1. What is RBAC
Role-Based Access Control (Role-Based Access Control) is a promising alternative to traditional access control (discretionary access, mandatory access) instead received widespread attention.
In RBAC, permissions are associated with roles, and users gain permissions from these roles by becoming members of the appropriate roles. This greatly simplifies the management of permissions.
In an organization, roles are created to complete various tasks, and users are assigned corresponding roles based on their responsibilities and qualifications. Users can be easily assigned from one role to another. Roles can be granted new permissions based on new requirements and system integration, and permissions can also be reclaimed from a role as needed. Character-to-character relationships can be established to encompass a wider range of objective circumstances.
2. RBAC in ThinkPHP
Let’s first look at the data tables used in the official examples. Permission control is implemented through 5 tables, which are defined as follows:
RBAC uses 5 data tables
think_user (user table)
think_role (user grouping table)
think_node (operation node)
think_role_user (correspondence between users and user groups)
think_access (Correspondence between each operation and user group)
User table
Role table, what roles are there, this role is associated with the corresponding userid user
According to the id in the user table, the corresponding role id is associated, that is, the user is assigned a role. For example, the role with userid 3 is 2. According to the role role table, 7 represents the role of the employee
access table, permission table, for example, the role id is 2, which is the employee's permissions, and the corresponding node can be
The node table represents the applications-modules-module methods and defines a relationship between them. For example, the noteid of 30 is the Public module, and the noteid of 31 and 32 , Methods 33 and 34 add, insert, edit, and update all belong to Public. The test method with noteid 85 belongs to the method under the Game module with noteid 84.
3. Detailed explanation of config configuration file
Let’s take a look at the config file in the official example of thinkphp:
4. Several important methods of the RBAC class
authenticate($map,$model=") method passes in the conditions for querying users and the MODEL of the user table The return array contains the user's information
The saveAccessList($authId=null) method passes in the user's ID. This method does not return a value, but only sets the value of $_SESSION['_ACCESS_LIST'], which contains all the user groups corresponding to the user. All nodes that have permission to operate $_SESSION['_ACCESS_LIST']['project name']['module name']['operation name']. In the future, judging permissions is to judge whether the current project, module and operation are in $_SESSION[' _ACCESS_LIST']. The
checkAccess() method detects whether the current module and operation require verification and returns a bool type.
checkLogin() method detects login.
AccessDecision($appName=APP_NAME) method is to detect the current project module Whether the operation is in the $_SESSION['_ACCESS_LIST'] array, that is, in the $_SESSION['_ACCESS_LIST'] array $_SESSION['_ACCESS_LIST']['current operation']['current module']['current operation' ] exists. If it exists, it means there is permission. Otherwise, the
getAccessList($authId) method returns the value of the permission list $_SESSION['_ACCESS_LIST'].
http://www.bkjia.com/PHPjc/327598.html
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
