Opinion on rbac of Thinkphp

Whether the current operation requires verification. tp provides two parameters in the configuration file, one for storing the operation to be verified, and the other for unverified operations, however, the current operation is used to match with them. if there is no need to verify the operation, add this method.

Today, I read the rbac example in the Thinkphp example, and I will explain the implementation ideas.

1. check whether permission verification is enabled

2. check whether verification is required for the current module.

3. check whether verification is required for the current operation.

4. obtain the permissions of the role to which the user belongs.

5. verify whether the current operation is permitted based on the obtained permissions.

Two questions:

1. whether the current operation requires verification. tp provides two parameters in the configuration file, one for storing the operation to be verified, and the other for unverified operations, however, the current operation is used to match with them. if the add method is included in the operation that does not require verification, the add method of all modules will skip verification.

2. when obtaining permissions of a role, operations on the public module are superimposed on the permission list of the current module, that is, if you add a role to a public module, the ADD operation of the current module will be added whether or not.