Use thinkphp5 to implement role-based access control (rbac permissions)

This article mainly talks about using thinkphp5 to implement role-based access control (rbac permissions), and shares it with everyone for the convenience of reference for friends in need.

一

Create a database first;

For example: create a test database; then create 3 The tables are: test_admin (administrator table), test_role, test_auth.

This is the newly created test library

Administrator table

This is the newly created admin table. This table is the user table and the user in the management background.

The issuper field of this table represents whether it is a super administrator. This super administrator can manage all roles and execute all permissions.

admin_role_id This field mainly describes the role table id corresponding to administrators other than super administrators. Below we will give the role table.

Role table

This table is a role table. His main id and the administrator's admin_role_id can tell what role management the administrator is in.

Permission table

This table is a permission table, and its main id corresponds to the role_auth_id of the role table. It can be concluded that different roles have different permissions to execute.

二

　Website background management page login different administrators display roles and role permissions.

Create Admin.php, Role.php, and Auth.php in the model layer of the admin file of tinkphp application for business processing.

Then create index.php in the controller layer##

<?php
namespace app\admin\controller;
use think\Controller;
use think\Url;
use think\Request;
use think\Session;
use app\admin\model\Auth as AuthModel
use app\admin\model\Role as RoleModel

class Index extends CommonController
{
     public $role;
     public $auth;
     public $view;
public funtion __construct()
{
  $this->role = new RoleModel()
  $this->auth = new AuthModel()
  $this->view = new View();
}   

  publci function auth()
{
//角色id;
  $admin_id = sesison(&#39;admin_id&#39;);
  $admin_name = session(&#39;admin_name&#39;);

  $resAdmin = $this->admin->where([&#39;admin_id&#39;=>$admin_id])->select();
  if($resAdmin[0]->issuper == 1){
//超级管理员拥有全部权限;
//一级权限;
  $authA = $this->auth->where([&#39;auth_level&#39;]=>0)->select();
//二级权限
  $authB = $this->auth->where([&#39;auth_level&#39;=>1])->select();
} else {
  //权限ids;
  $role_auth_ids = $this->role->where([&#39;role_id&#39;=>$admin_role_id])->select();
  $authA = $this->auth->where(&#39;auth_level&#39; , 0)->where(&#39;auth_id&#39; , &#39;in&#39; , $role_auth_ids)->select();
  $authB  = $this->auth->where(&#39;auth_level&#39; , 1])->where(&#39;auth_id&#39; , &#39;in&#39; , $role_auth_ids)->select();
}

  $auth = array(&#39;authA&#39;=>$authA , &#39;authB&#39;=>$authB);
  $this->redirect(&#39;admin/&#39;.$auth[&#39;authA&#39;][0]->auth_c.&#39;/&#39;.$auth[&#39;authA&#39;][0]->auth_a);

}

public function leftnav()
{
  $admin_id = session(&#39;admin_id&#39;);
  $amin_name = session(&#39;admin_name&#39;);
  //角色id;
  $resAdmin = $this->admin->where([&#39;admin_id&#39;]=>$admin_id)->select();
  $admin_role_id = $resAdmin[0]->$admin_role_id;
  if($resAdmin[0]->issuper == 1){
  //超级管理员super拥有全部权限;
 //一级权限;
  $authA = $this->auth->where([&#39;auth_level&#39;=>0])->select();
 //二级权限;
  $authB = $this->auth->where([&#39;auth_level&#39;=>1])->select();
}  else {
  //权限ids
  $role_auth_ids = $this->role->where([&#39;role_id&#39;=>$admin_role_id])->select();
  $role_auth_ids = $role_auth_ids[0]->role_auth_ids;

  $authA = $this->auth->where(&#39;auth_level&#39; , 0)->where(&#39;auth_id&#39; , &#39;in&#39; , $role_auth_ids)->select();
  $authB = $this->auth->where(&#39;auth_level&#39; , 1)->where(&#39;auth_id&#39; , &#39;in&#39; , $role_aut_ids)->select();
}

  $auth = array(&#39;authA&#39;=>$authA , &#39;authB&#39;=>$authB);
  $this->view->assign(&#39;authA&#39; , $auth[&#39;authA&#39;]);
  $this->view->assign(&#39;authB&#39; , $auth[&#39;authB&#39;]);
}

    
}

Now let me explain the function of the auth method above. It is used to redirect if the logged-in manager redirects to the url address. If he enters an address that does not belong to his permissions, we will redirect him to his own management page.

There is also the content of the inherited CommonController;

<?php
namspace app\admin\controller;
use think\Controller;
use think\Request;
use app\admin\model\Common as Controller
{
  public function __construct()
{
  parent::__construct();
  $res = new CommonModel();
  $resquest = Request::instance();

  if(session(&#39;admin_id&#39;) == null){
  if(strtolower($resquest->controller()) == &#39;index&#39; && strtolower($resquest->action()) == &#39;login&#39;){
  return true;
} else {
 $this->error(&#39;没有登陆!<br /><span style="color:gray;">...</span> &#39;);
}

 $resCommon = $res->auth();
 if(Request::instance()->isAjax()){
  $this->ajaxReturn([&#39;msg&#39;=>&#39;没有操作权限!&#39; , &#39;code&#39;=>&#39;201&#39;] , &#39;json&#39;);
} else {
 $this->error(&#39;没有操作权限!<br><span style="color:gray;">...</span>&#39;);
}
}
}
}

三

　Permission Control

The administrator logs into the background to access the operation business that belongs to his own authority. If the administrator wants to skip the level and view the operations that do not belong to his own authority. Business, the controller will redirect the administrator to his own operation page.

<?php
namespace app\admin\model;
use think\Model;
use think\Db;
use think\Session;
use think\Request;
use app\admin\model\Admin as AdminModel;
use app\admin\model\Role as RoleModel;
use app\admin\model\Auth as AuthModel;

class Common extends Model
{

    public function auth()
    {
        //当前控制器和操作方法;
        $request= Request::instance();
        $auth_ac = strtolower(trim($request->controller())).&#39;/&#39;.strtolower(trim($request->action()));
        //var_dump($auth_ac);
        $auth = array();
        $res = new AdminModel();
        $resRole = new RoleModel();
        $resAuth = new AuthModel();
        
        $resAdmin = $res->where([&#39;admin_id&#39;=>session(&#39;admin_id&#39;)])->select();
        //非超级管理员控制权限;
        if($resAdmin[0]->issuper != 1){
            $admin_role_id = $resAdmin[0]->admin_role_id;
            //$admin_role_id = $info[&#39;admin_role_id&#39;];
            //$info = $this->info(&#39;Role&#39; , [&#39;role_id&#39;=>$admin_role_id] , &#39;role_auth_ids&#39;);
            $info = $resRole->where(&#39;role_id&#39; , $admin_role_id)->select();
            $role_auth_ids = $info[0]->role_auth_ids;
            $infos = $resAuth->where(&#39;auth_id&#39; , &#39;in&#39; , $role_auth_ids)->select();
            //$infos = $this->infos(&#39;Auth&#39; , [&#39;auth_id&#39;=>[&#39;in&#39; , $role_auth_ids] , &#39;auth_level&#39;=>1] ,&#39;auth_c , auth_a&#39; );
            foreach($infos as $key=>$val){
                $auth[] = $val[&#39;auth_c&#39;].&#39;/&#39;.$val[&#39;auth_a&#39;];
            } 

            $result = array_merge($auth , [&#39;index/auth&#39;] , [&#39;index/login&#39;]);
            //var_dump($result);
            if(in_array($auth_ac , $result)){
                return true;
            } else {
                return false;
            } 

        } else {
            return true;
        }

    }

}

The above CommonModel is called in CommonController to determine the administrator's authority level.

Related tutorials:

PHP video tutorial

The above is the detailed content of Use thinkphp5 to implement role-based access control (rbac permissions). For more information, please follow other related articles on the PHP Chinese website!