Thinkphp's Auth class certification

Source: Internet
Author: User
Tags import database

The Auth class has been around for a long time in the thinkphp code repository, but since it has not been a tutorial, few people know it, it is actually more convenient than RBAC.
RBAC is based on the node authentication, if you want to control more than the node finer permissions is a bit difficult, such as the action button on the page, I want to determine the user rights to display this button, if no permissions will not show this button;  What to do when you are 101-200. These credentials are difficult to authenticate with RABC.
The following describes the Auth authority authentication, it is almost omnipotent, in addition to the node authentication, the above said RABC difficult to authenticate the two cases, it can be achieved.
Auth authorization is certified according to the rules.   Let me first talk about its principle. In the database we have Rule table (think_auth_rule), User Group table (think_auth_group), User Group obvious table (think_auth_group_access)
We define permission rules in the rules table, define the permissions rules for each user group in the User Group table, and define the user groups to which the user belongs in the user group's obvious table. The following examples illustrate.
To determine whether the user has permission to display an action button, first define a rule and add a rule named Show_button to the rule table. Then add a user group in the User Group table, define the user group has Show_button permission rules (Think_auth_group table in the Rules word Gencun rule ID, multiple comma-separated), and then in the user group schedule defined UID 1 users Belong to this user group just now.
OK, when the table data is defined, it is easy to judge the permissions.

 1  import (' ORG. Util.auth '); //  load class Library  2   $auth  = new   Auth ();  3  if  ($ Auth ->check (' Show_button ', 1)) {//  The first parameter is the rule name, the second parameter is the user uid  4  //have permission to display the action button /span>5 }else  { //
      7 } 

The Auth class can also authenticate nodes like RBAC. We just need to define the name of the rule as the node name.
As with RABC, define the _initialize method in the public controller commonaction,

1<?PHP2  classCommonactionextendsaction{3       Public function_initialize () {4Import (' ORG. Util.auth ');//Load Class Library5         $auth=NewAuth ();6         if(!$auth->check (module_name. ' -‘. Action_name,session (' uid '))){7              $this->error (' You don't have permission ');8         }9      }Ten}

At this time we can add the node rule in the database, in the format: "Controller name-method name"

The Auth class can also be certified with multiple rules such as:

1  $auth


Indicates that the authentication user as long as has the Rule1 permission or the Rule2 permission, as long as has a rule the permission, the authentication returns the result to be true namely authentication passes.   The relationship of the default multiple permissions is the "or" relationship, that is, multiple permissions, as long as a permission passes through. We can also define an "and" relationship

1 $auth

The third parameter is specified as "and" to indicate that multiple rules are authenticated with an and relationship, when more than one rule is authorized at the same time. Returns false whenever a rule has no permissions.

Auth authentication, a user can belong to more than one user group. For example, we show_button this rule certification, user A also belongs to the user group 1 and the user group 22 user groups, user Group 1 does not have Show_button rule permissions, but if the user Group 2 has Show_button rule permissions, then the same will pass the permission authentication.

 1   $auth ->getgroups (UID)  2  

With the above code, you can get all user groups that the user belongs to, so that we may display them on the website.

The Auth class can also determine permissions by user attributes, such as judging by user integrals, assuming that our user table (Think_members) has a field score records the user's integration.
When I add a rule in the Rule table, I define the condition field of the rule table, the condition field is the rule condition, and the default is NULL to have no additional conditions, and only the rules in the user group are certified.  If the condition field is defined, there are rules in the user group that do not necessarily pass authentication, and the program also determines whether additional conditions are met. For example, we add several rules:
Name field: grade1, condition field: {score}<100
Name field: grade2, condition field: {score}>100 and {score}<200
Name field: grade3, condition field: {score}>200 and {score}<300

Here {score} represents the value of the field score in the Think_members table.

So this time
$auth->check (' grade1 ', UID) is to determine whether the user integral is 0-100
$auth->check (' Grade2 ', UID) to determine if user points are in 100-200
$auth->check (' grade3 ', UID) to determine if user points are in 200-300

Auth the use of class certification is generally, whether a little brief encounter feeling?

----------------------------------------------------

You need to configure config.php before using the Auth class

1' Auth_config ' =Array(2' Auth_on ' =true,//Authentication Switch3' Auth_type ' = 1,//authentication method, 1 is always certified; 2 is login authentication. 4' Auth_group ' = ' think_auth_group ',//User Group data table name5' auth_group_access ' = ' think_auth_group_access ',//User Group Schedule6' Auth_rule ' = ' think_auth_rule ',//Permission Rules table7' Auth_User ' = ' think_members '//User Information Table8)

Need to import Database

1-- ----------------------------2--think_auth_rule, rules table,3--ID: Primary key, Name: Rule Unique identifier,title: Rule Chinese Name Status status: 1 Normal, 0 disabled, condition: Regular expression, NULL indicates existence on validation, no null representation by condition validation4-- ----------------------------5DROP TABLEIFEXISTS ' think_auth_rule ';6 CREATE TABLE ' think_auth_rule ' (7' ID ' mediumint (8) unsigned notNULLAuto_increment,8' Name ' char (not)NULL DEFAULT‘‘,9' title ' char (not)NULL DEFAULT‘‘,Ten' Status ' tinyint (1) notNULL DEFAULT' 1 ', One' Condition ' char (+) notNULL DEFAULT‘‘, APRIMARYKEY(' id '), -UNIQUEKEY' name ' (' name ') -) Engine=myisamDEFAULTcharset=UTF8; the-- ---------------------------- ---think_auth_group User Group table, ---ID: Primary KEY, Title: User group Chinese name, rules: User Group has rule ID, multiple rules ","separate, status state: 1 Normal, 0 disabled --- ---------------------------- +DROP TABLEIFEXISTS ' Think_auth_group '; - CREATE TABLE ' Think_auth_group ' ( +' ID ' mediumint (8) unsigned notNULLAuto_increment, A' title ' char (+) notNULL DEFAULT‘‘, at' Status ' tinyint (1) notNULL DEFAULT' 1 ', -' Rules ' char (+) notNULL DEFAULT‘‘, -PRIMARYKEY(' id ') -) Engine=myisamDEFAULTcharset=UTF8; --- ---------------------------- ---think_auth_group_access User Group Schedule in--UID:user id,group_id: User group ID --- ---------------------------- toDROP TABLEIFEXISTS ' think_auth_group_access '; + CREATE TABLE ' think_auth_group_access ' ( -' UID ' mediumint (8) unsigned notNULL, the' group_id ' mediumint (8) unsigned notNULL, *UNIQUEKEY' uid_group_id ' (' uid ', ' group_id '), $      KEY' UID ' (' uid '),Panax Notoginseng      KEY' group_id ' (' group_id ') -) Engine=myisamDEFAULTCharset=utf8;

Finally need to download the Auth class file to your project, you can download my uploaded attachments, auth class in thinkphp code warehouse location in: https://github.com/liu21st/extend/blob/master/Extend/ library/org/util/auth.class.php

Thinkphp's Auth class certification

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.