} <100 is defined, this rule will pass when the user's score is between 5 and.
* @ Category ORG
* @ Package ORG
* @ Subpackage Util
* @ Author luofei614
*/

// Database
/*
------------------------------
-- Think_auth_rule, rule table,
-- Id: primary key, name: Unique Identifier of the rule. title: Chinese name of the rule. status: 1: Normal, 0: Disabled, condition: Rule expression. If it is null, it indicates that the rule exists, if this parameter is not set to null, it indicates that the verification is performed based on the conditions.
------------------------------
Drop table if exists 'think _ auth_rule ';
Create table 'think _ auth_rule '(
'Id' mediumint (8) unsigned not null AUTO_INCREMENT,
'Name' char (80) not null default '',
'Title' char (20) not null default '',
'Status' tinyint (1) not null default '1 ',
'Condition 'Char (100) not null default '',
Primary key ('id '),
Unique key 'name' ('name ')
) ENGINE = MyISAM default charset = utf8;
------------------------------
-- Think_auth_group user group table,
-- Id: primary key, title: Chinese name of the user group, rules: rule id owned by the user group, separated by multiple rules, status: 1 normal, 0 disabled
------------------------------
Drop table if exists 'think _ auth_group ';
Create table 'think _ auth_group '(
'Id' mediumint (8) unsigned not null AUTO_INCREMENT,
'Title' char (100) not null default '',
'Status' tinyint (1) not null default '1 ',
'Rules' char (80) not null default '',
Primary key ('id ')
) ENGINE = MyISAM default charset = utf8;
------------------------------
-- Think_auth_group_access user group list
-- Uid: User id, group_id: User Group id
------------------------------
Drop table if exists 'think _ auth_group_access ';
Create table 'think _ auth_group_access '(
'Uid' mediumint (8) unsigned not null,
'Group _ id' mediumint (8) unsigned not null,
Unique key 'uid _ group_id '('uid', 'Group _ id '),
KEY 'uid' ('uid '),
KEY 'group _ id' ('group _ id ')
) ENGINE = MyISAM default charset = utf8;
*/

Class Auth {

// Default Configuration
Protected $ _ config = array (
'Auth _ on' => true, // authentication Switch
'Auth _ type' => 1, // authentication method. The value 1 indicates time authentication, and the value 2 indicates logon authentication.
'Auth _ group' => 'think _ auth_group ', // user GROUP data table name
'Auth _ GROUP_ACCESS '=> 'think _ auth_group_access', // user group list
'Auth _ rule' => 'think _ auth_rule', // permission RULE table
'Auth _ user' => 'think _ members '// USER information table
);

Public function _ construct (){
If (C ('auth _ config ')){
// You can set the configuration item AUTH_CONFIG, which is an array.
$ This-> _ config = array_merge ($ this-> _ config, C ('auth _ config '));
}
}

// Get the permission $ name can be a string or an array or separated by commas. uid is the authenticated user ID, $ or is in the or relation, true is, and name is an array, if one of the conditions in the array is passed, it is passed. If it is false, all conditions must pass.
Public function check ($ name, $ uid, $ relation = 'or '){
If (! $ This-> _ config ['auth _ on'])
Return true;
$ Count = M ()-> table ($ this-> _ config ['auth _ rule'])-> where ('name = "'. $ name. '"')-> count ();
If ($ count = 0 ){
Return true;
}
$ AuthList = $ this-> getAuthList ($ uid );
If (is_string ($ name )){
If (strpos ($ name ,',')! = False ){
$ Name = explode (',', $ name );
} Else {
$ Name = array ($ name );
}
}
$ List = array (); // name with permission
Foreach ($ authList as $ val ){
If (in_array ($ val, $ name ))
$ List [] = $ val;
}
If ($ relation = 'or' and! Empty ($ list )){
Return true;
}
$ Diff = array_diff ($ name, $ list );
If ($ relation = 'and' and empty ($ diff )){
Return true;
}
Return false;
}

// Obtain the user group, which can be called externally
Public function getGroups ($ uid ){
Static $ groups = array ();
If (isset ($ groups [$ uid])
Return $ groups [$ uid];
$ User_groups = M ()-> table ($ this-> _ config ['auth _ GROUP_ACCESS ']. 'A')-> where (". uid = '$ uid' and g. status = '1' ")-> join ($ this-> _ config ['auth _ group']. "g on. group_id = g. id ")-> select ();
$ Groups [$ uid] = $ user_groups? $ User_groups: array ();
Return $ groups [$ uid];
}

// Obtain the permission list
Protected function getAuthList ($ uid ){
Static $ _ authList = array ();
If (isset ($ _ authList [$ uid]) {
Return $ _ authList [$ uid];
}
If (isset ($ _ SESSION ['_ AUTH_LIST _'. $ uid]) {
Return $ _ SESSION ['_ AUTH_LIST _'. $ uid];
}
// Read the user group to which the user belongs
$ Groups = $ this-> getGroups ($ uid );
$ Ids = array ();
Foreach ($ groups as $ g ){
$ Ids = array_merge ($ ids, explode (',', trim ($ g ['rules'], ',');
}
$ Ids = array_unique ($ ids );
If (empty ($ ids )){
$ _ AuthList [$ uid] = array ();
Return array ();
}
// Read all user group permission rules
$ Map = array (
'Id' => array ('in', $ ids ),
'Status' => 1
);
$ Rules = M ()-> table ($ this-> _ config ['auth _ rule'])-> where ($ map)-> select ();
// Cycle rules to determine the result.
$ AuthList = array ();
Foreach ($ rules as $ r ){
If (! Empty ($ r ['condition']) {
// Condition Verification
$ User = $ this-> getUserInfo ($ uid );
$ Command = preg_replace ('/\ {(\ w *?) \}/',' $ User [\ '\ 1 \'] ', $ r ['condition']);
// Dump ($ command); // debug
@ (Eval ('$ condition = ('. $ command .');'));
If ($ condition ){
$ AuthList [] = $ r ['name'];
}
} Else {
// If it exists, it passes
$ AuthList [] = $ r ['name'];
}
}
$ _ AuthList [$ uid] = $ authList;
If ($ this-> _ config ['auth _ type'] = 2 ){
// Session result
$ _ SESSION ['_ AUTH_LIST _'. $ uid] = $ authList;
}
Return $ authList;
}
// Obtain user information and read the database according to your own situation
Protected function getUserInfo ($ uid ){
Static $ userinfo = array ();
If (! Isset ($ userinfo [$ uid]) {
$ Userinfo [$ uid] = M ()-> table ($ this-> _ config ['auth _ user'])-> find ($ uid );
}
Return $ userinfo [$ uid];
}
}

AD: truly free, domain name + VM + enterprise mailbox = 0 RMB