Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "the implementation principle of RBAC permission control". In the operation process of actual cases, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

RBAC is the acronym of Role-based Access Control in English, which means permission control of basic roles in Chinese. RBAC is an idea that designs data tables according to RBAC ideas to better complete the corresponding permission control of different roles.

How to Design Data Table with RBAC Idea

If our project allows one admin user to have 1 or 2 or more roles, design it as follows:

Permission menu table, role table, user table are independent of each other. The order of design tables is permissions menu table, roles table, users table, user-role association table.

1. First, the permissions menu table is designed as follows:

Note: Permission menu can be multi-level menu, add pid field, convenient infinite recursive classification.

2. The role table is designed as follows:

3. The user table is designed as follows:

4. Finally, the user-role association table is designed as follows:

When the super administrator needs to add a new user in the background, it not only needs to insert data into the user table, but also needs to add the relationship between users and roles in the user-role table. Correspondingly, when deleting a user, it is also necessary to delete the corresponding user-role relationship in the user-role table.

public function add() { if(request()->isPost()){ $role_id = input('post.role_id'); $data = [ 'uname'=>input('post.uname'), 'pwd'=>password_hash(input('post.pwd'),PASSWORD_BCRYPT), 'login_ip'=>request()->ip(), 'status'=>input('post.status'), 'create_time'=>time(), ]; $uid = Db::name('users')->insertGetId($data); if($uid){ $data = [ 'uid'=>$uid, 'role_id'=>$role_id ]; $id = Db::name('users_role')->insertGetId($data); if($id) { echo 'true'; exit; }else{ echo 'false'; exit; } }else{ echo 'false'; exit; } }else{ //Get all roles $role = Db::name('auth_role')->field('id,title')->order('id','asc')->where('status',1)->select(); return view('add',['role'=>$role]); } }

In this way, we judge the identity information of the currently logged in user according to the uid stored in the session after the user logs in, query the user-role association table according to the obtained uid, and then go to the role table to obtain the permission menu that the user can operate.

Encapsulated Intermediate Controller Common.php

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.