PHP Web site management Administrator rights control system scheme
Younger brother now do a site backstage, including the article upload module, for download file upload, user message module and so on.
Issue: Background Administrator rights Assignment
Description: The system now has a super Administrator with all permissions. Now want to implement: Super Administrator can add General administrator, and can control the general administrator's permissions. For example, to control a general user can only upload articles, not upload pictures and so on, how can this be done? Ask for a thought, have the source code instance is better!
In addition, the system may add additional modules (such as a new image upload module, etc.), after the new backend module, how to easily configure the original administrator account for the new module of the relevant permissions?
May say not very clear, has the question to welcome the thread!
The highest can only give 100 points, I do not know can add points!
------Solution--------------------
Each permission needs to have a tag.
Such as:
Post posts 1
Add Administrator 2
Image upload 3
...........
If a user has three privileges
Memory database, is an array, (1;2;3)
User only has post posting permission (2;)
With posting posts and image upload permissions (2;3;)
...........
Determines whether a lookup is included when the permission is available on the line.
I don't know, I understand??
------Solution--------------------
Create a module table. If there is an operation right for the module, it is 1. otherwise 0
1 0 1 1. Very flexible to use
------Solution--------------------
Set up a module table, there is a admin_group_id in the Quick table, record those are the administrator can see, those are users. That glance, like,
User Mode Fast 1,3--1 represents the highest administrator, 3 indicates the user
Upload Module--1 represents the highest administrator, 2 means the general administrator
------Solution--------------------
Set up a module table, there is a admin_group_id in the Quick table, record those are the administrator can see, those are users. That glance, like,
User Mode Fast 1,3--1 represents the highest administrator, 3 indicates the user
Upload Module--1 represents the highest administrator, 2 means the general administrator
------Solution--------------------
Phpgacl
------Solution--------------------
discuss
Each permission needs to have a tag.
Such as:
Post posts 1
Add Administrator 2
Image upload 3
...........
If a user has three privileges
Memory database, is an array, (1;2;3)
User only has post posting permission (2;)
With posting posts and image upload permissions (2;3;)
...........
Determines whether a lookup is included when the permission is available on the line.
I don't know, I understand??
------Solution--------------------
Most of the above are simple permissions
A complex view of permissions role model, search the Internet
------Solution--------------------
Very convenient to use groups
Group table:
Group ID/Group name
1/Group 1
2/Group 2
............
Group Permissions Association table:
Group ID/Permission ID
1/1
1/2
2/2
2/4
............
Casual collocation, group 1 may be your super tube, group 2 is the general tube, you create a new group 3, collocation, is ordinary users. New Group 4 may be a restricted user
------Solution--------------------
Look at Dedecms's rights management. I'm a copycat. I feel very flexible.
------Solution--------------------
Explore
Thank you for your advice.
There is another problem: if the system added additional modules (such as adding a picture upload module, etc.), after the new backend module, how to easily configure the original administrator account for the new module of the relevant permissions?
------Solution--------------------
I've been doing this for the last two days.
I designed a few tables
Used under the Zend Auth, the owner can refer to
/* Role Table
--ID
--User name
--Password
--Working Group A,b,c ...
*/
DROP TABLE IF EXISTS role_acl;
CREATE TABLE Role_acl (
ID Int (one) not NULL auto_increment,
Username varchar (+) not NULL,
Password varchar () not NULL,
Work_group char (1) Not NULL,
PRIMARY KEY (' id ')
) Engine=innodb DEFAULT CHARSET=GBK;
/* Workgroup
--ID
--Working Group A,b,c ...
--Text description
*/
DROP TABLE IF EXISTS group_acl;
CREATE TABLE Group_acl (
ID Int (one) not NULL auto_increment,
Work_group char (1) Not NULL,
Group_desc varchar () not NULL,
PRIMARY KEY (' id ')
) Engine=innodb DEFAULT CHARSET=GBK;
/* Role Resource action Mapping table
--ID
--Working Group A,b,c ...
--Resource Code
*/
DROP TABLE IF EXISTS mapped_acl;
CREATE TABLE Mapped_acl (
ID Int (one) not NULL auto_increment,
Work_group varchar (1) Not NULL,
Resource varchar () not NULL,
Action varchar (not NULL),
PRIMARY KEY (' id ')
) Engine=innodb DEFAULT CHARSET=GBK;
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
