How to use ThinkPHP6 to implement permission control

As the Internet becomes more and more developed, many websites need to control user permissions. Permission control can protect the security of the system and prevent unauthorized personnel from accessing system resources, which is very important in commercial applications. When developing applications using PHP, the ThinkPHP framework provides a simple solution.

ThinkPHP6 framework provides users with permission control capabilities based on RBAC (role-based access control). This article will introduce how to use ThinkPHP6 to implement permission control, including how to set permissions, how to use permissions in controllers and views, and how to store permission control information in the database.

1. Basic concepts

Before introducing how to implement permission control, we need to understand several basic concepts:

1. Role: has the same functions and Users with responsibilities are assigned to a role to facilitate their authorization management.
2. Permission: Defines the resources and operations that users can access in the system, including controllers, methods, and views.
3. Role-Permission relationship: Associate roles with their corresponding permissions to facilitate authorization management of users with a certain role.

2. Set permissions

1. Configure permissions

In ThinkPHP6, the configuration information of all permissions is stored in the appcontroller dmin.php file middle. There are two types of permissions in the configuration file: public permissions and private permissions.

Public permissions refer to resources and operations that any user can access, such as the system homepage, etc. Private permissions refer to resources and operations that can only be accessed by users with specific roles or permissions.

Add all public permissions to the appcontroller dmin.php file:

return [
    // 公共权限
    'public' => [
        'index/index',
        'index/home'
    ],

    // 私有权限
    'private' => []
];

2. Configure private permissions

For private permissions, we need to Add these permissions to the private permission group of the dmin.php file.

For example, we can add a permission named "user" that will allow access to the getUserList method in the AdminController controller:

// 私有权限
'private' => [
    'user' => [
        'AdminController/getUserList'
    ]
]

3. Using permissions in controllers and views

1. Verify permissions

When a user accesses a page that requires specific permissions, we need to verify the user's permissions. In ThinkPHP6, we can use the check method provided by the Auth class to verify whether the user has specific permissions.

For example, we can check if the user has permissions named "user" using the following method:

if (Auth::check('user')) {
    // 执行用户有权访问的操作
} else {
    // 返回无权访问页面
}

2. Check the role of the current user

In When performing certain operations, we need to know the current user's role and behave accordingly based on their role. In ThinkPHP6, we can use the getRole method in the Auth class to get the role of the current user.

For example, we can use the following method to get the role of the current user:

$role = Auth::getRole();

3. Using permissions in the view

We can also use permissions in the view Controls to show or hide some elements. For example, in the blade template, we can use the can directive to check whether the current user has a specific permission.

Example:

<!-- 如果用户有'user'权限，则显示下面的按钮 -->
@can('user')
    <button type="button" class="btn btn-sm btn-primary">操作</button>
@endcan

4. Store permission control information in the database

In order to make permission control more flexible, we can store permission information in the database to facilitate management. and modifications. ThinkPHP6 provides the Auth class, which can easily read and verify permission information from the database.

When setting permissions in the database, we need to create four tables:

1. User table (users): stores user information, including user ID, user name, password, etc.
2. Role table (roles): stores role information, including role ID and role name.
3. Permissions table (permissions): stores permission information, including permission ID and permission name.
4. Role permission table (role_permission): stores the relationship information between roles and permissions.

In the Auth class, we use the following method to set the table name for verification:

protected $table = [
    'auth' => 'auth',
    'users' => 'users',
    'roles' => 'roles',
    'permissions' => 'permissions',
    'role_permissions' => 'role_permission'
];

The above is the entire process of using ThinkPHP6 to implement permission control. Through the above operations, we can easily implement RBAC-based permission control and enhance the security and controllability of the project.

The above is the detailed content of How to use ThinkPHP6 to implement permission control. For more information, please follow other related articles on the PHP Chinese website!