1. Understanding ThinkPHP permission settings
Permission settings refer to the allocation of operation permissions according to the user's permission range so that they can perform corresponding operate. In the ThinkPHP framework, permission settings can be implemented through RBAC (Role-Based Access Control). Role-based access control (RBAC) is an access control model that assigns permissions based on roles rather than users, and grants users access permissions by assigning roles. RBAC has the following characteristics:
Authorize permissions to roles, and then assign roles to users to facilitate management;
Users only need to have roles. You can have all the permissions owned by the role;
The system is easy to expand and maintain, and has good scalability;
Permissions are implemented Separation from business logic significantly improves code reuse and access security.
2. RBAC-based permission setting steps
Step 1 Create permission table
In Create a permission table in the database, including the fields id, name, title and status;
The id and name fields are the primary key and permission identifier;
- # The ##title field is the permission name; the
- status field is the permission status, 1 represents enabled, 0 represents disabled.
Step 2 Create a role table
- Create a role table in the database, including the fields id, name, title and status;
- The id and name fields are the primary key and role identification;
- The title field is the role name;
## The status field is the role status, 1 means enabled, 0 means disabled. Step 3 Create user table
Create a user table in the database, including fields id, username, password and status; id field is the primary key; username is the username; password is the password; status represents the user status, 1 represents enabled, 0 represents disabled. Step 4 Create a user role association table
Create a user role association table in the database, including the fields user_id and role_id; user_id is the user ID; role_id is the role ID. Step 5 Create a role permission association table
Create a role permission association table in the database, including the fields role_id and rule_id; role_id is the role ID; rule_id is the permission ID. Step 6 Implement permission control
In the ThinkPHP project, the method to implement permission control is as follows:
In the project Define the public controller CommonController, which can implement permission control for all users; Create the Auth class to implement permission verification; Permission control is performed in the CommonController class, as shown below: -
public function _initialize(){
if(!authcheck()){
}
}
public function authcheck(){
$auth=new Auth;
if($auth->check(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME,session('uid'))){
return true;
}else{
return false;
}
}
Copy after login
In the Auth class, the logic of permission verification is implemented, as shown below: class Auth {
//检查权限
public function check($name, $uid){
if(in_array($uid, C('AUTH_SUPER_ADMIN'))){
return true;
}
$infos=M('user')->field('role_id')->where('id='.$uid)->find();
$role_id=$infos['role_id'];
$rules=M('access')->where('role_id='.$role_id)->select();
foreach($rules as $v){
$rule_ids[]=$v['rule_id'];
}
$rules=M('rule')->where('id in ('.implode(',',$rule_ids).')')->select();
foreach($rules as $r){
$urls[]=$r['name'];
}
if(in_array($name,$urls)){
return true;
}else{
return false;
}
}
}
Copy after login
The logic implemented by the above code is to add permission verification for all user operation requests. The validator will first check whether the user has super administrator privileges when requesting an operation that requires permission control. If the user is a super administrator, the verification is passed directly; if the user is not a super administrator, the list of permission IDs owned by the role is found (query from the association table) based on the user's role ID (query from the user table), and then Search the corresponding permission name list according to the permission ID list; if the requested operation name is in the permission name list, the verification is passed; otherwise, the permission verification fails.
The above is the detailed content of How to set the permissions of the ThinkPHP project team. For more information, please follow other related articles on the PHP Chinese website!