The idea of "permission management" is to use "role" + "permission" to implement permission roles.
Such as Question...
In the face of complicated permission settings, I think it should be okay to write if and else directly.
Advice
Reply to discussion (solution)
The permission table should be created when the table is created. a role's attribute foreign key is associated with the table.
The permission table should be created when the table is created. a role's attribute foreign key is associated with the table.
Can I provide more details? It mainly refers to the process at which the permission should be introduced during Program writing to determine how to introduce the permission.
I used to write a small project, which is also a permission issue. we solve this problem: when a user logs on, the user information (including permissions, I used numbers for permissions at that time. If the user permission is 5) in the session, when the user wants to perform an operation such as delete (permission requirements> 6), compare the current permission and the required permissions .... it's too far away to remember clearly
Generally, after identity recognition (logon), the role is introduced to the session, and the permissions are obtained based on the role table.
Table design: role Association menu (Level-1 menu ~ Level 2 menu ......), Role Association operations (view, delete, search, and modify)
Determine the expression and storage of permission words first
The integer type of php is logn and has 64 binary bits.
Therefore, it is sufficient to meet the needs of most applications. (Each binary represents an action)
Each role has one permission word, and each user can have multiple roles.
Each user can also have an exception
The combined permissions are obtained using bitwise operations:
User permission = role permission xor exception
Where: role permission = user's role permission or user's role permission...
Role <-> permission; permission <-> menu
Determine the expression and storage of permission words first
The integer type of php is logn and has 64 binary bits.
Therefore, it is sufficient to meet the needs of most applications. (Each binary represents an action)
Each role has one permission word, and each user can have multiple roles.
Each user can also have an exception
The combined permissions are obtained using bitwise operations:
User permission = role permission xor exception
Where: role permission = user's role permission or user's role permission...
Thank you. I am very clear about the storage and allocation of permissions.
Then how can I use it for calling?
For example, there is a delete button.
Roles with deletion permission can view this button when viewing this page. how can this button be written? Use if or else?
After you click the delete button and submit it to PHP, do you still need to judge the permission again?
Conditional judgment is always necessary. Otherwise, how can we know who is who?
But it is also very simple.
$ U = 0b1011; // user permission
$ P = 0b0010; // action number (I have already mentioned that there can be 64 actions)
If ($ p & $ u) echo 'permission ';
Find out the RBAC design mode.
A user table is associated with a user group table and a user group table is associated with a permission table. when a user enters the table, the user first determines which group the user belongs to and then sets permissions based on the group. many open-source products are designed like this.
A simple role stores every method and uses this method to determine whether the user role has this method permission.
The RBAC permission mode allows you to view a large number of permissions on the Internet.