Home > Article > PHP Framework > ThinkPHP6 Permission Management Guide: Implementing User Permission Control
ThinkPHP6 Permission Management Guide: Implementing User Permission Control
Introduction:
In web applications, permission management is a very important part, it can help We control users' access and operation rights to system resources and protect the security of the system. In the ThinkPHP6 framework, we can use its powerful permission management functions to implement user permission control.
1. Create a database table
Before we start to implement user permission control, we first need to create the corresponding database table to store user, role and permission information. The following is the SQL statement to create the table:
user
(id
int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'User ID',username
varchar(50) NOT NULL COMMENT 'Username',password
char(32) NOT NULL COMMENT ' Password',id
)role
(id
int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'role ID',name
varchar(50) NOT NULL COMMENT 'role name',id
)permission
(id
int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Permission ID',name
varchar(50 ) NOT NULL COMMENT 'Permission name',id
)user_role
(user_id
int(11) unsigned NOT NULL COMMENT 'User ID',role_id
int(11) unsigned NOT NULL COMMENT 'role ID',user_id
,role_id
)role_permission
(role_id
int(11) unsigned NOT NULL COMMENT 'Role ID',permission_id
int(11) unsigned NOT NULL COMMENT 'Permission ID',role_id
,permission_id
)2. Define model association
In ThinkPHP6, we can use models Associations to establish relationships between users, roles, and permissions. The following is the corresponding model definition:
use thinkModel;
class User extends Model
{
// 用户-角色关联 public function roles() { return $this->belongsToMany(Role::class, 'user_role'); }
}
use thinkModel;
class Role extends Model
{
// 角色-权限关联 public function permissions() { return $this->belongsToMany(Permission::class, 'role_permission'); }
}
use thinkModel;
class Permission extends Model
{
// 权限-角色关联 public function roles() { return $this->belongsToMany(Role::class, 'role_permission'); }
}
3. Define permission middleware
In ThinkPHP6, we can use Middleware to uniformly handle the verification of user permissions. The following is a simple permission middleware definition example:
use appmodelPermission;
use think acadeRequest;
use think acadeSession;
use thinkResponse;
class AuthMiddleware
{
public function handle(Request $request, Closure $next) { // 获取当前请求的URL $url = $request->baseUrl(); // 获取当前用户的角色信息 $roles = Session::get('user.roles'); // 获取当前角色拥有的权限 $permissions = []; foreach ($roles as $role) { $rolePermissions = Permission::whereHas('roles', function ($query) use ($role) { $query->where('role_id', $role['id']); })->select(); $permissions = array_merge($permissions, $rolePermissions->toArray()); } // 验证权限 foreach ($permissions as $permission) { if ($permission['name'] == $url) { return $next($request); } } // 没有权限,跳转到无权限页面 return Response::create('您没有权限访问该页面!', 'html', 403); }
}
4. Apply permission middleware
We can apply permission verification by using middleware in the routing definition. The following is an example route definition:
use think acadeRoute;
Route::group('admin', function () {
// 需要验证权限的页面 Route::rule('user/index', 'admin/user/index') ->middleware('AuthMiddleware'); // ... // 其他路由定义 // ...
})->middleware( 'AuthMiddleware');
In the above example, we apply permission middleware by using the middleware('AuthMiddleware')
method to achieve verification and control of user permissions.
Conclusion:
Through the above steps, we can realize the management and control of user permissions in the ThinkPHP6 framework. Using model association and middleware, we can easily realize the relationship between users, roles and permissions, and use middleware to perform permission verification and intercept and process when users access restricted pages. This can effectively protect the security of system resources and provide the system with better user permission control functions.
The above is the detailed content of ThinkPHP6 Permission Management Guide: Implementing User Permission Control. For more information, please follow other related articles on the PHP Chinese website!