thinkphp RBAC Detailed

Recently used thinkphp to do a project, the customer today has proposed a new requirement administrator http://www.aliyun.com/zixun/aggregation/18083.html "" > Rights Management. Previously seen thinkphp of the introduction of RBAC did not study carefully, now used to find a place to my understanding of RBAC to remember, lest later forgotten.

Let's look at the 6184.html "> data table for the official example.

RBAC uses 5 datasheets

Think_user (User table)

Think_role (User Group table)

Think_node (Operation node)

Think_role_user (corresponding to user and user groupings)

Think_access (corresponding to each operation and user group)

Here's the point, Think_note.

Think_note is actually a record of the entire Web site operation corresponding to the project name Module name and operation name.

The field name is the name of the project, module, or operation.

Field PID records their dependencies, such as which project a module belongs to, and which module the operation belongs to.

The level of the field means that the hierarchy of the node in other words is said level=1 for the project, level=2 for the module, Level=3 is the operation, such as the admin project, his PID is 0 (project PID is 0) levels is 1,nane is admin, Admin project under the user module, its level should be 2,pid is admin ID, admin below user module add operation, level should be 3, PID should be the previous user corresponding ID.

Again the method of RBAC class

Authenticate ($map, $model = ') method incoming query user's condition and user table's model return array contains the user's information

Saveaccesslist ($authId =null) method incoming user ID This method does not return a value, but sets the value of $_session[' _access_list ', which contains all nodes that have permission actions for all user groups corresponding to that user $_ session[' _access_list ' [' Project name ']] [' Module name '] [' Operation name '], later Judge Authority is to judge the current project, module and operation whether in $_session[' _access_list '] can find. S

The CheckAccess () method detects whether the current module and operation need to validate return bool type

Checklogin () method detects login

The Accessdecision ($appName =app_name) method is to detect whether the current project module operation is in the $_session[' _access_list ' array, i.e., in $_session[' _access_list '] In the array $_session[' _access_list ' [' current operation '] [' current module '] [' current operation '] exists. Returns flase if there is an indication of permission.

The Getaccesslist ($authId) method returns the value of $_session[' _access_list ' by querying the database for a list of permissions.

The record above is my personal understanding of RBAC. In the development process also encountered a problem, I have one project, but I would like to separate several modules management. Thought for a long time found Accessdecision ($appName =app_name) is the name of the project can be passed. Then we will first divide into several groups, that is, level=1,pid=0, and then the module group management. It's a bit of a hassle to use. Each grouping is built with a base class, in the base class if (! Rbac::accessdecision ()) {Manually add parameters to Accessdecision, which is the name of the current group. The base class is then referenced by a module that belongs to a group. This achieves the function of the grouped management module under the same project.