Shulou(Shulou.com)06/03 Report--

This article mainly shows you "what is the use of RBAC in ThinkPHP", the content is simple and clear, hoping to help you solve your doubts, the following let the editor lead you to study and learn "what is the use of RBAC in ThinkPHP" this article.

What is RBAC

Role-based access control (Role-Based Access Control) has attracted wide attention as a promising alternative to traditional access control (discretionary access, mandatory access).

In RBAC, permissions are associated with roles, and users get permissions for those roles by becoming members of the appropriate roles. This greatly simplifies the management of permissions.

In an organization, roles are created to complete a variety of tasks, users are assigned roles according to their responsibilities and qualifications, and users can be easily assigned from one role to another. Roles can be given new permissions according to new requirements and system merging, and permissions can be reclaimed from a role as needed. The role-to-role relationship can be established to cover a wider range of objective situations.

2. RBAC in ThinkPHP

First, take a look at the data table used by the official instance. Permission control is achieved through 5 tables, as defined as follows:

RBAC needs 5 data tables.

Think_user (user table)

Think_role (user grouping table)

Think_node (operation node)

Think_role_user (correspondence between user and user grouping)

Think_access (corresponding to each operation and user group)

User table

Role table, which roles are associated with the corresponding userid user

According to the id of the user table, the corresponding role id is associated, that is, the role is assigned to the user. For example, the role whose userid is 3 is 2, and according to the role role table, 7 represents the role of the employee.

Access table, permission table, for example, the role id is 2, that is, the employee's permission, the corresponding node that can be used.

Node table, which represents which application-module-module methods are available, and defines a relationship between them. For example, the Public module with noteid 30 and the method add,insert,edit,update with 31meme32magin3 and 34 noteid all belong to Public. The test method with noteid 85 belongs to the method under the Game module with noteid 84.

III. Detailed explanation of config configuration file

Let's take a look at the config file in the official example of thinkphp:

The copy code is as follows:

Array (

'TagLib >'@ .TagLib

'SESSION_AUTO_START'= > true

'USER_AUTH_ON' = > true

'USER_AUTH_TYPE' = > 1, / / default authentication type 1 login authentication 2 real-time authentication

'USER_AUTH_KEY' = >' authId', / / user authentication SESSION tag

'ADMIN_AUTH_KEY' = >' administrator'

'USER_AUTH_MODEL' = >' User', / / validate the data table model by default

'AUTH_PWD_ENCODER' = >' md5', / / user authentication password encryption method

'USER_AUTH_GATEWAY' = >' / Public/login',// default authentication gateway

'NOT_AUTH_MODULE' = >' Public', / / No authentication module is required by default

'REQUIRE_AUTH_MODULE' = >'', / / Authentication module is required by default

'NOT_AUTH_ACTION' = >'', / / No authentication operation is required by default

'REQUIRE_AUTH_ACTION' = >'', / / Authentication operation is required by default

'GUEST_AUTH_ON' = > false, / / whether to enable authorized access by tourists

'GUEST_AUTH_ID' = > 0, / / the user ID of the tourist

'DB_LIKE_FIELDS' = >' title | remark'

'RBAC_ROLE_TABLE' = >' think_role'

'RBAC_USER_TABLE' = >' think_role_user'

'RBAC_ACCESS_TABLE' = >' think_access'

'RBAC_NODE_TABLE' = >' think_node'

'SHOW_PAGE_TRACE'= > 1 stroke / display debug information

);

You should understand more than half of the notes, in which the Public module does not need authentication, the reason is very simple, before logging in, everyone is a tourist identity, if the login page also needs permission, then where to log in? Right? hehe. The default gateway address is authentication failure. You do not have permission to jump here and log in again. ADMIN_AUTH_KEY means Super Admin permissions. If you set up a user named admin in the user table, then this user is a Super Admin. There is no need to assign permissions to it. Why should you set up such an administrator? because when you assign permissions incorrectly, it is easy to cause confusion of system permissions, so that no one can access them, and then Super Admin comes.

4. Several important methods of RBAC class

The authenticate ($map,$model= ") method is passed in to query the user's conditions and the MODEL of the user table returns the array containing the user's information

The saveAccessList ($authId=null) method passes the ID of the user. This method does not return a value, but only sets the value of $_ SESSION ['_ ACCESS_LIST'], which contains all nodes of the corresponding user group that have permission to operate $_ SESSION ['_ ACCESS_LIST'] ['project name'] ['module name'] ['operation name']. Later, the right is to judge the current project. Whether modules and operations can be found in $_ SESSION ['_ ACCESS_LIST'].

The checkAccess () method detects whether the current module and operation need to verify whether the bool type is returned

The checkLogin () method detects login

The AccessDecision ($appName=APP_NAME) method detects whether the current project module operation is in the $_ SESSION ['_ ACCESS_LIST'] array, that is, whether $_ SESSION ['_ ACCESS_LIST'] ['current operation'] ['current operation'] exists in the $_ SESSION ['_ ACCESS_LIST'] array. If it exists, it means you have permission. Otherwise, flase is returned.

The getAccessList ($authId) method returns the value of the permission list $_ SESSION ['_ ACCESS_LIST'] by querying the database.

The above is all the content of this article "what is the use of RBAC in ThinkPHP?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.