Home > Developer > PHP

Permission management implemented by thinkphp + mysql

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
As a B/S-based management system, what users can perform and what operations is indeed a big problem. I am lucky to be led by the team lead, if you are involved in RBAC (Role-BasedAccessControl), you must Mark it. (the following content requires thinkphp framework knowledge)

As a B/S-based management system, what users can perform and what operations is indeed a big problem. I am lucky to be led by the team lead, if you are involved in Role-Based Access Control, you must Mark it. (the following content requires thinkphp framework knowledge)

No. 1 Database Design (only extract the relevant part)

User table: records user information, including user name, password, and description (omitted)

Role table: records system roles, such as administrators, leaders, and employees.

Node Table: A node is a part of a URL. each page is spliced by nodes. Here, the pid is the last node of the node. Using the pid, you can splice the URLs of each page with one node. The thinkphp framework consists of the module name and method name, for example, http: // localhost/app/index. php/User/login. User is the module name, stored as a node, login is the method name, and stored as a node. The preceding http: // localhost/app/index. php is the thinkphp entry address and does not need to be recorded. (Thinkphp content can refer to the http://www.thinkphp.cn/document/155.html)

There are two associated tables in the middle to record the association.

No. 2 use "inherited extension model" and "_ initialize ()" to detect permissions of roles and nodes

Inherit extension model: see http://doc.thinkphp.cn/manual/model_extend.html

_ Initialize (): The system Action class provides an initialization method _ initialize interface, which can be used to expand the needs. the _ initialize method is executed first before all operation methods are called.

We extend an AccessManagerAction model to all modules that require permission verification. In this model, we compile a _ initialize method, in which:

1. obtain the URL to be accessed, even if the User + login http: // localhost/app/index. php/User/login is obtained in thinkphp

2. obtain user roles

3. check the URL and role, and return accessible or inaccessible information.

The functions in AccessManagerAction are as follows:

  1. Public function _ initialize ()
  2. {
  3. $ Node = MODULE_NAME.ACTION_NAME; // Obtain the name of the module to be accessed and the name of the operation method.
  4. $ Role = session ('roleid'); // Obtain the role of the user.
  5. If ($ this-> roleAccessFlow ($ node, $ role) // detection function
  6. True; // echo "-- verification passed ";
  7. Else
  8. $ This-> error ('No authorization ');
  9. }
  10. Public function roleAccessFlow ($ node = 'null', $ role = 'null ')
  11. {
  12. $ Result = false;
  13. $ Action = str_replace ("Action", "" ,__ CLASS __);
  14. $ Nodestatus =-1;
  15. // $ Nodestatus is associated with the ifdatapermit field of the node table.
  16. // There are two cases: $ nodestatus =-1. the node is not in the node table. $ Nodestatus = 0, in the node table
  17. // Check whether the administrator is running. If yes, return true. if not, next step.
  18. If ($ this-> checkSessionAdmin ())
  19. {
  20. // Echo "the administrator does not need to verify ";
  21. $ Result = true;
  22. }
  23. // Check whether the node is in the node table. if it is not in the description, no verification is required. return true. If yes, proceed to the next step.
  24. Else
  25. {
  26. // Echo "non-administrator user. ";
  27. $ Nodestatus = $ this-> NodeInList ($ node); // check whether the node is in the node Table function
  28. If ($ nodestatus =-1)
  29. {
  30. // Echo "this node is not in the list and does not require verification. ";
  31. $ Result = true;
  32. }
  33. Else if ($ nodestatus = 0)
  34. {
  35. // Echo "this node needs verification ";
  36. $ Result = $ this-> checkRoleNodeAccess ($ node, $ role );
  37. // CheckRoleNodeAccess mapping user's role and node information
  38. }
  39. }
  40. Return $ result;
  41. }
Note:A view is required to connect the module name and the method name to form a complete URL, which is then checked in the permission table.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More