Detailed introduction to the permission setting method of the ThinkPHP project team

ThinkPHP is an excellent PHP framework, widely used in the field of web development. In the project implementation process, permission setting is a crucial link. This article will introduce in detail the permission setting method of the ThinkPHP project team.

1. Understanding ThinkPHP permission settings

Permission setting refers to assigning operation permissions to users so that they can operate according to the permission scope. In the ThinkPHP framework, permission settings can be implemented through RBAC (Role-Based Access Control). RBAC role-based access control refers to an access control model that assigns roles to users and reassigns permissions to the roles. RBAC has the following characteristics:

1. Grant permissions to roles, and then assign roles to users to facilitate management;
2. Users only need to have roles to have all the permissions owned by the roles. ;
3. The system is easy to expand and maintain, and has good scalability;
4. realizes the separation of permissions and business logic, significantly improving code reuse rate and access security.

2. RBAC-based permission setting steps

Step 1 Create permission table

1. Create a permission table in the database, including the fields id, name, title and status;
2. id and name fields are the primary key and permission identification;
3. title field is the permission name;
4. status field is the permission status, 1 represents enabled, 0 means disabled.

Step 2 Create a role table

1. Create a role table in the database, including the fields id, name, title and status;
2. id and The name field is the primary key and role identification; the
3. title field is the role name; the
4. status field is the role status, 1 represents enabled, 0 represents disabled.

Step 3 Create user table

1. Create a user table in the database, including fields id, username, password and status;
2. id field is the primary key;
3. username is the user name;
4. password is the password;
5. status represents the user status, 1 represents enabled, 0 represents disabled.

Step 4 Create a user role association table

1. Create a user role association table in the database, including the fields user_id and role_id;
2. user_id is User ID;
3. role_id is the role ID.

Step 5 Create a role permission association table

1. Create a role permission association table in the database, including the fields role_id and rule_id;
2. role_id is Role ID;
3. rule_id is the permission ID.

Step 6 Implement permission control

In the ThinkPHP project, the method to implement permission control is as follows:

1. Define the common controller CommonController in the project, This controller can implement permission control for all users;
2. Create the Auth class to implement permission verification;
3. Perform permission control in the CommonController class, as shown below:

public function _initialize(){
    if(!authcheck()){

        }
    }

public function authcheck(){
    $auth=new Auth;
    if($auth->check(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME,session('uid'))){
        return true;
    }else{
        return false;
    }
}

4. In the Auth class, the logic of permission verification is implemented, as shown below:

class Auth {
    //检查权限
    public function check($name, $uid){
        if(in_array($uid, C('AUTH_SUPER_ADMIN'))){
            return true;
        }
        $infos=M('user')->field('role_id')->where('id='.$uid)->find();
        $role_id=$infos['role_id'];
        $rules=M('access')->where('role_id='.$role_id)->select();
        foreach($rules as $v){
            $rule_ids[]=$v['rule_id'];
        }
        $rules=M('rule')->where('id in ('.implode(',',$rule_ids).')')->select();
        foreach($rules as $r){
            $urls[]=$r['name'];
        }
        if(in_array($name,$urls)){
            return true;
        }else{
            return false;
        }
    }
}

The logic implemented by the above code is to add permission verification for all user operation requests. If the operation requested by the user requires permission control, the validator first checks whether the user is a super administrator. If the user is a super administrator, the verification is passed directly; if the user is not a super administrator, the list of permission IDs owned by the role is found (query from the association table) based on the user's role ID (query from the user table), and then Search the corresponding permission name list according to the permission ID list; if the requested operation name is in the permission name list, the verification is passed; otherwise, the permission verification fails.

3. Summary

Permission setting is an indispensable part of website development. This article details how to implement permission control based on RBAC in the ThinkPHP project. Based on this idea, you can set corresponding operation permissions based on your actual project needs.

The above is the detailed content of Detailed introduction to the permission setting method of the ThinkPHP project team. For more information, please follow other related articles on the PHP Chinese website!