Analysis of RBAC Implementation Principle of thinkPHP Framework
- 2021-11-14 05:09:51
- OfStack
In this paper, the implementation principle of thinkPHP framework RBAC is described with examples. Share it for your reference, as follows:
RBAC is: Role Based Access Controller, based on role (role) authority (Access) management, here a brief introduction to his principle and implementation of 1.
Design of Part 1 Database
First of all, the most basic components are: User (admin), Role (role), Specific authority (auth), The relationship between these three is as follows: A user only has one role, one role has multiple permissions, and one permission will be owned by multiple roles at the same time, that is to say, admin table and role table are 1-to-1 relationship, role and auth table are many-to-many relationship, and an association table should be needed to meet the requirements of paradigm design. However, for simplicity, only auth owned by role is written as a field auth_id_lst. So the specific table design is:
admin
admin_id admin_name role_id (foreign_key)role
role_id role_name auth_id_lstauth
auth_id auth_name auth_pidFor more direct understanding, here are a few specific records of each table:
auth
| auth_id | auth_name | auth_pid |
|---|---|---|
| 1 | 供应商管理 | 0 |
| 2 | 供应商添加 | 1 |
| 3 | 供应商修改 | 1 |
| 4 | 商品管理 | 0 |
| 5 | 商品下架 | 4 |
| 6 | 顾客管理 | 0 |
role
| role_id | role_name | auth_id_lst |
|---|---|---|
| 1 | 物流部门经理 | 1,2,3 |
| 2 | 销售部门经理 | 4,5 |
| 3 | 公关部门经理 | 6 |
admin
| admin_id | admin_name | role_id |
|---|---|---|
| 1 | 张3 | 1 |
| 2 | 李4 | 2 |
| 3 | 王5 | 3 |
In this way, the specific permissions owned by specific users can be saved. In order to better manage the specific auth and better understand it, the role table is added to supplement it. If it is similar, it is more like the following form:
admin: Specific Person role: Departments auth: Specific permissions requiredPeople in the same department need the same authority, so they can use one role for unified management.
Code Implementation of Part 2
The above is just a simple introduction, and this part will introduce the specific implementation plan at the beginning, which comes from a big brother who took me. To understand the following parts, you need to have the following knowledge points:
Basic knowledge of thinkphp Usage of sessionThis usage scenario is a background management system, which opens different Controller (controller) and Action (method) for different role, so the specific structure of auth table is as follows:
admin
auth_id auth_name auth_c Save the controller name auth_a Save method name There is a classification between auth_pid permissions. Use this field to saveThe next step is the specific operation steps:
1.1 Create a new Controller class
In thinkphp, each Controller will inherit Think\ Controller under thinkphp. At this time, a new Controller can be created, and then all Controller will inherit this new class, so that all operations must be screened by this new controller first.
Here are some of the contents of this new class:
<?php
namespace Admin\Controller;
use Think\Controller;
class FatherController extends Controller{
// Constructor
public function __construct(){
// Instantiate the parent class constructor
parent::__construct();
// session('admin_id') Will be saved after the subsequent verification is successful
// session() In ? Representation judgment
fi(!session('?admin_id')){
$this->error(' You must log in before you can perform an operation ',U('Back/login'));
}
// There is still content behind, so let's go here first
}
}
?>
1.2 Jump to Login Page
1.1 Jump to a login page. After entering the user name, password and verification code in this login page, you can call a special Model class for verification. I'll talk about it in detail here, and I'll explain 1 specific steps here:
Instantiating the AdminModel class in the login method of BackController Set auto-authentication and auto-completion in the AdminModel class to ensure that both user names and passwords are authenticated If the username and password are correct, save admin_id in session, and read the user's role from the role table, which is also saved in session as well as auth_id_lst. Here is a summary:
session('admin_id')
Login's id
session('user_name')
Registered name of login
session('auth')
The specific value of auth table in auth_id_lst in role owned by the registrant is in the format of Controller/Action
session('menu')
Specific permission information that the login can operate
1.3 Back to the original new Controller class
<?php
namespace Admin\Controller;
use Think\Controller;
class FatherController extends Controller{
// Constructor
public function __construct(){
// Instantiate the parent class constructor
parent::__construct();
// session('admin_id') Will be saved after the subsequent verification is successful
// session() In ? Representation judgment
fi(!session('?admin_id')){
$this->error(' You must log in before you can perform an operation ',U('Back/login'));
}
// Here is the new content later
// CONTROLLER_NAME The name of the controller currently called, think Variables of
// ACTION_NAME And CONTROLLER_NAME1 Sample, representing the method under the currently called controller
$currentMethod=CONTROLLER_NAME.'/'.ACTION_NAME;
// The top is actually thinkphp1 Like pathinfo Pattern url Format
// Index Calling casually is actually the homepage. There are other settings on the homepage to show the permissions it has. See this later
if(CONTROLLER_NAME=='Index'){
return true;
}
// Read all the permissions the user has, and the string has been parsed into an array
$allowMethod=session('auth_id_lst');
// * Indicates that the root has all permissions, and an error prompt page is displayed if the user requests an action that exceeds his or her permissions
if($allowMethod!='*' && !in_array($currentMethod, $allowMethod)){
$this->error(' Ultra vires operation ',U('Index/index'));
}
}
}
?>
1.4 Content displayed on the home page
The homepage is automatically generated by using the built-in label of thinkphp, so as long as you grasp the output content, you can limit the operation authority given to users. As mentioned above, the operation authority given to users is saved in session ('menu'), so as long as you call this value in the built-in label, it is OK to display it, and the specific content is like this.
I know. After all, I only spent half an hour reading the specific content. After that, I may try to write it myself. Let's talk about it then.
Readers who are interested in thinkPHP can check the topics of this site: "Introduction to ThinkPHP", "Summary of thinkPHP Template Operation Skills", "Summary of Common Methods of ThinkPHP", "Introduction to codeigniter", "Advanced Course of CI (CodeIgniter) Framework", "Introduction to Zend FrameWork Framework" and "Summary of PHP Template Technology".
I hope this article is helpful to PHP programming based on ThinkPHP framework.