权限设计问题-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

权限设计问题

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 06, 2016 pm 08:09 PM

javamysqlphp

使用了rbac模式设计权限，现在有种情况。
普通a用户发表一个帖子,
a拥有对这个帖子的编辑，删除，查看权限。
普通b用户，拥有查看权限
小编c用户，拥有对这个帖子的编辑，删除，查看权限。
编辑，删除，查看权限都有对应的按钮，有权限就显示，没有就不显示。
应该怎么设计呢？
例如，编辑按钮对应的是一个按钮，操作节点设计成一个，节点的功能有对自己的主题编辑，对他人的主题编辑。

回复内容：

通常对自己的数据进行编辑、删除是不需要进行权限管理的。因为一般来说网站是划分前后台的，普通用户在前台操作时几乎不用考虑权限问题，是谁的谁就能管理。
详细解释起来很麻烦，你先思考一下，我觉得你主要是陷入误区了。

我这样解释一下：
已 “编辑主题” 和 “编辑我的主题” 为例用真值表的方式模拟如下：
有编辑主题权限，有 “编辑我的主题” 权限： T
有编辑主题权限，无 “编辑我的主题” 权限： T
无编辑主题权限，有 “编辑我的主题” 权限：做isAuth检查并返回 isAuth检查结果
无编辑主题权限，无 “编辑我的主题” 权限： F

那么现在取消编辑我的主题权限设置，用isAuth检查代替，真值表为相同结果：
有编辑主题权限， isAuth = T： T
有编辑主题权限， isAuth = F： T
无编辑主题权限， isAuth = T： T
无编辑主题权限， isAuth = F: F

你肯定说了，有的地方就算是用户通过 isAuth 检查也不让他用，此类操作不做isAuth检查不就行了吗？

<code>class Controller {
    protected $_allowIfIsAuth = false;
    public function afterDispatch() {
        if (! $user->hasPermission('permission_name')) {
            if (! ($this->_allowIfIsAuth && $user->isAuth('auth_id'))) {
                return false;
            }
        }
        return true;
    }
}</code>

<code>CREATE TABLE `app_user` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
  `gmt_create` datetime NOT NULL COMMENT '数据新增时间',
  `creator` varchar(128) NOT NULL DEFAULT '0' COMMENT '创建者',
  `gmt_modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '数据修改时间',
  `modifier` varchar(128) NOT NULL DEFAULT '0' COMMENT '修改者',
  `is_deleted` char(1) NOT NULL DEFAULT 'n' COMMENT '是否逻辑删除，默认为n',
  `ha_id` varchar(64) DEFAULT NULL COMMENT '会员统一ID',
  `buc_id` varchar(64) DEFAULT NULL COMMENT '员工统一ID',
  `work_no` varchar(64) DEFAULT NULL COMMENT '工号',
  `status` varchar(32) DEFAULT NULL COMMENT '状态',
  `user_type` varchar(32) DEFAULT NULL COMMENT '用户类型',
  `user_name` varchar(128) DEFAULT NULL COMMENT '用户名称',
  `email` varchar(64) DEFAULT NULL COMMENT 'E-mail',
  `mobile` varchar(32) DEFAULT NULL COMMENT '手机',
  `phone` varchar(32) DEFAULT NULL COMMENT '电话',
  `home_page_url` varchar(128) DEFAULT NULL COMMENT '主页URL',
  `user_no` varchar(128) DEFAULT NULL COMMENT '用户编号',
  `login_id` varchar(128) DEFAULT NULL COMMENT '登录ID',
  PRIMARY KEY (`id`),
  KEY `idx_workno` (`work_no`,`is_deleted`),
  KEY `login_id` (`login_id`)
) ENGINE=InnoDB AUTO_INCREMENT=1774 DEFAULT CHARSET=utf8 COMMENT='系统用户';

CREATE TABLE `app_role` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
  `gmt_create` datetime NOT NULL COMMENT '数据新增时间',
  `creator` varchar(128) NOT NULL DEFAULT '0' COMMENT '创建者',
  `gmt_modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '数据修改时间',
  `modifier` varchar(128) NOT NULL DEFAULT '0' COMMENT '修改者',
  `is_deleted` char(1) NOT NULL DEFAULT 'n' COMMENT '是否逻辑删除，默认为n',
  `role_name` varchar(64) DEFAULT NULL COMMENT '角色名称',
  `role_type` varchar(32) DEFAULT NULL COMMENT '角色类型',
  `home_page_url` varchar(128) DEFAULT NULL COMMENT '主页URL',
  PRIMARY KEY (`id`),
  KEY `idx_rolename` (`role_name`,`is_deleted`)
) ENGINE=InnoDB AUTO_INCREMENT=1065 DEFAULT CHARSET=utf8 COMMENT='系统角色';

CREATE TABLE `app_role_org_user` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键',
  `gmt_create` datetime NOT NULL COMMENT '数据新增时间',
  `creator` varchar(128) NOT NULL DEFAULT '0' COMMENT '创建者',
  `gmt_modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '数据修改时间',
  `modifier` varchar(128) NOT NULL DEFAULT '0' COMMENT '修改者',
  `is_deleted` char(1) NOT NULL DEFAULT 'n' COMMENT '是否逻辑删除，默认为n',
  `role_id` bigint(20) DEFAULT NULL COMMENT '角色ID',
  `org_id` bigint(20) DEFAULT NULL COMMENT '组织ID',
  `user_id` bigint(20) DEFAULT NULL COMMENT '用户ID',
  `home_page_url` varchar(500) DEFAULT NULL COMMENT '主页URL',
  `access_org_path` varchar(256) DEFAULT NULL COMMENT '授权组织路径',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=18658 DEFAULT CHARSET=utf8 COMMENT='系统用户组织角色';
</code>

存一个全局常量标识用户，并分用户组分配不同的功能，具体可以看一下one think的思路one think

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between unset() and session_destroy()?May 04, 2025 am 12:19 AM

Thedifferencebetweenunset()andsession_destroy()isthatunset()clearsspecificsessionvariableswhilekeepingthesessionactive,whereassession_destroy()terminatestheentiresession.1)Useunset()toremovespecificsessionvariableswithoutaffectingthesession'soveralls

What is sticky sessions (session affinity) in the context of load balancing?May 04, 2025 am 12:16 AM

Stickysessionsensureuserrequestsareroutedtothesameserverforsessiondataconsistency.1)SessionIdentificationassignsuserstoserversusingcookiesorURLmodifications.2)ConsistentRoutingdirectssubsequentrequeststothesameserver.3)LoadBalancingdistributesnewuser

What are the different session save handlers available in PHP?May 04, 2025 am 12:14 AM

PHPoffersvarioussessionsavehandlers:1)Files:Default,simplebutmaybottleneckonhigh-trafficsites.2)Memcached:High-performance,idealforspeed-criticalapplications.3)Redis:SimilartoMemcached,withaddedpersistence.4)Databases:Offerscontrol,usefulforintegrati

What is a session in PHP, and why are they used?May 04, 2025 am 12:12 AM

Session in PHP is a mechanism for saving user data on the server side to maintain state between multiple requests. Specifically, 1) the session is started by the session_start() function, and data is stored and read through the $_SESSION super global array; 2) the session data is stored in the server's temporary files by default, but can be optimized through database or memory storage; 3) the session can be used to realize user login status tracking and shopping cart management functions; 4) Pay attention to the secure transmission and performance optimization of the session to ensure the security and efficiency of the application.

Explain the lifecycle of a PHP session.May 04, 2025 am 12:04 AM

PHPsessionsstartwithsession_start(),whichgeneratesauniqueIDandcreatesaserverfile;theypersistacrossrequestsandcanbemanuallyendedwithsession_destroy().1)Sessionsbeginwhensession_start()iscalled,creatingauniqueIDandserverfile.2)Theycontinueasdataisloade

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

See all articles