The permission is designed in rbac mode.
A common user publishes a post,
A has the permission to edit, delete, and view this post.
Ordinary B users have the permission to view
Editor c users can edit, delete, and view this post.
Editing, deleting, and viewing permissions all have corresponding buttons. if you have the permission, the buttons are displayed. if you do not have the permission, the buttons are displayed.
How should we design it?
For example, the edit button corresponds to a button, and the operation node is designed as one. The node function is to edit its own topic and others.
You do not need to manage permissions to edit or delete your data. Generally, websites are divided into front-and back-ends. when a common user operates on the front-end, there is almost no need to consider the permissions. The website can be managed by anyone.
It is very troublesome to explain in detail. you should first think about it. I think you are in a misunderstanding.
I will explain it as follows:
The following example uses the "edit topic" and "edit my topic" to simulate a truth table:
You have the permission to edit a topic and the permission to edit my topic: T
You have the permission to edit a topic. you do not have the permission to "edit my topic": T
You are not authorized to edit a topic. you have the "edit my topic" permission: checks isAuth and returns the isAuth check result.
You are not authorized to edit a topic. you are not authorized to edit a topic.
Now, cancel editing my topic permission settings and use the isAuth check instead. the truth table has the same result:
You have the permission to edit a topic. isAuth = T: T
Permission to edit the topic, isAuth = F: T
No permission to edit the topic. isAuth = T: T
No permission to edit the topic. isAuth = F: F
You must have said that in some cases, even if users pass the isAuth check, they will not be able to use it. Isn't this kind of operation done without the isAuth check?
class Controller { protected $_allowIfIsAuth = false; public function afterDispatch() { if (! $user->hasPermission('permission_name')) { if (! ($this->_allowIfIsAuth && $user->isAuth('auth_id'))) { return false; } } return true; }}
Create table 'app _ user' ('id' bigint (20) not null AUTO_INCREMENT COMMENT 'primary key', 'gmt _ create' datetime not null comment 'data add time ', 'Creator' varchar (128) not null default '0' comment' creators ', 'gmt _ modified' timestamp not null default CURRENT_TIMESTAMP COMMENT 'data modification time ', 'Modifier' varchar (128) not null default '0' comment' modifier ', 'Is _ deleted' char (1) not null default 'n' comment' whether to delete logically, DEFAULT value: N', 'ha _ id' varchar (64) default null comment 'unified member ID', 'buc _ id' varchar (64) default null comment 'employee uniform ID', 'work _ no' varchar (64) default null comment 'employee ID ', 'status' varchar (32) default null comment' status ', 'user _ type' varchar (32) default null comment 'user type', 'User _ name' varchar (128) default null comment 'user name ', 'email 'varchar (64) default null comment 'e-mail ', 'mobile' varchar (32) default null comment 'phone', 'phone' varchar (32) default null comment 'telephe', 'Home _ page_url 'varchar (128) default null comment 'homepage url', 'User _ no' varchar (128) default null comment 'user number', 'login _ id' varchar (128) default null comment 'login ID', primary key ('id '), KEY 'idx _ workno' ('Work _ no', 'is _ Deleted'), KEY 'login _ id' ('login _ id ')) ENGINE = InnoDB AUTO_INCREMENT = 1774 default charset = utf8 COMMENT = 'system user'; create table 'app _ role' ('id' bigint (20) not null AUTO_INCREMENT COMMENT 'primary key ', 'gmt _ create 'datetime not null comment' data addition time', 'creator' varchar (128) not null default '0' comment' creators ', 'gmt _ modified' timestamp not null default CURRENT_TIMESTAMP COMMENT 'data modification time', 'Modifier' varchar (128) not null default '0' comment' modifier ', 'is _ deleted' char (1) not null default 'n' 'comment' indicates whether the logic is deleted. the DEFAULT value is 'n' and 'role _ name' varchar (64) default null comment 'role name', 'role _ type' varchar (32) default null comment 'role type', 'Home _ page_url 'varchar (128) default null comment 'homepage url', primary key ('id'), KEY 'idx _ rolename' ('role _ name', 'is _ Deleted ')) ENGINE = InnoDB AUTO_INCREMENT = 1065 default charset = utf8 COMMENT = 'system role '; create table 'app _ role_org_user' ('id' bigint (20) not null AUTO_INCREMENT COMMENT 'primary key ', 'gmt _ create 'datetime not null comment' data addition time', 'creator' varchar (128) not null default '0' comment' creators ', 'gmt _ modified' timestamp not null default CURRENT_TIMESTAMP COMMENT 'data modification time', 'Modifier' varchar (128) not null default '0' comment' modifier ', 'is _ deleted' char (1) not null default 'n' 'comment' indicates whether the logic is deleted. the DEFAULT value is 'n' and 'role _ id' bigint (20) default null comment 'role ID', 'org _ id' bigint (20) default null comment 'Organization ID', 'User _ id' bigint (20) default null comment 'user ID', 'Home _ page_url 'varchar (500) default null comment 'home url', 'Access _ org_path' varchar (256) default null comment 'authorize organization path', primary key ('id') ENGINE = InnoDB AUTO_INCREMENT = 18658 default charset = utf8 COMMENT = 'system user organization role ';
Save a global constant to identify the user and assign different functions to the user group. for details, refer to the one think idea.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
