My universal access system design is to replace the permissions when try not to involve code modification, from the Chinaunix forum, today turned around to see. I hope to help you, Bkjia friends have a very high promotion.
Copy CodeThe code is as follows:
/*
* Control Access table
* ACL value function
* 1 Login Required
* 2 Self-modification
* 4 Required permission set for group
* 8 requires an identity access collection
* 16 identity is forbidden to access
* 32 Accessible dates
* 64 Accessible Sundays
* 128 Time to visit
* 256 Enter password to access
* 512 Super Admin use
*/
Class Aclacl extends ACL {
Public $routername = "ACL";
Public $aclid = ' 2 '; Permission resource ID, if the login does not have this permission then it (below) It value is 0 also cannot access
Public $roledisable =array (9); disabling identities
Public $pwd = 123456; Password access acl->nopwd ();
Public $date =array (' Begin ' =>0, ' End ' =>0); Allow dates between
Public $hours =array (' Begin ' =>0, ' End ' =>0); Intra-day hourly interval
Public $weeks =array (' Begin ' =>0, ' End ' =>0); Within a week from Monday to week seven
Public $aclgroup =array ("Create" = "4,45,8"); Create requires a group to be created
Public $aclrole =array ("All" = "6", "Create" and "7,95,78"); Create requires a role to be created that requires a role with ID 6 to access
Public $acl =array ("All" =>0,
"Index" =>4,//Table column 4 represents the group's combination
"Delete" =>1,//delete only after login delete, of course stay to set to 2 or 4
"Update" =>1,//update submission can only be updated after login, do here also prevent illegal, Post,edit is unable to access the display Edit content page
"CreateForm" =>1,//cannot submit a new database
"Edit" =>0,//login to display the edit box
"Show" =>0,//can be displayed without login
"Create" =>1); Innovative forms require a login operation to set up a group to create
}
?>
This is the file module to be authenticated is the ACL
This class is invoked whenever the user accesses the ACL module, if authentication is turned on
This class will then perform a certification check based on the $acl all or index equivalents.
Put this file in the Router/acl directory, the framework will be automatically authenticated if the user does not have the corresponding positive authorization is unable to access the corresponding restrictions.
For example, the crud create method has a negative permission of 17, which should be explained by the previous explanation should be login and group authorization is the 4 45 83 groups of Create in the $aclgroup array,
First member does not login will prompt login, if the member is not in these three groups is unable to access the method will prompt without permission.
Currently, router can use ACL control to open its own
method is to add Public function Isacl () {} in the xxxxRouter.class.php file.
Can return a permission file name such as return curd, then automatically call the CurdACL.class.php class and name
Curdrouter class Setting validation
Copy CodeThe code is as follows:
Class Curdrouter extends controller{
Return RBAC Control access list validation class by default it's the same name as router and curd.
You can not write this function, then the universal permission system is not enabled.
Public Function Isacl () {}
Public Function Index ()
{
$booktype =m ("BookType");
$this->pager=c ("pager");//Get classification
$this->pager->setpager ($booktype->count (), ' page ');//Get total data, set 10 per page
$this->assign ("list", $booktype->orderby ("BookID desc")->limit ($this->pager->offset (), ten) Fetch ()->getrecord ());
}
Public Function Login () {//login page
}
Public Function Logout () {//Exit page
MY ()->logout (); Sign Out
Redirect (Url_for ("Guestbook/index"), "Exit succeeded", 3);
}
Public Function Noacl ($mask) {//Handle it if you do not have permission to switch to login
Redirect (Url_for ("Guestbook/login"), "Requires login", 3);
}
Public Function Loginpost () {//Login submit place simple processing under login authentication
if ($_post[' author ']== ' queryphp ' &&md5 ($_post[' pwd ']) ==md5 (' 123456 '))
{
MY ()->setlogin (); Set Login Status
Redirect (Url_for ("Guestbook/adminlist"), "Login Successful", 3);
}
Redirect (Url_for ("Guestbook/login"), "Login Failed", 3);
}
Copy CodeThe code is as follows:
/*
* Login Information Basic class
* The permission table can cache the data and restore it at login time.
*/
Class MyBase {
Public $options =array ();
Public $uid;
public $username;
Public $isadmin;
Public $role =array (); The identity I use
Public $group =array (); My group
Public $grouprole =array (); The identity of the group
Public $mygroupMar =array (); I have a managed group
Public $mygroupOwn =array (); belong to my group
Public $acl =array (); Active Control Table Groupacl and MYACL CONTROL permission set content is RBAC rbacid
Public $groupacl =array (); Control permissions for group hold
Public $myacl =array (); My identity, control rights.
Public $loginfaild = 0; Logon Failures If more than this number should prohibit IP logons in a few ways
This is the basic
You can put myUser.class.php in the project Lib directory.
The copy code uses the My () function to get myuser.
Can look at the framework file
The Project/router directory has a guestbookRouter.class.php
In the background
Gets the guestbookRouter.class.php class name and method.
And then add permissions to these methods
Right there is an app permission, there is a cancellation permission, if the Cancel permission means no permission limit
That is, delete the permissions file
Applying permissions to add permissions to this class generates a permission file.
Generate guestbookACL.class.php files in project/router/acl/
The program will check for guestbookACL.class.php permission files when loading guestbookRouter.class.php
There is a license to use the authority, there is no. So the addition and subtraction of permissions with the guestbookRouter.class.php file entry without a little change
So it is convenient to add the permission method in the future.
Http://queryphp.googlecode.com/files/queryphp_2011_01_27.zip
http://www.bkjia.com/PHPjc/323443.html www.bkjia.com true http://www.bkjia.com/PHPjc/323443.html techarticle My universal access system design is to replace the permissions when try not to involve code modification, from the Chinaunix forum, today turned around to see. I hope to help you, to PHP100 friends have ...
