The ThinkPHP framework uses the ZendACL permission package

Due to the coincidence that ZendFramework has been used for a year's projects, we also have some knowledge about the relevant packages of the ZF framework. we used tp rbac to find databases the other day, it is not easy to use. maybe it is because you are biased ..

Due to the coincidence that Zend Framework has been used for one year's projects, we also have some knowledge about the packages related to the ZF Framework. we used tp rbac to find databases the other day, in addition, it is not very easy to use. maybe it is because of your own bias. so I gave up the RBAC permission provided by TP and chose ZEND ACL.

Step 1:Download the ZF framework package from the Zend official website. decompress the package and copy the Acl. php file in the same directory as the Acl package to the third-party class library directory Vendor/Zend provided by the TP framework.

Step 2:Because I used the configuration file in ini format when using the ZEND ACL, and also made it easy for the ACL to read the ini file, Zend Config is used in this place, copy the package to the Vendor/Zend directory, as well as the Config. the PHP file is also copied to the Vendor/Zend directory.

Step 3:Because both packages use the Zend_Exception class, copy the Exception. php file in the Zend directory to the Vendor directory.

Note:Why is there a Zend Directory? because the directory Zend is used when both the Acl and Config packages reference each other's classes. therefore, ensure that the program can be referenced normally, the Acl and Config packages must be placed in the Vendor/Zend directory.

Step 4:Configure resources. The so-called resource is the resource that we want to use ACL management. only these resources will be managed by ACL. resources not in the configuration column will not apply ACL control, because my program is a group used. Therefore, I created an acl. ini file under the Admin. Admin directory under the Conf Directory. This file is used to save the resources we want to control.

Format:

;; ========================================================== =

; Description of ACL settings:

; 1. resources is the resource list. only resources in the resource list are controlled.

; 2. resources format: Custom name. key name (arbitrary, but unavailable) = Module: Controller

; 3. here, move the Zend ACL to Thinkphp for use. the configuration here is no different from the configuration in Zend.

; Admin indicates the group [here Admin group] to which the application is applied. If no group is independent, a random group is set. In the ACL class.

; Here, the lower case after 'admin: 'must be entered. whether your operation is in upper or lower case, it must be in lower case.

;; ========================================================== =

1. [ACL]
2. ; ;=== Resource part
3. Resource. index = Admin: index
4. Resource. ad = Admin: ad
5. Resource. article = Admin: article
6. Resource. grievance = Admin: grievance
7. Resource. login = Admin: login
8. Resource. secret = Admin: secret
9. Resource. user = Admin: user
10. Resource. common = Admin: common

Step 5:When a control class is created and resources are available, we need to specify roles and allocate resources. because background programs or other management programs usually have multiple roles for operations at the same time, different roles have different permissions and different permissions correspond to different resources. Therefore, we need to use this class to refine the rules as follows:

1. Class AdminAcl
2. {
3. // Default role
4. Private $ _ defaultRole = 'guest ';
5. Public function _ construct ()
6. {
7. Vendor ('zend. acl ');
8. Vendor ('zend. Config. ini ');
9. $ This-> acl = new Zend_Acl ();
11. // Three roles are defined: [tourist], customer service, and Super Administrator by default.
12. $ This-> acl-> addRole (new Zend_Acl_Role ($ this-> _ defaultRole ));
13. $ This-> acl-> addRole (new Zend_Acl_Role ('service '));
14. $ This-> acl-> addRole (new Zend_Acl_Role ('admin '));
15.  
16. // Read the configuration file. The configuration file specifies the type to be controlled.
17. $ AclConfig = new Zend_Config_Ini (APP_PATH. '/Conf/Admin/acl. ini', 'acl ');
18. $ AclSettings = $ aclConfig-> toArray ();
19.  
20. // Add resources
21. Foreach ($ aclSettings as $ key => $ arr ){
22. $ This-> acl-> add (new Zend_Acl_Resource ($ key ));
23. Foreach ($ arr as $ value ){
24. $ This-> acl-> add (new Zend_Acl_Resource ($ value), $ key );
25. }
26. }
27.  
28. // Tourist permission, accessible resources: only access the index of the login module
29. // The third parameter is the operation that the user can access.
30. $ This-> acl-> allow ('guest ', 'admin: login', array ('index '));
31.  
32. // Customer service permissions.
33. $ This-> acl-> allow ('service', 'admin: login ');
34. $ This-> acl-> allow ('service', 'admin: index ');
35. $ This-> acl-> allow ('service', 'admin: ad ');
36. $ This-> acl-> allow ('service', 'admin: article ');
37. $ This-> acl-> allow ('service', 'admin: grievance ');
38. $ This-> acl-> allow ('service', 'admin: secret ');
39. // $ This-> acl-> allow ('service', 'admin: user'); // The user management must be a super administrator.
40. // $ This-> acl-> allow ('service', 'admin: common ');
41.  
42. // Super Administrator can access any resource
43. $ This-> acl-> allow ('admin ');
45. $ This-> preDispatch ();
46. }
48. Public function preDispatch ()
49. {
50. $ Role = $ this-> _ defaultRole; // The default role is tourist.
52. // The first step is to obtain the user information, and put the relevant verification here.
53. $ Is_login = true;
55. If ($ is_login)
56. {
57. $ Userinfo = array ('usertype' => 3 );
58. If ($ userinfo ['usertype'] = 1)
59. {
60. $ Role = 'admin ';
61. }
62. Elseif ($ userinfo ['usertype'] = 2)
63. {
64. $ Role = 'service ';
65. }
66. }
67.  
68. // Determine whether the role is in the registered role.
69. If (! $ This-> acl-> hasRole ($ role ))
70. {
71. $ Role = 'guest ';
72. }
73.  
74. $ Group_name = GROUP_NAME;
75. $ Module_name = strtolower (MODULE_NAME );
76. $ Action_name = strtolower (ACTION_NAME );
77. $ Resource = "$ group_name: $ module_name ";
79. If (! $ This-> acl-> has ($ resource ))
80. {
81. $ Resource = null;
82. }
83.  
84. // If you do not have the permission, the logon page is displayed.
85. If (! $ This-> acl-> isAllowed ($ role, $ resource, $ action_name ))
86. {
87. Redirect (U ('admin-Login/index '));
88. }
89. }
90. }

Note:APP_PATH: this is a constant. This constant is used in the index of the project entry file. the PHP file defines that its value is the Directory of the entry file. in this case, it is equivalent to the directory path of the current project, because I just added the acl. ini is stored in the Conf/Admin directory.

The above class is stored in the Commmon/Admin Group Directory under the project directory and named AdminAcl. class. php.

Step 6:Call this control class before calling any operation. This step is very simple, because we will create a CommonAction during Project creation. class. php files or classes inherit all other actions. Therefore, I call the control class in the _ initialize () method of the CommonAction class. the call method is as follows:

1. Public function _ initialize ()
2. {
3. Import ('adminacl', 'common/admin ');
4. New AdminAcl ();
5. }

In this way, the initialization method will be called every time other actions are executed, and the resource control class AdminAcl will be automatically called, and judgment and control will be performed according to the preDespatch () method rules in this class.

Post-statement:In fact, in step 5, we finally called the redirect () method to redirect. this method is a TP system function. the URL address in it can be configured in the group configuration, this achieves a fully automated or semi-automatic effect.

The above usage is very common in ZF. if TP is not used, it will be used in ZF framework.