Simple permission design for PHP bit operations

This article provides a detailed analysis of the simple permission design for PHP bit operations. For more information, see 1. write at the beginning
Recently I want to write a simple article about permission processing. I have learned that bitwise operations with binary numbers can accomplish this task well. For bitwise operations of binary numbers, the common three simple operations are "or, and, and not". of course, I also checked the PHP Manual, there are also three operations: "exclusive or", "left shift", and "right shift. I remember that when I was a junior high school student, I started to get bored. I didn't want to explain this operation any more, so I went straight to the topic.

2. how to define permissions
Define the permissions according to the npower of 2, and so on. Why is it defined like this? This definition ensures that each permission value (binary) has only one permission, and it exactly corresponds to one permission. For example:

The code is as follows:

Define ('Add', 1); // ADD permissions
Define ('upd', 2); // modify permissions
Define ('sel ', 4); // query permission
Define ('Del ', 8); // delete permission

3. permission operation
Permission operations actually involve the concept of "role. Permission operations allow a role to grant certain permissions, prohibit certain permissions, and check whether a role has certain permissions. Compared with these three operations. It can be conveniently implemented through the calculation of binary numbers.

The code is as follows:

// Use the bitwise OR operator to grant certain permissions
$ A_access = ADD | UPD | SEL | DEL; // a has the ADD, delete, modify, and query permissions.
$ B _access = ADD | UPD | SEL; // B has the ADD, modify, and query permission.
$ C_access = ADD | UPD; // c has the ADD and modify permissions.
// Prohibit certain permissions from using the bitwise and non-bitwise operators
$ D_access = $ c_access &~ UPD; // d only has the add permission
// Checks whether you have certain permissions and use the bitwise AND operator.
Var_dump ($ B _access & ADD); // 1 indicates that B has the added permission.
Var_dump ($ B _access & DEL); // 0 indicates that B does not have the delete permission

4. implement simple permission and role classes
The preceding permission operation method can be used to encapsulate a permission class and a role class.

The code is as follows:

/**
* Simple permission class
*/
Class Peak_Auth {
/**
* Permission counters
* The role is to generate the permission value.
*
* @ Var int
*/
Protected static $ authCount = 0;
/**
* Permission name
*
* @ Var string
*/
Protected $ authName;
/**
* Permission details
*
* @ Var string
*/
Protected $ authMessage;
/**
* Permission value
*
* @ Var int 2 the n of power
*/
Protected $ authValue;
/**
* Constructor
* Initialize the permission name, detailed permission information, and permission value.
*
* @ Param string $ authName permission name
* @ Param string $ authMessage permission details
*/
Public function _ construct ($ authName, $ authMessage = ''){
$ This-> authName = $ authName;
$ This-> authMessage = $ authMessage;
$ This-> authValue = 1 <self: $ authCount;
Self: $ authCount ++;
}
/**
* Copying objects is not allowed in this category.
*/
Private function _ clone (){

}
/**
* Set permission details
*
* @ Param string $ authMessage
*/
Public function setAuthMessage ($ authMessage ){
$ This-> authMessage = $ authMessage;
}
/**
* Get the permission name
*
* @ Return string
*/
Public function getAuthName (){
Return $ this-> authName;
}
/**
* Get the permission value
*
* @ Return int
*/
Public function getAuthValue (){
Return $ this-> authValue;
}
/**
* Obtain detailed permission information
*
* @ Return string
*/
Public function getAuthMessage (){
Return $ this-> authMessage;
}
}
/**
* Simple angle
*
* @ Author 27_Man
*/
Class Peak_Role {
/**
* Role name
*
* @ Var string
*/
Protected $ roleName;
/**
* Role-owned permissions
*
* @ Var int
*/
Protected $ authValue;
/**
* Parent role object
*
* @ Var Peak_Role
*/
Protected $ parentRole;
/**
* Constructor
*
* @ Param string $ roleName role name
* @ Param Peak_Role $ parentRole parent role object
*/
Public function _ construct ($ roleName, Peak_Role $ parentRole = null ){
$ This-> roleName = $ roleName;
$ This-> authValue = 0;
If ($ parentRole ){
$ This-> parentRole = $ parentRole;
$ This-> authValue = $ parentRole-> getAuthValue ();
}
}
/**
* Get the permissions of the parent role
*/
Protected function fetchParenAuthValue (){
If ($ this-> parentRole ){
$ This-> authValue | = $ this-> parentRole-> getAuthValue ();
}
}
/**
* Grant certain permissions
*
* @ Param Peak_Auth $ auth
* @ Return Peak_Role for chained operations
*/
Public function allow (Peak_Auth $ auth ){
$ This-> fetchParenAuthValue ();
$ This-> authValue | = $ auth-> getAuthValue ();
Return $ this;
}
/**
* Block certain permissions
*
* @ Param Peak_Auth $ auth
* @ Return Peak_Role for chained operations
*/
Public function deny (Peak_Auth $ auth ){
$ This-> fetchParenAuthValue ();
$ This-> authValue & = ~ $ Auth-> getAuthValue ();
Return $ this;
}
/**
* Checks whether a permission is granted.
*
* @ Param Peak_Auth $ auth
* @ Return boolean
*/
Public function checkAuth (Peak_Auth $ auth ){
Return $ this-> authValue & $ auth-> getAuthValue ();
}
/**
* Get the role's permission value
*
* @ Return int
*/
Public function getAuthValue (){
Return $ this-> authValue;
}
}

5. simple operation examples for permission and role classes

The code is as follows:

// Create three permissions: readable, writable, and executable
$ Read = new Peak_Auth ('canread ');
$ Write = new Peak_Auth ('canonical ');
$ Exe = new Peak_Auth ('canexe ');
// Create a role User
$ User = new Peak_Role ('user ');
// Create another role Admin, which has all the permissions of the User
$ Admin = new Peak_Role ('admin', $ user );
// Grant the User the readable and writable permissions.
$ User-> allow ($ read)-> allow ($ write );
// Grant the Admin executable permission and the User permission.
$ Admin-> allow ($ exe );
// Disable the write permission of Admin
$ Admin-> deny ($ write );
// Check whether the Admin has certain permissions
Var_dump ($ admin-> checkAuth ($ read ));
Var_dump ($ admin-> checkAuth ($ write ));
Var_dump ($ admin-> checkAuth ($ exe ));