On PHP Seventh play----Role-based access control rbac_php tutorial

Source: Internet
Author: User
Above http://www.BkJia.com/kf/201205/129972.html to you to explain the use of the loop Output 99 multiplication table, logically or relatively simple, heavy to provide you with a look at the program, parsing code methods and ideas, what comments or suggestions can be interrogates ....

Well, not much to say, this article to introduce you to "role-based access control",

Speaking of authority, everyone is very headache, how can flexible control good one user's rights,

Some alumni add fields to the user table or add the appropriate permission fields to the role table.

This will have a problem, do the right to feel particularly lame, and very inflexible, each additional permission to add a field in the database, it is not conducive to the iterative development of the project

Then we need a very flexible design pattern RBAC, which is role-based access control;

Let me give you this idea of design:

First, our requirement is to determine whether a user has access to the method of the controller or controller of the current operation,

If multiple users have the same permissions at the same time, then we need to assign these users the same user role, and then only need to pass the role to control access to the operation,

The structure of our table needs to be designed in this way, which is important, as follows:

First Data table (user table):

Field name Field description
Id User ID (primary key self-increment)
Username User name
Password User password

Second data table (role table):

Field name Field description
Id User role ID (primary key self-increment)
Name User Role Name

Third data table (node table):

Field name Field description
Id Operation Node ID (primary key self-increment)
Name Name of the action node
Zh_name Chinese description of the node

We use the third paradigm to design association tables, and the benefit is to avoid data redundancy and to have a clear record of a one-to-many relationship

The four Data tables (node corresponding to the role table):

Field name Field description
role_id User role ID (foreign key, primary key ID in the associated role table)
note_id Operation Node ID (foreign key, primary key ID in the associated node table)

Fifth data table (user-corresponding role table):

Field name Field description
role_id User role ID (foreign key, primary key ID in the associated role table)
user_id User ID (foreign key, primary key ID in the associated user table)

With these five tables you can access control of the permissions, and its specific steps are as follows:

User enters user name password to log in,
From the user table, if the user name password entered is not valid, skip back to log in again
If it is legal, return the user's ID number in the user table,
By this user ID number, the user's role ID number is queried in the associated table of the user and role.
Get the role ID number, through this ID number to the Role and Node association table to query the role of the node has access rights,
This permission node is all stored in session, when the user accesses a module,

Example: Http://www.lampbroher.net/index.php/stu/index

We use the session's permissions with $_get[' m '] and $_get[' a '] to compare,

If the $_get[' m '] or $_get[' a '] does not exist in the session, it means that the user does not have this permission to make the processing.

Reference code:

RBAC class Files:
/*+---------------------------------------------------------------------------------------+
| RBAC permission Control class

Class rbac{
Private $node _tablename; Define private attribute node table name
Private $group _auth_tablename; Define private attribute Group Permission table name
Private $group _tablename; Define private Property user Group table name
Private $group _user_tablename; Define private Properties User Attribution Group table name
Private $user _tablename; Define a private property user table name
/*
Construction method
@param1 string Node table name
@param2 String User Rights table name
@param3 String User Group table name
@param4 String User Attribution Group table name
@param5 String User table name
*/
Public function __construct ($node _tablename= ' node ', $group _auth_tablename= ' Group_auth ', $group _tablename= ' group ', $ Group_user_tablename= ' Group_member ', $user _tablename= ' member ') {
$this->node_tablename = $node _tablename; Get node table name
$this->group_auth_tablename = $group _auth_tablename; Get the User Rights table name
$this->group_tablename = $group _tablename; Get user Group table name
$this->group_user_tablename = $group _user_tablename; Get User Attribution Group table name
$this->user_tablename = $user _tablename; Get user table name
}
/*
Set Node method
@param1 String node name
@param2 string node Parent ID
@param2 String Node Chinese description
@return int insert node record ID after success
*/
Public Function Set_node ($name, $pid, $zh _name= ") {
if (!empty ($name) &&!empty ($pid)) {
$node = D ($this->node_tablename)->insert (Array ("name" = + $name, "pid" = = $pid, "zh_name" = $zh _name));
}
return $node;
}
/*
Set Permissions method
@param1 int Group ID
@param2 int Node ID
@return int INSERT permission record ID after successful
*/
Public Function Set_auth ($gid, $nid) {
if (!empty ($gid) &&!empty ($nid)) {
$auth = D ($this->group_auth_tablename)->insert (Array ("gid" = + $gid, "nid" = = $nid));
}
return $auth;
}
/*
Get Node method
@param1 int Node ID
@return Array to get information about the node table
*/
Public Function Get_node ($id) {
if (!empty ($id)) {
$data = D ($this->node_tablename)->field ("Id,name,pid")->where (Array (' id ' = = $id))->find ();
return $data;
}else{
return false;
}
}
/*
Get Group Permission method
@param1 int user Group ID
@return Array to get information about the Group permission table
*/
Public Function Get_auth ($gid) {
if (!empty ($gid)) {
$data = D ($this->group_auth_tablename)->field ("Nid")->where (Array (' gid ' = $gid))->select ();
return $data;
}else{
return false;
}
}
/*
Get user Group method
@param1 int User ID
@return Array Gets the user group ID for the user
*/
Public Function Get_group ($uid) {
if (!empty ($uid)) {
$data = D ($this->group_user_tablename)->field ("GID")->where (Array (' uid ' = = $uid))->select ();
return $data;
}else{
return false;
}
}
/*
Gets the node's child node method
@param1 int Node ID
@return Array to get all the child nodes corresponding to the node
*/
Public Function Get_cnode ($nid) {
if (!empty ($nid)) {
$cnode = D ($this->node_tablename)->field ("name")->where (Array (' pid ' = = $nid))->select ();
return $cnode;
}else{
return false;
}
}
/*
Get Permission method
@param1 int User ID
@return Array to get a list of permissions
*/
Public Function get_access ($uid) {
if (!empty ($uid)) {
Call Get group information method
$group = $this->get_group ($uid);
Traversing group information
foreach ($group as $v) {
To pass the group ID to the Get permission method
$auth = $this->get_auth ($v [' gid ']); Get Permissions for this group
}
Iterating through an array of permissions for this group
foreach ($auth as $val) {
Passing the ID of the node to the Get node information method
$node [] = $this->get_node ($val [' nid ']); Get information about a node
}
Iterate through the array of nodes and assemble
foreach ($node as $nval) {
if ($nval [' pid ']==0) {
$fnode [] = $nval; Press the controller into the Fnode array
$cnode = $this->get_cnode ($nval [' id ']);
}else{
$cnode [] = $nval; Press the Controller's method into the Cnode array
}
}
Assemble the controller array and the controller array into an array
foreach ($fnode as $fval) {
foreach ($cnode as $cval) {
if ($cval [' pid '] = = $fval [' id ']) {
$access [$fval [' name ']][] = $cval [' name '];
}
}
}
Returns an array of permission lists
return $access;
}else{
return false;
}
}
/*
Detection Permission method
@param1 int User ID
@return Boolean permission forbidden or not
*/
Public function Check ($UID) {
if (!empty ($uid)) {
To deposit permissions into $_session[' Access_list ']
$_session[' access_list ' = $this->get_access ($uid);
if (!empty ($_get[' m ')) {
Determine if this controller is allowed
if (array_key_exists ($_get[' m '],$_session[' access_list ')) {
Determines whether the method of this controller is allowed
if (In_array ($_get[' a '],$_session[' access_list '][$_get[' m '])) {
If allowed to return true
return true;
}else{
otherwise return false
return false;
}
}else{
return false;
}
}else{
return false;
}
}else{
$_session[' User_ '. $uid [' access_list '] = 0;
return false;
}
}
Public Function Show_node () {
$path = App_path. ' /controls/';
$handle = Opendir ($path);
while (false!== ($data = Readdir ($handle))) {
if (Is_file ($path. $data) && $data! = ' common.class.php ' && $data! = ' pub.class.php ') {
$controller = Str_replace (". class.php", "', $data);
$res = fopen ($path. $data, ' R ');
$str = Fread ($res, FileSize ($path. $data));
$pattern = '/function (. *) \ (\)/iu ';
Preg_match_all ($pattern, $str, $matches);
foreach ($matches [1] as $v) {
$v = Trim ($v);
$arr [$controller] = $v;
}
}
}
Closedir ($handle);
return $arr;
}
}
Initialize class:
/*+---------------------------------------------------------------------------------------+
| Initializing the Controller

Class Common extends Action {
/*
Initialize method
*/
Public Function init () {
If the session is empty, the jump
if (Empty ($_session[' User_login ')) {
$this->redirect ("Pub/index");
}
$a = new RBAC ();
if (! $a->check ($_session[' user_info ' [' ID '])) {
echo "";
Exit ("");
$this->redirect ("Pub/index");
}
}
}

Here to you to write a simple RBAC class, only for everyone to learn to refer to this idea, if there are questions can be replies ....


Author Zdrjlamp

http://www.bkjia.com/PHPjc/478251.html www.bkjia.com true http://www.bkjia.com/PHPjc/478251.html techarticle the above http://www.2cto.com/kf/201205/129972.html for you to explain the use of the loop Output 99 multiplication table, logically or relatively simple, heavy to provide you with a look at the program, parsing ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.