Of Stack

thinkPHP5 uses Rabc to implement privilege management

  • 2021-12-19 06:17:37
  • OfStack

We have known the permission management operation of think3.2 Rbac before, but in thinkPHP5, thinkPHP does not have built-in Rabc operation, so we need to use an Rbac extension of thinkPHP to realize permission management, and we can use it in thinkPHP gmars/tp5-rbac Expand to realize authority management

gmars/tp5-rbac Address: https://packagist.org/package...

1: gmars/tp5-rbac Installation

composer require gmars/tp5-rbac

2: gmars/tp5-rbac use

1: Rbac database creation

In gmars/tp5-rbac We need to use 6 tables, which are: permission node table (permission), permission_category (permission grouping table), role (role table). role_permission (Role Permission Association Table), user (User Table), user_role (User Role Association Table)

When we use composer, gmars/tp5-rbac After downloading it, we can find that vendorgmarstp5-rbac There is 1 under the directory gmars_rbac.sql File, which is the sql of the table we need to create

In the following sql, # # # is your table prefix, and the following is just to show the table we need sql and create the table gmars/tp5-rbac Provides a method to help us automatically create the tables we need 


// Instantiation rbac
$rbac = new Rbac();
// Initialization rbac The required table can pass in parameters $db Default to blank for database configuration item is default database ( Considering the case of multiple libraries, )
$rbac->createTable();

The above method will generate the table needed by rbac, and it will only be executed once. For safety, it will be locked after execution. The next time it needs to delete the lock file and then execute it

(1): Permission Node Table (permission) 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';

(2): permission_category (Permission Grouping Table 


SET FOREIGN_KEY_CHECKS=0;
DROP TABLE IF EXISTS `###permission_category`;
CREATE TABLE `###permission_category` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT ' Permission group name ',
 `description` varchar(200) COLLATE utf8mb4_general_ci NOT NULL DEFAULT '' COMMENT ' Permission grouping description ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '1' COMMENT ' Permission grouping status 1 Effective 2 Invalid ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission group creation time ',
 PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci COMMENT ' Permission grouping table ';

(3): role (Role Table) 


DROP TABLE IF EXISTS `###role`;
CREATE TABLE `###role` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Role name ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Role description ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 1 Normal 0 Not enabled ',
 `sort_num` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Sorting value ',
 PRIMARY KEY (`id`),
 KEY `idx_role` (`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Role table ';

(4): role_permission (Role Permission Association Table) 


DROP TABLE IF EXISTS `###role_permission`;
CREATE TABLE `###role_permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `role_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Role number ',
 `permission_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Authority number ',
 PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Role permission correspondence table ';

(5): user (user table) 


DROP TABLE IF EXISTS `###user`;
CREATE TABLE `###user` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `user_name` varchar(50) NOT NULL DEFAULT '' COMMENT ' User name ',
 `password` varchar(64) NOT NULL DEFAULT '' COMMENT ' User password ',
 `mobile` varchar(20) NOT NULL DEFAULT '' COMMENT ' Mobile phone number ',
 `last_login_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Finally 1 Time of next logon ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Disable 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Account creation time ',
 `update_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Information update time ',
 PRIMARY KEY (`id`),
 KEY `idx_user` (`user_name`,`mobile`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' User table ';

(6): user_role (User Role Association Table) 


DROP TABLE IF EXISTS `###user_role`;
CREATE TABLE `###user_role` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `user_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Users id',
 `role_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Role id',
 PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' User role correspondence ';

2: Related operations of rbac

(1) Create permission groups 


// Instantiation rbac
$rbac = new Rbac();
// Create a permission group 
$rbac->savePermissionCategory([
  'name' => ' User Management Group ',
  'description' => ' Management of website users ',
  'status' => 1
]);

Edit permission grouping when primary key id is included in savePermissionCategory method

(2) Create permission nodes 


// Instantiation rbac
$rbac = new Rbac();
// Create a permission node 
$rbac->createPermission([
  'name' => ' Article list query ',
  'description' => ' Article list query ',
  'status' => 1,
  'type' => 1,//type Is a permission type 1 For backend permissions 2 For front-end permissions 
  'category_id' => 1,// Permission grouped id
  'path' => 'article/content/list',
]);

Edit permission node when primary key id is included in createPermission method

(3) Create roles & Assign permissions to roles 


// Instantiation rbac
$rbac = new Rbac();
// Create roles & Assign permissions to roles 
$rbac->createRole([
  'name' => ' Content administrator ',
  'description' => ' Responsible for website content management ',
  'status' => 1
], '1,2,3');

When the first parameter of createRole method contains the primary key id, it is an edit role, and the second parameter is the string spliced by id of the permission node

(4) Assign roles to users 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
0

The first parameter is the user id, and the second parameter is the array of roles id. This method will delete the roles previously assigned by the user, and then assign the roles to the user again

(5) Obtain permission grouping list 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
1

(6) Get permission list 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
2

(7) Get a list of roles 


// Instantiation rbac
$rbac = new Rbac();
// Get a list of roles 
$rbac->getRole([], true);

The first parameter is the condition of the role table, and the second parameter is true to query all permissions assigned by the role id

(8) Delete permissions related methods 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
4

(9) Authorization Verification

[1] service Mode

service mode depends on cookie because it needs to use session1. After the user logs in, it obtains the user rights and caches the user rights 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
5

Verify to determine whether the user has permission for the specified node: 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
6

[2] jwt Mode

jwt mode is commonly used in front-end separation structure. After the user logs in, he needs to get token, and pass the token obtained by the following method to the front end 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
7

Examples of return values are as follows: 


array(3) {
 ["token"] => string(32) "4c56b80f06d3d8810b97db33a1291694"
 ["refresh_token"] => string(32) "17914241bde6bfc46b20e643b2c58279"
 ["expire"] => int(7200)
}

Use refresh_token to refresh permissions, and use refresh_token to refresh permissions during the validity period 


DROP TABLE IF EXISTS `###permission`;
CREATE TABLE `###permission` (
 `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
 `name` varchar(50) NOT NULL DEFAULT '' COMMENT ' Permission Node Name ',
 `type` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Permission type 1api Authority 2 Pre-route permissions ',
 `category_id` int(11) unsigned NOT NULL DEFAULT '0' COMMENT ' Privilege grouping id',
 `path` varchar(100) NOT NULL DEFAULT '' COMMENT ' Permission path ',
 `path_id` varchar(100) NOT NULL DEFAULT '' COMMENT ' Path only 1 Code ',
 `description` varchar(200) NOT NULL DEFAULT '' COMMENT ' Descriptive information ',
 `status` smallint(4) unsigned NOT NULL DEFAULT '0' COMMENT ' Status 0 Not enabled 1 Normal ',
 `create_time` int(10) unsigned NOT NULL DEFAULT '0' COMMENT ' Creation time ',
 PRIMARY KEY (`id`),
 KEY `idx_permission` (`path_id`,`status`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT=' Permission node table ';
9

Verify, the front end passes token to the back end, and the back end verifies whether the user has the specified node authority 


$rbac->can('article/channel/list');

Summarize

Related articles: