Shulou(Shulou.com)06/03 Report--

This article will explain in detail how to realize the permission design of PHP bit operation. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

1. Write at the front

Recently, I want to write a simple thing about permission handling, and I have known before that the bit operation of binary numbers can do this task well. With regard to the bit operation of binary numbers, the common operations are "OR, and, and not". Of course, I also looked at the PHP manual, as well as "XOR, left shift, right shift". I remember that when I was in junior high school, the math teacher began to nag all the time, and I don't want to explain this operation any more and get straight to the point.

two。 How to define permissions

Define the value of permissions to the N power of 2, and so on. Why is it defined in this way? This definition ensures that there is only one 1 in each permission value (binary), and it corresponds to exactly one permission. For example:

The copy code is as follows:

Define ('ADD', 1); / / add permissions

Define ('UPD', 2); / / modify permissions

Define ('SEL', 4); / / find permissions

Define ('DEL', 8); / / Delete permissions

3. Permission operation

Permission operation actually involves the concept of "role". Permission operation is nothing more than asking a role to grant a certain permission, prohibiting a certain permission, and detecting whether a role has a certain permission. Relative to these three operations. It can be easily realized by the operation between binary numbers.

The copy code is as follows:

/ / give a permission to use the "bit or" operator

$a_access = ADD | UPD | SEL | DEL; / / a has permission to add, delete, modify and check

$b_access = ADD | UPD | SEL; / / b has the permission to add, change and check

$c_access = ADD | UPD; / / c has permission to add and modify

/ / prohibit certain permissions from using the "bit and" and "bit not" operators

$d_access = $c_access & ~ UPD; / / d only has added permissions

/ / check whether you have a certain permission using the bit and operator

Var_dump ($b_access & ADD); / / 1 means b has additional permissions

Var_dump ($b_access & DEL); / / 0 means b does not have delete permission

4. Implement simple permission classes and role classes

Using the above permission operation method, it can be simply encapsulated into a permission class and a role class.

The copy code is as follows:

/ * *

* simple permission class

, /

Class Peak_Auth {

/ * *

* permission class counter

* the function is to generate permission values

*

* @ var int

, /

Protected static $authCount = 0

/ * *

* permission name

*

* @ var string

, /

Protected $authName

/ * *

* permission details

*

* @ var string

, /

Protected $authMessage

/ * *

* permission value

*

* @ var int 2 to the N

, /

Protected $authValue

/ * *

* Constructor

* initialize permission name, permission details, and permission value

*

* @ param string $authName permission name

* @ param string $authMessage permission details

, /

Public function _ _ construct ($authName, $authMessage =') {

$this- > authName = $authName

$this- > authMessage = $authMessage

$this- > authValue = 1 authMessage = $authMessage

}

/ * *

* get the permission name

*

* @ return string

, /

Public function getAuthName () {

Return $this- > authName

}

/ * *

* get permission value

*

* @ return int

, /

Public function getAuthValue () {

Return $this- > authValue

}

/ * *

* obtain permission details

*

* @ return string

, /

Public function getAuthMessage () {

Return $this- > authMessage

}

}

/ * *

* simple role class

*

* @ author 27_Man

, /

Class Peak_Role {

/ * *

* role name

*

* @ var string

, /

Protected $roleName

/ * *

* the permission values that the role has

*

* @ var int

, /

Protected $authValue

/ * *

* parent role object

*

* @ var Peak_Role

, /

Protected $parentRole

/ * *

* Constructor

*

* @ param string $roleName role name

* @ param Peak_Role $parentRole parent role object

, /

Public function _ construct ($roleName, Peak_Role $parentRole = null) {

$this- > roleName = $roleName

$this- > authValue = 0

If ($parentRole) {

$this- > parentRole = $parentRole

$this- > authValue = $parentRole- > getAuthValue ()

}

}

/ * *

* obtain the permissions of the parent role

, /

Protected function fetchParenAuthValue () {

If ($this- > parentRole) {

$this- > authValue | = $this- > parentRole- > getAuthValue ()

}

}

/ * *

* grant a certain authority

*

* @ param Peak_Auth $auth

* @ return Peak_Role for chain operation

, /

Public function allow (Peak_Auth $auth) {

$this- > fetchParenAuthValue ()

$this- > authValue | = $auth- > getAuthValue ()

Return $this

}

/ * *

* block certain permissions

*

* @ param Peak_Auth $auth

* @ return Peak_Role for chain operation

, /

Public function deny (Peak_Auth $auth) {

$this- > fetchParenAuthValue ()

$this- > authValue & = ~ $auth- > getAuthValue ()

Return $this

}

/ * *

* check whether you have a certain permission

*

* @ param Peak_Auth $auth

* @ return boolean

, /

Public function checkAuth (Peak_Auth $auth) {

Return $this- > authValue & $auth- > getAuthValue ()

}

/ * *

* get the permission value of the role

*

* @ return int

, /

Public function getAuthValue () {

Return $this- > authValue

}

}

5. Examples of simple operations for permission classes and role classes

The code is as follows:

/ / create three permissions: readable, writable, and executable

$read = new Peak_Auth ('CanRead')

$write = new Peak_Auth ('CanWrite')

$exe = new Peak_Auth ('CanExe')

/ / create a role User

$user = new Peak_Role ('User')

/ / create another role, Admin, which has all the permissions of User

$admin = new Peak_Role ('Admin', $user)

/ / give User read and write permission

$user- > allow ($read)-> allow ($write)

/ / give Admin executable permission, in addition, he also has the permission of User

$admin- > allow ($exe)

/ / disable writeable access to Admin

$admin- > deny ($write)

/ / check whether Admin has certain permissions

Var_dump ($admin- > checkAuth ($read))

Var_dump ($admin- > checkAuth ($write))

Var_dump ($admin- > checkAuth ($exe))

This is the end of this article on "how to achieve permission design for PHP bit operations". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.