权限控制的一个思路-php手册-php.cn

Home

php教程

php手册

权限控制的一个思路

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 11:30 AM

mvcurlIdeasuscontroldatabasePermissionsmoduleofstructuresurfaceaccesspass

数据库表结构

<span CREATE</span> <span TABLE</span><span  `NewTable` (
    `id`  </span><span int</span>(<span 11</span>) <span NOT</span> <span NULL</span><span  AUTO_INCREMENT,
    `title`  </span><span varchar</span>(<span 255</span>) <span NOT</span> <span NULL</span><span ,
    `menu_id`  </span><span int</span>(<span 11</span>) <span NOT</span> <span NULL</span><span ,
    `module`  </span><span varchar</span>(<span 50</span>) <span NOT</span> <span NULL</span><span ,
    `class`  </span><span varchar</span>(<span 50</span>) <span NOT</span> <span NULL</span><span ,
    `method`  </span><span varchar</span>(<span 50</span>) <span NOT</span> <span NULL</span><span PRIMARY</span> <span KEY</span><span  (`id`)
);</span>

假定我们使用了MVC的结构，并通过url访问对应的模块及类和函数。

表中第一行表示一个操作，title表示操作名，menu_id表示属于哪一个菜单选项，module表示模块名（没有可以略过），class表示类名，method表示函数名

此外我们还需要一个用户组的表，大致如下：

其中access_list中保存的当前用户组所拥有的权限ID（对应上个权限表中的ID）

当然我们还需要一个用户表来对应用户组表

group_id表示的第用户所对应的用户组

当我们访问一个url的时候，比如：

http://testApp.test.com/index.php/module/testModule/testClass/testAction

通过路由分析，我们得到相应的数据：

模块->testModule

类->testClass

函数->testAction

通过三个参数，我们查找权限表中的数据，得到一个唯一的id值。

然后对比用户组中access_list中的数据，如果数据中包括有这个id，那么当前用户拥有当前操作的权限，反之没有权限。

那么我们如何来控制菜单选项，当用户有权限时才显示呢？

因为在权限表中的每个操作都对应有一个menu_id，即菜单选项。我们通过查找当前用户所属于的用户组信息，得到他所拥有的权限操作ID，再通过ID取得他所属于的菜单选项，这样就得到了当前用户所拥有的菜单权限。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 Chinese version

Chinese version, very easy to use

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Dreamweaver Mac version

Visual web development tools

Hot Topics

1668

1426

1329

1273

1256