PHP permission control framework for B/S Systems

The basic UI is added to the official version... Complete: git. oschina. netjiazenPHP-Access-Control sent this thing three years ago: www. oschina. netcodesnippet_195738_9797 used this to develop two BS systems in three years. This is the latest refactoring version. System permission structure: Application

The basic UI is added to the official version... Complete: http://git.oschina.net/jiazen/PHP-Access-Control three years ago this thing: http://www.oschina.net/code/snippet_195738_9797 three years with this development of two B/S systems. This is the latest refactoring version. System permission structure: Application-function-action

The basic UI is added to the official version...
The complete: http://git.oschina.net/jiazen/PHP-Access-Control
Three years ago this thing: http://www.oschina.net/code/snippet_195738_9797
In the past three years, two B/S systems have been developed. This is the latest refactoring version.

System permission structure: Application-> function-> action, which splits All workflows into three steps. The previously designed B/S system does this.
Simple structure the program won't be too complicated, the menu structure will be simple, and the user experience will be good. Unlike other systems that make the entire workflow complex, the learning cost is high, and the user experience is poor.


Basic principle: Set permissions to an array. When performing the corresponding actions, verify that the permission array has the corresponding action permissions. The location of the authentication permission can be verified by the URI route entry (recommended) before the corresponding action code is executed.

The system uses three Arrays: Permission array, permission usage verification, menu array, filtered out menu with no permission, and menu sorting array to improve user experience.
This framework is mainly used to process the three Arrays for production.

System Process: User Login-> database read user permission array and menu array (menu sorting has been done in the encapsulated class)-> Generate Cache

To be improved...

Currently, it is a development version and does not use design mode encapsulation.
I mainly share the permission process. My code is ugly. You can use the code to implement the process yourself.

For more comments and suggestions, there are still many things to be modified. <无>

  $ AppRes) {$ menu [$ app] ['name'] = $ appRes ['name']; foreach ($ appRes ['funs'] as $ fun => $ funRes) {$ menu [$ app] ['funs'] [$ fun] = $ funRes ['name'] ;}} return $ menu ;} /*************************************** **************************************** * ******************* @ build a user menu sorting array @ parameter $ sortSet: set the menu sorting array @ returnArray ********************************* **************************************** *********************** * ***/Public static function buildUserMenuSort ($ sortSet = array () {/* problem: when using asort for sorting, the execution sequence starts from the last value. If the sorting value is the same, the sorting will be reversed. Purpose: keep the original order when the sorting values are the same. Solution: Use array_reverse to flip the array and then use asort to sort it. * /// Check whether the parameter is null or an array if (! Is_array ($ sortSet) & empty ($ sortSet) & self: DEBUG) {die ("Error: buildMenuSort-$ sortSet ");} // @ parent menu sorting foreach ($ sortSet as $ app =>$ appRes) {$ appsSort [$ app] = $ appRes ['sort '];} $ parentSort = array_reverse ($ appsSort); asort ($ parentSort); // @ submenu sort foreach ($ sortSet as $ app => $ appRes) {$ funSort = array_reverse ($ appRes ['funs']); asort ($ funSort); $ sort funSort [$ app] = $ funSort;} // Delete the sub-menu sorting value. PS: It's useless, and it's okay to keep it. Clean up the data to make it more clean, foreach ($ your funsort as $ app => $ funList) {foreach ($ funList as $ fun =>$ sort) {$ subSort [$ app] [] = $ fun ;}} // @ integrate the sub-menu to the parent menu foreach ($ parentSort as $ parent => $ sort) {$ menuSort [$ parent] = $ subSort [$ parent];} return $ menuSort ;} /*************************************** **************************************** * ******************* @ filter expired data in the permission array @ returnArray @ uses the returned array contains two parts: array ($ purview = ARRA Y, $ filter = BOOL) 1. $ purview is the filtered permission array; 2. $ whether the filter array has been filtered, true is returned after filtering, and false is returned after filtering. **************************************** **************************************** * ******************/Public static function filterVoidPurview ($ purview = array ()) {$ appList = self: buildAppList (); $ newPurview = array (); $ filter = false; // whether the record is filtered foreach ($ purview as $ app =>$ funs) {// whether the application exists if (isset ($ appList [$ app]) {foreach ($ funs as $ fun =>$ acts) {// whether the function exists if (array_key_exists ($ fun, $ appList [$ app] ['funs']) {Foreach ($ acts as $ act) {// whether the action exists if (array_key_exists ($ act, $ appList [$ app] ['funs'] [$ fun] ['acts']) {$ newPurview [$ app] [$ fun] [] = $ act ;} else {$ filter = true ;}}} else {$ filter = true ;}} return array ('purview' =>$ newPurview, 'filter' => $ filter );} ######################################## ######################################## ########################## contains database operations, independent writing to facilitate other data Library support ##################################### ######################################## ######################################## ########################/*************** **************************************** **************************************** * *** @ get user permission array @ parameter $ uid: user ID $ dbh: Database handle $ dbtp: table prefix @ returnArray @ uses automatically determines the permission type (role permission OR user group permission) **************************************** *************************** * ******************************/Public static function getUserPurview ($ uid, $ dbh, $ dbtp) {$ SQL = "SELECT gid, purview FROM {$ dbtp} ac_users WHERE uid =: uid LIMIT 1 "; $…… = $ dbh-> prepare ($ SQL); $……> bindParam (': uid', $ uid); $……-> execute (); $ user = $ something-> fetch (PDO: FETCH_ASSOC ); // when gid = 0, the user is the role permission if ($ user ['gid'] = 0) {// @ role permission // filter expired data // print_r (unserialize ($ user ['purview']); exit; $ return = self: filterV OidPurview (unserialize ($ user ['purview']); // @ check whether it has been filtered. if it has been filtered, it will be updated to the database if ($ return ['filter']) {self: putPurview ($ uid, 'R', $ return ['purview'], $ dbh, $ dbtp );}} else {// @ user group permission $ SQL = "SELECT purview FROM {$ dbtp} ac_groups WHERE gid =: gid LIMIT 1 "; $ something = $ dbh-> prepare ($ SQL); $ something-> bindParam (': gid', $ user ['gid']); $ something-> execute (); $ group = $ something-> fetch (PDO: FETCH_ASSOC); // filter expired data $ return = self: filterVoidPurview (unse Rialize ($ group ['purview']); // @ check whether it has been filtered. if it has been filtered, it will be updated to the database if ($ return ['filter']) {self:: putPurview ($ user ['gid'], 'G', $ return ['purview'], $ dbh, $ dbtp) ;}}$ dbh = null; // close the database return $ return ['purview'];} /*************************************** **************************************** * ******************* @ obtain the user menu sorting array @ parameter $ uid: user ID $ dbh: Database handle $ dbtp: table prefix @ returnArray @ uses filters out expired data based on the user permission array ************************** ** **************************************** * *****************************/Public static function getUserMenuSort ($ uid, $ dbh, $ dbtp) {$ SQL = "SELECT menusort FROM {$ dbtp} ac_users WHERE uid =: uid LIMIT 1 "; $…… = $ dbh-> prepare ($ SQL); $……> bindParam (': uid', $ uid); $……-> execute (); $ result = $ something-> fetch (PDO: FETCH_ASSOC); $ menuSort = unserialize ($ result ['menusort ']); // @ filter out expired data $ userPurview = self: getUserPur View ($ uid, $ dbh, $ dbtp); // user permission array (expired data filtered out) $ newMenuSort = array (); $ filter = false; // whether the record is filtered foreach ($ menuSort as $ app =>$ funs) {// whether the application exists if (isset ($ userPurview [$ app]) {foreach ($ funs as $ fun) {// whether the function exists if (array_key_exists ($ fun, $ userPurview [$ app]) {$ newMenuSort [$ app] [] = $ fun;} else {$ filter = true ;}} // @ check whether it has been filtered. if it has been filtered, it will be updated to the database if ($ filter) {$ serializeMenuSort = serialize ($ newMenuSo Rt); $…… = $ dbh-> prepare ("UPDATE {$ dbtp} ac_users SET menusort =: menusort WHERE uid =: uid LIMIT 1 "); $……-> bindParam (': uid', $ uid); $……> bindParam (': menusort ', $ serializeMenuSort); $……-> execute (); // $ something-> rowCount () ;}$ dbh = null; return $ newMenuSort ;} /*************************************** **************************************** * ******************* @ build a user menu array @ parameter $ uid: user ID $ dbh: Database handle $ dbtp: table prefix @ return Array @ uses filters menu items based on the user permission Array, and arranges menus by user-defined menu arrays. **************************************** **************************************** * *****************/Public static function buildUserMenu ($ uid, $ dbh, $ dbtp) {// user permission array (expired data has been filtered out) $ userPurview = self: getUserPurview ($ uid, $ dbh, $ dbtp ); // user menu sorting array (expired data filtered out) $ userMenuSort = self: getUserMenuSort ($ uid, $ dbh, $ dbtp ); // All menu item arrays (reliable array, obtained in real time) $ menu = self: buildMenu (); // @ filter menu items with no permissions $ userMenu = array (); foreach ($ userPu Rview as $ app =>$ funs) {$ userMenu [$ app] ['name'] = $ menu [$ app] ['name']; foreach ($ funs as $ fun => $ acts) {$ userMenu [$ app] ['funs'] [$ fun] = $ menu [$ app] ['funs'] [$ fun] ;}} // @ sort by user array $ sortUserMenu = array (); foreach ($ userMenuSort as $ app =>$ funs) {foreach ($ funs as $ fun) {$ sortUserMenu [$ app] ['funs'] [$ fun] = $ userMenu [$ app] ['funs'] [$ fun]; // Add to the rearranged menu unset ($ userMenu [$ app] ['funs'] [$ fun]); // Delete added functions} // Number of arranged items Add functions not available in the group to the menu (sorting is in the front. This mainly deals with the fact that after a user adds a new permission, the user does not sort the newly added menu) foreach ($ sortUserMenu as $ app => $ appRes) {foreach ($ appRes ['funs'] as $ fun => $ name) {$ userMenu [$ app] ['funs'] [$ fun] = $ name ;}} return $ userMenu ;} /*************************************** **************************************** * ******************** @ update permission @ parameter $ id: UID or GID $ type: Permission type: r is the role permission, g is the user group permission @ returnBOOL ********************************** ********** **************************************** * **************/Public static function putPurview ($ id, $ type, $ purview, $ dbh, $ dbtp) {$ purview = serialize ($ purview); # permission type detection if ($ type = 'R ') {// role permission $ SQL = "UPDATE {$ dbtp} ac_users SET purview =: purview WHERE uid =: id LIMIT 1 ";} elseif ($ type = 'G') {// group permission $ SQL = "UPDATE {$ dbtp} ac_groups SET purview =: purview WHERE gid =: id LIMIT 1 ";} else {die ('error: Permissio N type ');} $…… = $ dbh-> prepare ($ SQL); $ dbh = null; $……-> bindParam (': id', $ id ); $ something-> bindParam (': purview', $ purview); $ thing-> execute (); return $ something-> rowCount ()? True: false ;}}