The simplest RBAC instructions in history !!! Thinkphp

Projects are relatively small and generally contain several users. Therefore, we used to perform self-written Verification Based on users and permissions. Tp rbac has never been studied.
It is difficult to understand RBAC.
I have read the official demo, which is indeed very complicated and used in config. PHP parameters and table DDL are also different from RBAC. class. PHP comments differ greatly, which makes beginners more confused. I am also confused for a long time.
Today, I am very idle, So I carefully studied RBAC. Class. php line by line, a total of 300 lines.CodeTo remove comments and line breaks, there are only 200 rows.
It is found that RBAC. Class. php is still very refined and easy to use and flexible.
But it is precisely this flexibility that puzzles new users!
Well, I will not talk about it much. I will show it to new users. The veteran can skip it.
Let's get down to the truth. We will take two steps to get rid of RBAC.
Step 1: Understand what functions in RBAC are.
Step 2: What else do we need to do after RBAC is used.
OK, let's get started!
Step 1:
RBAC. Class. php has several functions, but our new users only deal with the following functions:
Authenticate () saveaccesslist () checklogin () accessdemo ()
What? You asked me what they do? Well, let me talk about the authentication process first.
1. Check whether the system has enabled the authentication function C ('user _ auth_on ')
2. Check whether authentication is required for the current operation.
3. If the current operation requires authentication, check whether the current user has permissions. If (YES), do nothing.
4. If (NO), check the cause. If you are not logged on, go to the logon page. If you do not have the permission, an error is returned.
In these four steps, user authentication is completed, and accessdemo-() completes the first three steps!
Checklogin () is responsible for checking whether the browser is logged on in step 1.
Haha, there are two more left. I want to come and think it should be explained in step 2.

Step 2:
Since RBAC. Class. php is so powerful and has helped us deal with so much work, do we have to do anything?
The answer is disappointing. We still need to write some code.
First, add the code to the authentication module.

2. protected function _ initialize () {
3. Import ('org. util. RBAC ');
4. If (! RBAC: accessdeauthentication () // not authenticated
5. {
6. // logon check
7. RBAC: checklogin ();
9. // The system prompts that the error message has no permission.
10. $ this-> error (L ('_ valid_access _');
11. }
12. }

copy the Code
the purpose is to tell the Program what to do when the authentication fails.
In addition, we need to check whether the user entered the user name and password correctly, this is also called the authentication gateway.
the name is in config. use 'user _ auth_gateway 'in PHP.
my code is as follows:

1. // generate authentication conditions
2. $ map = array ();
3. $ map ['account'] =$ _ post ['account'];
4. $ map ["status"] = array ('gt ', 0);
5. Import ('org. util. RBAC ');
6. $ authinfo = RBAC: Authenticate ($ map);
7. // use the user name, password, and status for authentication.
8. If (false ===$ authinfo)
9. {
10. $ this-> error ('account does not exist or is disabled! ');
11. }
12. else
13. {
14. if ($ authinfo ['Password']! = MD5 ($ _ post ['Password'])
15. {
16. $ this-> error ('wrong password! ');
17. }
18. $ _ session [C ('user _ auth_key ')] = $ authinfo ['id'];
19. if ($ authinfo ['account'] = 'admin')
20. {
21. $ _ session [C ('admin _ auth_key ')] = true;
22. }
23. // cache access permission
24. RBAC: saveaccesslist ();
25. $ this-> success ('logon successful! ');

copy the Code
OK, this completes the complete RBAC authentication.

Of course, you may need a complete user/permission management system.
if you understand the above basic principles, it is easy to understand. For details, refer to the official RBAC example.
the" add, delete, modify, and query "operations on the tables" role role_user node access "do not involve basic RBAC operations.