Home > Article > Backend Development > Simple permission design about PHP bit operations_PHP tutorial
Simple permission design about PHP bit operations_PHP tutorial
- WBOYOriginal
- 2016-07-20 11:16:50894browse
This article is a detailed analysis and introduction to the simple permission design of PHP bit operations. Friends in need can refer to it.
1. Write at the front
Recently I want to write a simple thing about permission processing. I have also learned that using binary number bit operations can accomplish this task well. Regarding the bit operations of binary numbers, the most common ones are the three simple operations of "OR, AND, and NOT". Of course, I also checked the PHP manual, and there are also the three operations of "XOR, left shift, and right shift" . I remember that my math teacher started nagging me when I was in junior high school. I don’t want to give any additional explanation of this operation here and go directly to the topic.
2. How to define permissions
Define the value of the permission according to the Nth power of 2, and so on. Why define it this way? This definition ensures that there is only one 1 in each permission value (binary), and it corresponds to exactly one permission. For example:
define('ADD', 1); // Add permissions
define('UPD', 2); // Modify permissions
define('SEL', 4); // Find permissions
define('DEL', 8); // Delete permissions
3. Permission operation
Permission operations actually involve the concept of "role". Performing permission operations is nothing more than granting certain permissions to a certain role, prohibiting certain permissions, and detecting whether a certain role has certain permissions. Relative to these three operations. It can be easily implemented using arithmetic operations between binary numbers.
// To grant certain permissions, use the "bitwise OR" operator
$a_access = ADD | UPD | SEL | DEL; // a has the permission to add, delete, modify and check
$b_access = ADD | UPD | SEL; // b has the permission to add, modify and check
$c_access = ADD | UPD; // c has the permission to add and modify
// Prohibit certain permissions from using the "bit AND" and "bit NOT" operators
$d_access = $c_access & ~UPD; // d only has increased permissions
// To detect whether you have a certain permission, use the "bit AND" operator
var_dump($b_access & ADD); // 1 means b has increased permissions
var_dump($b_access & DEL); // 0 means b does not have delete permission
4. Implement simple permission classes and role classes
Using the above permission operation method, it can be simply encapsulated into a permission class and a role class.
/**
* Simple permission class
*/
class Peak_Auth {
/**
* Permission type counter
* Function is to generate permission value
*
* @var int
*/
protected static $authCount = 0;
/**
* Permission name
*
* @var string
*/
protected $authName;
/**
* Permission details
*
* @var string
*/
protected $authMessage;
/**
* Permission value
*
* @var int 2 to the Nth power
*/
protected $authValue;
/**
* Constructor
* Initialize permission name, permission details and permission value
*
* @param string $authName permission name
* @param string $authMessage permission details
*/
public function __construct($authName, $authMessage = '') {
$this->authName = $authName;
$this->authMessage = $authMessage;
$this->authValue = 1 << self::$authCount;
self::$authCount++;
}
/**
* This class does not allow object copy operations
*/
private function __clone() {
}
/**
* Set permission details
*
* @param string $authMessage
*/
public function setAuthMessage($authMessage) {
$this->authMessage = $authMessage;
}
/**
* Get permission name
*
* @return string
*/
public function getAuthName() {
return $this->authName;
}
/**
* Get permission value
*
* @return int
*/
public function getAuthValue() {
return $this->authValue;
}
/**
* Get permission details
*
* @return string
*/
public function getAuthMessage() {
return $this->authMessage;
}
}
/**
* Simple character class
*
* @author 27_Man
*/
class Peak_Role {
/**
*Character name
*
* @var string
*/
protected $roleName;
/**
* Permission value owned by the role
*
* @var int
*/
protected $authValue;
/**
* Parent role object
*
* @var Peak_Role
*/
protected $parentRole;
/**
* Constructor
*
* @param string $roleName role name
* @param Peak_Role $parentRole parent role object
*/
public function __construct($roleName, Peak_Role $parentRole = null) {
$this->roleName = $roleName;
$this->authValue = 0;
if ($parentRole) {
$this->parentRole = $parentRole;
$this->authValue = $parentRole->getAuthValue();
}
}
/**
* Obtain the permissions of the parent role
*/
protected function fetchParenAuthValue() {
if ($this->parentRole) {
$this->authValue |= $this->parentRole->getAuthValue();
}
}
/**
*Give some permission
*
* @param Peak_Auth $auth
* @return Peak_Role for chaining operations
*/
public function allow(Peak_Auth $auth) {
$this->fetchParenAuthValue();
$this->authValue |= $auth->getAuthValue();
return $this;
}
/**
* Block certain permissions
*
* @param Peak_Auth $auth
* @return Peak_Role for chaining operations
*/
public function deny(Peak_Auth $auth) {
$this->fetchParenAuthValue();
$this->authValue &= ~$auth->getAuthValue();
return $this;
}
/**
* Check whether you have certain permissions
*
* @param Peak_Auth $auth
* @return boolean
*/
public function checkAuth(Peak_Auth $auth) {
return $this->authValue & $auth->getAuthValue();
}
/**
* Get the permission value of the role
*
* @return int
*/
public function getAuthValue() {
return $this->authValue;
}
}
5.对权限类和角色类的简单操作例子
//Create three permissions: readable, writable, and executable
$read = new Peak_Auth('CanRead');
$write = new Peak_Auth('CanWrite');
$exe = new Peak_Auth('CanExe');
//Create a role User
$user = new Peak_Role('User');
//Create another role Admin, which has all the permissions of User
$admin = new Peak_Role('Admin', $user);
//Give User readable and writable permissions
$user->allow($read)->allow($write);
//Give Admin executable permissions, and he also has User permissions
$admin->allow($exe);
// Disable Admin’s writable permissions
$admin->deny($write);
// Check whether Admin has certain permissions
var_dump($admin->checkAuth($read));
var_dump($admin->checkAuth($write));
var_dump($admin->checkAuth($exe));