This article is the PHP bit operation of the simple permission to design a detailed analysis, the need for a friend to refer to the
1. Written at the front
recently I wanted to write a simple thing about permission processing, and I learned that using binary digits to perform this task brilliantly. About the binary number of bits, common is "or, and, not" these three simple operations, of course, I also looked at the next PHP manual, there are "different or, left, right move" these three operations. I remember in junior high school math teacher began to nag non-stop, here I do not want to make additional instructions on this operation, directly into the business.
2. How to define Permissions
define the values by the N-second side of 2, and so on. Why do you have to define this? This definition guarantees that there is only one 1 of each permission value (binary), and that it corresponds to exactly one permission. Like what:
Copy Code code as follows:
define (' ADD ', 1); Increase Permissions
define (' UPD ', 2); Modify Permissions
define (' SEL ', 4); Find Permissions
define (' DEL ', 8); Delete Permissions
3. Permission operation
permission operations actually involve the concept of "role". Permission manipulation involves giving a role a certain kind of permission, prohibiting certain permissions, and detecting whether a role has some kind of permission. Relative to these three operations. It can be realized conveniently by the operation of binary number.
Copy Code code as follows:
//Give some permission to use the "bit or" operator
$a _access = ADD | UPD | SEL | DEL; A has the right to check and delete
$b _access = ADD | UPD | SEL; B has the right to increase and check
$c _access = ADD | UPD; C has the right to modify
//Prohibit certain permissions with "bit and" and "bitwise NON" operators
$d _access = $c _access & ~upd; D only has the privilege
//Detects whether a permission is available to use the bit and operator
var_dump ($b _access & ADD); 1 on behalf of B has the privilege
var_dump ($b _access & DEL); 0 on behalf of B does not have permission to delete
4. Implement simple permission classes and role classes
using the above permission action method, can simply encapsulate into a permission class and a role class.
Copy Code code as follows:
/**
* Simple Permission class
*/
class Peak_auth {
/**
* Privilege Class counter
* function is to generate permission value
*
* @var int
*/
protected static $authCount = 0;
/**
* Permission name
*
* @var String
*/
protected $authName;
/**
* Permission Details
*
* @var String
*/
protected $authMessage;
/**
* Permission Value
*
* @var N-th
of int 2
*/
protected $authValue;
/**
* Constructor
* Initialize permission name, permission details, and permission values
*
* @param string $authName permission name
* @param string $authMessage permission details
*/
Public Function __construct ($authName, $authMessage = ') {
$this->authname = $authName;
$this->authmessage = $authMessage;
$this->authvalue = 1 << self:: $authCount;
self:: $authCount + +;
}
/**
* This class does not allow object copying operations
*/
Private Function __clone () {
}
/**
* Set Permissions details
*
* @param string $authMessage
*/
Public Function Setauthmessage ($authMessage) {
$this->authmessage = $authMessage;
}
/**
* Get permission name
*
* @return String
*/
Public Function Getauthname () {
return $this->authname;
}
/**
* Get permission value
*
* @return int
*/
Public Function Getauthvalue () {
return $this->authvalue;
}
/**
* Get permission details
*
* @return String
*/
Public Function Getauthmessage () {
return $this->authmessage;
}
}
/**
* Simple Role class
*
* @author 27_man
*/
class Peak_role {
/**
* Role Name
*
* @var String
*/
protected $roleName;
/**
* Role-owned permission value
*
* @var int
*/
protected $authValue;
/**
* Parent Role Object
*
* @var Peak_role
*/
protected $parentRole;
/**
* Constructor
*
* @param string $roleName role name
* @param peak_role $parentRole Parent Role Object
*/
Public Function __construct ($roleName, peak_role $parentRole = null) {
$this->rolename = $roleName;
$this->authvalue = 0;
if ($parentRole) {
$this->parentrole = $parentRole;
$this->authvalue = $parentRole->getauthvalue ();
}
}
/**
* Gets the permissions of the parent role
*/
protected function Fetchparenauthvalue () {
if ($this->parentrole) {
$this->authvalue |= $this->parentrole->getauthvalue ();
}
}
/**
* Give some kind of permission
*
* @param peak_auth $auth
* @return peak_role for chained operation
*/
public function allow (Peak_auth $auth) {
$this->fetchparenauthvalue ();
$this->authvalue |= $auth->getauthvalue ();
return $this;
}
/**
* Blocking some kind of permission
*
* @param peak_auth $auth
* @return peak_role for chained operation
*/
public Function deny (Peak_auth $auth) {
$this->fetchparenauthvalue ();
$this->authvalue &= ~ $auth->getauthvalue ();
return $this;
}
/**
* Detect if you have some kind of permission
*
* @param peak_auth $auth
* @return Boolean
*/
Public Function Checkauth (Peak_auth $auth) {
return $this->authvalue & $auth->getauthvalue ();
}
/**
* Get the role's permission value
*
* @return int
*/
Public Function Getauthvalue () {
return $this->authvalue;
}
}
5. Simple operation examples for permission classes and role classes
Copy Code code as follows:
//Create three permissions: Readable, writable, executable
$read = new Peak_auth (' CanRead ');
$write = new Peak_auth (' CanWrite ');
$exe = new P Eak_auth (' Canexe ');
//Create a role user
$user = new Peak_role (' user ');
///Create another role Admin, he has all permissions for User
$admin = new Peak_role (' ADM In ', $user);
//give user readable, writable permission
$user->allow ($read)->allow ($write),
//Give Admin executable permissions, and he also has user permissions
$admin-& Gt;allow ($exe);
//Prohibit writable permissions for admin
$admin->deny ($write);
//detect if Admin has certain permissions
Var_dump ($admin->checkauth ($read)); br> Var_dump ($admin->checkauth ($write));
Var_dump ($admin->checkauth ($exe));
