search
HomeBackend DevelopmentPHP TutorialIn-depth analysis of ThinkPHP's RBAC (role-based access control)_PHP tutorial
In-depth analysis of ThinkPHP's RBAC (role-based access control)_PHP tutorialJul 21, 2016 pm 03:06 PM
rbacthinkphponeWhatbased oncontrolyesPermissionsgo deepofRoleparseaccess

1. What is RBAC
Role-Based Access Control (Role-Based Access Control) is a promising alternative to traditional access control (discretionary access, mandatory access) instead received widespread attention.
In RBAC, permissions are associated with roles, and users gain permissions from these roles by becoming members of the appropriate roles. This greatly simplifies the management of permissions.
In an organization, roles are created to complete various tasks, and users are assigned corresponding roles based on their responsibilities and qualifications. Users can be easily assigned from one role to another. Roles can be granted new permissions based on new requirements and system integration, and permissions can also be reclaimed from a role as needed. Character-to-character relationships can be established to encompass a wider range of objective circumstances.

2. RBAC in ThinkPHP
Let’s first look at the data tables used in the official examples. Permission control is implemented through 5 tables, which are defined as follows:
RBAC uses 5 data tables
think_user (user table)
think_role (user grouping table)
think_node (operation node)
think_role_user (correspondence between users and user groups)
think_access (Correspondence between each operation and user group)


User table


Role table, what roles are there, this role is associated with the corresponding userid user


According to the id in the user table, the corresponding role id is associated, that is, the user is assigned a role. For example, the role with userid 3 is 2. According to the role role table, 7 represents the role of the employee


access table, permission table, for example, the role id is 2, which is the employee's permissions, and the corresponding node can be



The node table represents the applications-modules-module methods and defines a relationship between them. For example, the noteid of 30 is the Public module, and the noteid of 31 and 32 , Methods 33 and 34 add, insert, edit, and update all belong to Public. The test method with noteid 85 belongs to the method under the Game module with noteid 84.

3. Detailed explanation of config configuration file
Let’s take a look at the config file in the official example of thinkphp:

Copy code The code is as follows:

array(
'APP_AUTOLOAD_PATH'=>'@.TagLib',
'SESSION_AUTO_START'=>true,
'USER_AUTH_ON' => ;true,
‘USER_AUTH_TYPE ' 'USER_AUTH_KEY' =>'authId', //Default authentication type 1 Login authentication 2 Real-time authentication
=>'administrator','/ Public/login',// Default authentication gateway
                                                                                                                                                   does not require the authentication module > 'Not_auth_action' = & gt; '', // The default does not require the authentication operation
'reques_Auth_ACTION' = & GT; '', // The authentication operation is required
'guest_auth_on' = & gt; / false, / / ​​/ Whether to open tourists authorized Visit
'guest_auth_id' = & gt; 0, // The user's user ID
'db_like_fields' = & gt;' title | remark ',
' rbac_role_table '= & gt;' think_role ',
' RBAC_USER_TABLE' =>'think_role_user',
'RBAC_ACCESS_TABLE' =>'think_access',
'RBAC_NODE_TABLE' =>'think_node',
'SHOW_PAGE_TRACE'=>1//Show debugging information
);


You should understand most of it by reading the comments. The Public module does not require authentication. The reason is very simple. Before logging in, everyone is a guest. If the login page also requires permissions, where can I log in? Right, haha. The default gateway address means that the authentication failed and you do not have permission to jump here and log in again. ADMIN_AUTH_KEY represents super administrator permissions. If you create a user named admin in the user table, then this user is the super administrator. There is no need to assign permissions to it. It has all permissions. Why should you set up such an administrator? Because when If you assign the wrong permissions, it can easily cause confusion in the system permissions, making it impossible for everyone to access. At this time, the super administrator will come.

4. Several important methods of the RBAC class
authenticate($map,$model=") method passes in the conditions for querying users and the MODEL of the user table The return array contains the user's information
The saveAccessList($authId=null) method passes in the user's ID. This method does not return a value, but only sets the value of $_SESSION['_ACCESS_LIST'], which contains all the user groups corresponding to the user. All nodes that have permission to operate $_SESSION['_ACCESS_LIST']['project name']['module name']['operation name']. In the future, judging permissions is to judge whether the current project, module and operation are in $_SESSION[' _ACCESS_LIST']. The
checkAccess() method detects whether the current module and operation require verification and returns a bool type.
checkLogin() method detects login.
AccessDecision($appName=APP_NAME) method is to detect the current project module Whether the operation is in the $_SESSION['_ACCESS_LIST'] array, that is, in the $_SESSION['_ACCESS_LIST'] array $_SESSION['_ACCESS_LIST']['current operation']['current module']['current operation' ] exists. If it exists, it means there is permission. Otherwise, the
getAccessList($authId) method returns the value of the permission list $_SESSION['_ACCESS_LIST'].

http://www.bkjia.com/PHPjc/327598.html

truehttp: //www.bkjia.com/PHPjc/327598.htmlTechArticle1. What is RBAC role-based access control (Role-Based Access Control) as traditional access control (discretionary access , mandatory access) have received widespread attention. ...
Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
thinkphp是不是国产框架thinkphp是不是国产框架Sep 26, 2022 pm 05:11 PM

thinkphp是国产框架。ThinkPHP是一个快速、兼容而且简单的轻量级国产PHP开发框架,是为了简化企业级应用开发和敏捷WEB应用开发而诞生的。ThinkPHP从诞生以来一直秉承简洁实用的设计原则,在保持出色的性能和至简的代码的同时,也注重易用性。

一起聊聊thinkphp6使用think-queue实现普通队列和延迟队列一起聊聊thinkphp6使用think-queue实现普通队列和延迟队列Apr 20, 2022 pm 01:07 PM

本篇文章给大家带来了关于thinkphp的相关知识,其中主要介绍了关于使用think-queue来实现普通队列和延迟队列的相关内容,think-queue是thinkphp官方提供的一个消息队列服务,下面一起来看一下,希望对大家有帮助。

thinkphp的mvc分别指什么thinkphp的mvc分别指什么Jun 21, 2022 am 11:11 AM

thinkphp基于的mvc分别是指:1、m是model的缩写,表示模型,用于数据处理;2、v是view的缩写,表示视图,由View类和模板文件组成;3、c是controller的缩写,表示控制器,用于逻辑处理。mvc设计模式是一种编程思想,是一种将应用程序的逻辑层和表现层进行分离的方法。

实例详解thinkphp6使用jwt认证实例详解thinkphp6使用jwt认证Jun 24, 2022 pm 12:57 PM

本篇文章给大家带来了关于thinkphp的相关知识,其中主要介绍了使用jwt认证的问题,下面一起来看一下,希望对大家有帮助。

thinkphp扩展插件有哪些thinkphp扩展插件有哪些Jun 13, 2022 pm 05:45 PM

thinkphp扩展有:1、think-migration,是一种数据库迁移工具;2、think-orm,是一种ORM类库扩展;3、think-oracle,是一种Oracle驱动扩展;4、think-mongo,一种MongoDb扩展;5、think-soar,一种SQL语句优化扩展;6、porter,一种数据库管理工具;7、tp-jwt-auth,一个jwt身份验证扩展包。

thinkphp 怎么查询库是否存在thinkphp 怎么查询库是否存在Dec 05, 2022 am 09:40 AM

thinkphp查询库是否存在的方法:1、打开相应的tp文件;2、通过“ $isTable=db()->query('SHOW TABLES LIKE '."'".$data['table_name']."'");if($isTable){...}else{...}”方式验证表是否存在即可。

一文教你ThinkPHP使用think-queue实现redis消息队列一文教你ThinkPHP使用think-queue实现redis消息队列Jun 28, 2022 pm 03:33 PM

本篇文章给大家带来了关于ThinkPHP的相关知识,其中主要整理了使用think-queue实现redis消息队列的相关问题,下面一起来看一下,希望对大家有帮助。

thinkphp3.2怎么关闭调试模式thinkphp3.2怎么关闭调试模式Apr 25, 2022 am 10:13 AM

在thinkphp3.2中,可以利用define关闭调试模式,该标签用于变量和常量的定义,将入口文件中定义调试模式设为FALSE即可,语法为“define('APP_DEBUG', false);”;开启调试模式将参数值设置为true即可。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools