thinkphp auth authentication analogy RBAC Better authority authentication method (Auth class authentication)

Source: Internet
Author: User
Tags php class unique id import database

thinkphp Auth Authentication analogy RBAC Better authorization authentication method (Auth class authentication) Auth class has been in the thinkphp code warehouse for a long time, but because there has been no tutorial, few people know it, it is actually more convenient than RBAC.
RBAC is based on the node authentication, if you want to control more than the node finer permissions is a bit difficult, such as the action button on the page, I want to determine the user rights to display this button, if no permissions will not show this button; What to do when you are 101-200. These credentials are difficult to authenticate with RABC.
The following describes the Auth authority authentication, it is almost omnipotent, in addition to the node authentication, the above said RABC difficult to authenticate the two cases, it can be achieved.
Auth authorization is certified according to the rules. Let me first talk about its principle. In the database we have Rule table (think_auth_rule), User Group table (think_auth_group), User Group obvious table (think_auth_group_access)
We define permission rules in the rules table, define the permissions rules for each user group in the User Group table, and define the user groups to which the user belongs in the user group's obvious table. The following examples illustrate.
To determine whether the user has permission to display an action button, first define a rule and add a rule named Show_button to the rule table. Then add a user group in the User Group table, define the user group has Show_button permission rules (Think_auth_group table in the Rules word Gencun rule ID, multiple comma-separated), and then in the user group schedule defined UID 1 users Belong to this user group just now.
OK, when the table data is defined, it is easy to judge the permissions.
Import (' ORG. Util.auth ');//Load Class library $auth =new Auth (); if ($auth->check (' Show_button ', 1)) {//The first parameter is the rule name, the second parameter is the user UID   //have permission to show action button}else{    //no permission to show action Button  }
The Auth class can also authenticate nodes like RBAC. We just need to define the name of the rule as the node name.
As with RABC, define the _initialize method in the public controller commonaction,
<?php class Commonaction extends action{public    function _initialize () {       import (' ORG. Util.auth ');//Load Class library       $auth =new Auth ();       if (! $auth->check (module_name. ') -‘. Action_name,session (' uid ')) {            $this->error (' You do not have permission ');}}}    


Copy code This time we can add a node rule to the database in the format: "Controller name-method name"

The Auth class can also be certified with multiple rules such as:
    1. $auth, check(' rule1,rule2 ',uid);
Copy the code to indicate that the authenticated user as long as there is rule1 permission or Rule2 permission, as long as there is a rule permission, the authentication return result is true that authentication passes. The relationship of the default multiple permissions is the "or" relationship, that is, multiple permissions, as long as a permission passes through. We can also define an "and" relationship


The third parameter is specified as "and" to indicate that multiple rules are authenticated with an and relationship, when more than one rule is authorized at the same time. Returns false whenever a rule has no permissions.

Auth authentication, a user can belong to more than one user group. For example, we show_button this rule certification, user A also belongs to the user group 1 and the user group 22 user groups, user Group 1 does not have Show_button rule permissions, but if the user Group 2 has Show_button rule permissions, then the same will pass the permission authentication. 
$auth->getgroups (UID);


With the above code, you can get all user groups that the user belongs to, so that we may display them on the website.

The Auth class can also determine permissions by user attributes, such as judging by user integrals, assuming that our user table (Think_members) has a field score records the user's integration.
When I add a rule in the Rule table, I define the condition field of the rule table, the condition field is the rule condition, and the default is NULL to have no additional conditions, and only the rules in the user group are certified. If the condition field is defined, there are rules in the user group that do not necessarily pass authentication, and the program also determines whether additional conditions are met. For example, we add several rules:
Name field: grade1, condition field: {score}<100
Name field: grade2, condition field: {score}>100 and {score}<200
Name field: grade3, condition field: {score}>200 and {score}<300

Here {score} represents the value of the field score in the Think_members table.

So this time
$auth->check (' grade1 ', UID) is to determine whether the user integral is 0-100
$auth->check (' Grade2 ', UID) to determine if user points are in 100-200
$auth->check (' grade3 ', UID) to determine if user points are in 200-300

Auth the use of class certification is generally, whether a little brief encounter feeling?


You need to configure config.php before using the Auth class
' Auth_config ' =>array (        ' auth_on ' = true,//authentication switch        ' auth_type ' = + 1,//authentication method, 1 is always certified; 2 is login certified.        ' auth_group ' = ' think_auth_group ',//user group data table name        ' auth_group_access ' = ' think_auth_group_access ',// User group Schedule ' auth_rule ' + '        think_auth_rule ',//Permission rules table        ' auth_user ' + ' think_members '//user Information table    


Need to import Database

--------------------------------think_auth_rule, Rule table,--ID: Primary key, Name: Rule unique ID, title: Rule Chinese Name Status: 1 Normal, 0 disabled, Condition: The regular expression, which is an empty representation exists on validation, is not NULL to validate------------------------------DROP TABLE IF EXISTS ' think_auth_rule '; CREATE TABLE ' think_auth_rule ' (' ID ' mediumint (8) unsigned not NULL auto_increment, ' name ' char (a) NOT null DE FAULT ', ' title ' char (NOT NULL default ') ', ' status ' tinyint (1) is not null default ' 1 ', ' condition ' char ( Not NULL default ' ', PRIMARY key (' id '), UNIQUE key ' name ' (' name ')) Engine=myisam default Charset=utf8; --------------------------------Think_auth_group User Group table,--ID: Primary KEY, Title: User group Chinese name, rules: User Group has rule ID, multiple rules "," separate, status state : 1 Normal, 0 disabled------------------------------DROP TABLE IF EXISTS ' Think_auth_group '; CREATE TABLE ' Think_auth_group ' (' ID ' mediumint (8) unsigned not NULL auto_increment, ' title ' char (+) ' NOT null D Efault ', ' status ' tinyint (1) NOT null DEFAULT ' 1 ', ' Rules ' char (a) NOT null DEfault ", PRIMARY KEY (' id ')) engine=myisam DEFAULT Charset=utf8; --------------------------------think_auth_group_access user Group Schedule-UID: User id,group_id: User group ID------------------------ ------DROP TABLE IF EXISTS ' think_auth_group_access '; CREATE TABLE ' think_auth_group_access ' (' UID ' mediumint (8) unsigned not NULL, ' group_id ' mediumint (8) unsigned Not NULL, UNIQUE key ' uid_group_id ' (' uid ', ' group_id '), key ' uid ' (' uid '), key ' group_id ' (' group_id ')) ENGI Ne=myisam DEFAULT Charset=utf8;


thinkphp auth authentication analogy RBAC Better authority authentication method (Auth class authentication)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.