Simple ACL_PHP tutorial-php Tutorial

Implement simple ACL. Php code? Php *** simple ACL permission control function ** table definition ** 1. resource definition (rsid, access, desc) * 2. role definition (id, rolename, desc) * 3. resource-role Association (rsid, role_id Php code

/**

* Simple ACL permission control

*

* Table definition

*

* 1. resource definition (rsid, access, desc)

* 2. role definition (id, rolename, desc)

* 3. resource-role Association (rsid, role_id)

* 4. user-role Association (user_id, role_id)

*

* Dependent db. php sqlobject. php

*

* @ Author vb2005xu.iteye.com

*/

Class AclBase {

/**

* No one is allowed to access

*/

Const NOBODY = 0;

/**

* Allow access by anyone

*/

Const EVERYONE = 1;

/**

* Allow access by users with roles

*/

Const HAS_ROLE = 2;

/**

* Allow access by a user without a role

*/

Const NO_ROLE = 3;

/**

* A resource-role associated with a defined role can be accessed.

*/

Const ALLOCATE_ROLES = 4;

// Define the relevant table name

Public $ tbResources = 'aclresources ';

Public $ tbRoles = 'aclroles ';

Public $ tbRefResourcesRoles = 'aclresources _ aclroles ';

Public $ tbRefUsersRoles = 'users _ aclroles ';

/**

* Format the resource access permission and return

*

* @ Return int

*/

Static function formatAccessValue ($ access ){

Static $ arr = array (self: NOBODY, self: EVERYONE, self: HAS_ROLE, self: NO_ROLE, self: ALLOCATE_ROLES );

Return in_array ($ access, $ arr )? $ Access: self: NOBODY;

}

/**

* Create a resource and return the primary key of the resource record.

*

* @ Param string $ rsid

* @ Param int $ access

* @ Param string $ desc

*

* @ Return int

*/

Function createResource ($ rsid, $ access, $ desc ){

If (emptyempty ($ rsid) return false;

$ Resource = array (

'Rsid '=> $ rsid,

'Access' => self: formatAccessValue ($ access ),

'Desc' => $ desc,

'Created _ at' => CURRENT_TIMESTAMP

);

Return SingleTableCRUD: insert ($ this-> tbResources, $ resource );

}

/**

* Modify the resource and return the successful status.

*

* @ Param array $ resource

* @ Return int

*/

Function updateResource (array $ resource ){

If (! Isset ($ resource ['rsid ']) return false;

$ Resource ['updated _ at'] = CURRENT_TIMESTAMP;

Return SingleTableCRUD: update ($ this-> tbResources, $ resource, 'rsid ');

}

/**

* Deleting a resource

*

* @ Param string $ rsid

* @ Return int

*/

Function deleteResource ($ rsid ){

If (emptyempty ($ rsid) return false;

Return SingleTableCRUD: delete ($ this-> tbResources, array ('rsid '=> $ rsid ));

}

/**

* Create a role and return the primary key of the role record.

*

* @ Param string $ rolename

* @ Param string $ desc

*

* @ Return int

*/

Function createRole ($ rolename, $ desc ){

If (emptyempty ($ rolename) return false;

$ Role = array (

'Rolename' => $ rolename,

'Desc' => $ desc,

'Created _ at' => CURRENT_TIMESTAMP

);

Return SingleTableCRUD: insert ($ this-> tbRoles, $ role );

}

/**

* Modify the role and return the successful status.

*

* @ Param array $ role

* @ Return int

*/

Function updateRole (array $ role ){

If (! Isset ($ role ['id']) return false;

If (isset ($ role ['rolename']) unset ($ role ['rolename']);

$ Role ['updated _ at'] = CURRENT_TIMESTAMP;

Return SingleTableCRUD: update ($ this-> tbRoles, $ role, 'id ');

}

/**

* Delete a role

*

* @ Param int $ role_id

* @ Return int

*/

Function deleteRole ($ role_id ){

If (emptyempty ($ role_id) return false;

Return SingleTableCRUD: delete ($ this-> tbRoles, array ('role _ id' => (int) $ role_id ));

}

/**

* Specify a role for the resource. each time, all relevant records in the table are removed before being inserted.

*

* @ Param int $ rsid

* @ Param mixed $ roleIds

* @ Param boolean $ setNull whether to clear resources from the associated table if the role id does not exist

*/

Function allocateRolesForResource ($ rsid, $ roleIds, $ setNull = false, $ defaultAccess =-1 ){

If (emptyempty ($ rsid) return false;

$ RoleIds = normalize ($ roleIds ,',');

If (emptyempty ($ roleIds )){

If ($ setNull ){

SingleTableCRUD: delete ($ this-> tbRefResourcesRoles, array ('rsid '=> $ rsid ));

If ($ defaaccess access! =-1 ){

$ DefaultAccess = self: formatAccessValue ($ defaultAccess );

$ This-> updateResource (array ('rsid '=> $ rsid, 'access' => $ defaultAccess ));

}

Return true;

}

Return false;

}

SingleTableCRUD: delete ($ this-> tbRefResourcesRoles, array ('rsid '=> $ rsid ));

$ RoleIds = array_unique ($ roleIds );

Foreach ($ roleIds as $ role_id ){

SingleTableCRUD: insert ($ this-> tbRefResourcesRoles, array ('rsid '=> $ rsid, 'role _ id' => (int) $ role_id ));

}

Return true;

}

Function cleanRolesForResource ($ rsid ){

If (emptyempty ($ rsid) return false;

Return SingleTableCRUD: delete ($ this-> tbRefResourcesRoles, array ('rsid '=> $ rsid ));

}

Function cleanResourcesForRole ($ role_id ){

If (emptyempty ($ role_id) return false;

Return SingleTableCRUD: delete ($ this-> tbRefResourcesRoles, array ('role _ id' => (int) $ role_id ));

}

/**

* Allocate resources to the role. each time, all relevant records in the table are removed before being inserted.

*

* @ Param int $ role_id

* @ Param mixed $ rsids

*

* @ Return boolean

*/

Function allocateResourcesForRole ($ role_id, $ rsids ){

If (emptyempty ($ role_id) return false;

$ Role_id = (int) $ role_id;

$ Rsids = normalize ($ rsids ,',');

If (emptyempty ($ rsids )){

Return false;

}

SingleTableCRUD: delete ($ this-> tbRefResourcesRoles, array ('role _ id' => $ role_id ));

$ Rsids = array_unique ($ rsids );

Foreach ($ rsids as $ rsid ){

SingleTableCRUD: insert ($ this-> tbRefResourcesRoles, array ('rsid '=> $ rsid, 'role _ id' => $ role_id ));

}

Return true;

}

/**

* Assign a role to the user. each time, all relevant records in the table are removed before being inserted.

*

* In this case, many users may have performance problems... how to optimize it later?

*

* @ Param int $ user_id

* @ Param mixed $ roleIds

*

* @ Return boolean

*/

Function allocateRolesForUser ($ user_id, $ roleIds ){

If (emptyempty ($ user_id) return false;

$ User_id = (int) $ user_id;

$ Rsids = normalize ($ rsids ,',');

If (emptyempty ($ rsids )){

Return false;

}

SingleTableCRUD: delete ($ this-> tbRefUsersRoles, array ('User _ id' => $ user_id ));

$ RoleIds = array_unique ($ roleIds );

Foreach ($ roleIds as $ roleId ){

SingleTableCRUD: insert ($ this-> tbRefUsersRoles, array ('User _ id' => $ user_id, 'role _ id' => $ role_id ));

}

Return true;

}

Function cleanRolesForUser ($ user_id ){

If (emptyempty ($ user_id) return false;

Return SingleTableCRUD: delete ($ this-> tbRefUsersRoles, array ('User _ id' => (int) $ user_id ));

}

Function cleanUsersForRole ($ role_id ){

If (emptyempty ($ role_id) return false;

Return SingleTableCRUD: delete ($ this-> tbRefUsersRoles, array ('role _ id' => (int) $ role_id ));

}

}

/**

* Perform acl verification on resources

*

* @ Param string $ rsid resource ID

* @ Param array $ user specific user. If this parameter is not specified, the current user is verified.

*

* @ Return boolean

*/

Function aclVerity ($ rsid, array $ user = null ){

If (emptyempty ($ rsid) return false;

}

Java code

/*

* The verification procedure is as follows:

*

* 1. verify the access attribute of the resource.

* EVERYONE => true, NOBODY => false * verify other attributes below

* 2. obtain the role id set from the session (or user session table ).

* 3. if a user has a role, HAS_ROLE => true, NO_ROLE => false; and vice versa.

* 4. if resource access = ALLOCATE_ROLES

* 1. obtain the role id set corresponding to the resource from the cache (or $ tbRefResourcesRoles)

* 2. intersection the user's role id set with the role id set corresponding to the resource

* 3. intersection exists => true; otherwise => false

*/

It takes half an hour to get dizzy and try again tomorrow ....

Why? Php/*** simple ACL permission control function ** table definition ** 1. resource definition (rsid, access, desc) * 2. role definition (id, rolename, desc) * 3. resource-role Association (rsid, role_id...