Backend Development
PHP Tutorial
Use thinkphp5 to implement role-based access control (rbac permissions)
Use thinkphp5 to implement role-based access control (rbac permissions)
This article mainly talks about using thinkphp5 to implement role-based access control (rbac permissions), and shares it with everyone for the convenience of reference for friends in need.
一
Create a database first;
For example: create a test database; then create 3 The tables are: test_admin (administrator table), test_role, test_auth.
This is the newly created test library
Administrator table
This is the newly created admin table. This table is the user table and the user in the management background.
The issuper field of this table represents whether it is a super administrator. This super administrator can manage all roles and execute all permissions.
admin_role_id This field mainly describes the role table id corresponding to administrators other than super administrators. Below we will give the role table.
Role table
This table is a role table. His main id and the administrator's admin_role_id can tell what role management the administrator is in.
Permission table
This table is a permission table, and its main id corresponds to the role_auth_id of the role table. It can be concluded that different roles have different permissions to execute.
二
Website background management page login different administrators display roles and role permissions.
Create Admin.php, Role.php, and Auth.php in the model layer of the admin file of tinkphp application for business processing.
Then create index.php in the controller layer##
<?php
namespace app\admin\controller;
use think\Controller;
use think\Url;
use think\Request;
use think\Session;
use app\admin\model\Auth as AuthModel
use app\admin\model\Role as RoleModel
class Index extends CommonController
{
public $role;
public $auth;
public $view;
public funtion __construct()
{
$this->role = new RoleModel()
$this->auth = new AuthModel()
$this->view = new View();
}
publci function auth()
{
//角色id;
$admin_id = sesison('admin_id');
$admin_name = session('admin_name');
$resAdmin = $this->admin->where(['admin_id'=>$admin_id])->select();
if($resAdmin[0]->issuper == 1){
//超级管理员拥有全部权限;
//一级权限;
$authA = $this->auth->where(['auth_level']=>0)->select();
//二级权限
$authB = $this->auth->where(['auth_level'=>1])->select();
} else {
//权限ids;
$role_auth_ids = $this->role->where(['role_id'=>$admin_role_id])->select();
$authA = $this->auth->where('auth_level' , 0)->where('auth_id' , 'in' , $role_auth_ids)->select();
$authB = $this->auth->where('auth_level' , 1])->where('auth_id' , 'in' , $role_auth_ids)->select();
}
$auth = array('authA'=>$authA , 'authB'=>$authB);
$this->redirect('admin/'.$auth['authA'][0]->auth_c.'/'.$auth['authA'][0]->auth_a);
}
public function leftnav()
{
$admin_id = session('admin_id');
$amin_name = session('admin_name');
//角色id;
$resAdmin = $this->admin->where(['admin_id']=>$admin_id)->select();
$admin_role_id = $resAdmin[0]->$admin_role_id;
if($resAdmin[0]->issuper == 1){
//超级管理员super拥有全部权限;
//一级权限;
$authA = $this->auth->where(['auth_level'=>0])->select();
//二级权限;
$authB = $this->auth->where(['auth_level'=>1])->select();
} else {
//权限ids
$role_auth_ids = $this->role->where(['role_id'=>$admin_role_id])->select();
$role_auth_ids = $role_auth_ids[0]->role_auth_ids;
$authA = $this->auth->where('auth_level' , 0)->where('auth_id' , 'in' , $role_auth_ids)->select();
$authB = $this->auth->where('auth_level' , 1)->where('auth_id' , 'in' , $role_aut_ids)->select();
}
$auth = array('authA'=>$authA , 'authB'=>$authB);
$this->view->assign('authA' , $auth['authA']);
$this->view->assign('authB' , $auth['authB']);
}
}<?php
namspace app\admin\controller;
use think\Controller;
use think\Request;
use app\admin\model\Common as Controller
{
public function __construct()
{
parent::__construct();
$res = new CommonModel();
$resquest = Request::instance();
if(session('admin_id') == null){
if(strtolower($resquest->controller()) == 'index' && strtolower($resquest->action()) == 'login'){
return true;
} else {
$this->error('没有登陆!<br /><span style="color:gray;">...</span> ');
}
$resCommon = $res->auth();
if(Request::instance()->isAjax()){
$this->ajaxReturn(['msg'=>'没有操作权限!' , 'code'=>'201'] , 'json');
} else {
$this->error('没有操作权限!<br><span style="color:gray;">...</span>');
}
}
}
}三
Permission Control
The administrator logs into the background to access the operation business that belongs to his own authority. If the administrator wants to skip the level and view the operations that do not belong to his own authority. Business, the controller will redirect the administrator to his own operation page.
<?php
namespace app\admin\model;
use think\Model;
use think\Db;
use think\Session;
use think\Request;
use app\admin\model\Admin as AdminModel;
use app\admin\model\Role as RoleModel;
use app\admin\model\Auth as AuthModel;
class Common extends Model
{
public function auth()
{
//当前控制器和操作方法;
$request= Request::instance();
$auth_ac = strtolower(trim($request->controller())).'/'.strtolower(trim($request->action()));
//var_dump($auth_ac);
$auth = array();
$res = new AdminModel();
$resRole = new RoleModel();
$resAuth = new AuthModel();
$resAdmin = $res->where(['admin_id'=>session('admin_id')])->select();
//非超级管理员控制权限;
if($resAdmin[0]->issuper != 1){
$admin_role_id = $resAdmin[0]->admin_role_id;
//$admin_role_id = $info['admin_role_id'];
//$info = $this->info('Role' , ['role_id'=>$admin_role_id] , 'role_auth_ids');
$info = $resRole->where('role_id' , $admin_role_id)->select();
$role_auth_ids = $info[0]->role_auth_ids;
$infos = $resAuth->where('auth_id' , 'in' , $role_auth_ids)->select();
//$infos = $this->infos('Auth' , ['auth_id'=>['in' , $role_auth_ids] , 'auth_level'=>1] ,'auth_c , auth_a' );
foreach($infos as $key=>$val){
$auth[] = $val['auth_c'].'/'.$val['auth_a'];
}
$result = array_merge($auth , ['index/auth'] , ['index/login']);
//var_dump($result);
if(in_array($auth_ac , $result)){
return true;
} else {
return false;
}
} else {
return true;
}
}
}Related tutorials:
The above is the detailed content of Use thinkphp5 to implement role-based access control (rbac permissions). For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What should I do if I get an error when deploying thinkphp5 in Pagoda?
Dec 19, 2022 am 11:04 AM
Solution to the error reported when deploying thinkphp5 in Pagoda: 1. Open the Pagoda server, install the php pathinfo extension and enable it; 2. Configure the ".access" file with the content "RewriteRule ^(.*)$ index.php?s=/$1 [QSA ,PT,L]”; 3. In website management, just enable thinkphp’s pseudo-static.
What should I do if thinkphp5 url rewriting fails?
Dec 12, 2022 am 09:31 AM
Solution to thinkphp5 url rewriting not working: 1. Check whether the mod_rewrite.so module is loaded in the httpd.conf configuration file; 2. Change None in AllowOverride None to All; 3. Modify the Apache configuration file .htaccess to "RewriteRule ^ (.*)$ index.php [L,E=PATH_INFO:$1]" and save it.
How to remove thinkphp5 title bar icon
Dec 20, 2022 am 09:24 AM
How to remove the thinkphp5 title bar icon: 1. Find the favicon.ico file under the thinkphp5 framework public; 2. Delete the file or choose another picture to rename it to favicon.ico and replace the original favicon.ico file.
How to get the requested URL in thinkphp5
Dec 20, 2022 am 09:48 AM
Methods for thinkphp5 to obtain the requested URL: 1. Use the "$request = Request::instance();" method of the "\think\Request" class to obtain the current URL information; 2. Use the built-in helper function "$request-> url()" to obtain the complete URL address including the domain name.
What should I do if thinkphp5 post cannot get the value?
Dec 06, 2022 am 09:29 AM
thinkphp5 post cannot get a value because TP5 uses the strpos function to find the app/json string in the content-type value of the Header. The solution is to set the content-type value of the Header to app/json.
What should I do if thinkphp5 prompts that the controller does not exist?
Dec 06, 2022 am 10:43 AM
Solution to thinkphp5 prompting that the controller does not exist: 1. Check whether the namespace in the corresponding controller is written correctly and change it to the correct namespace; 2. Open the corresponding tp file and modify the class name.
How to query yesterday's data in ThinkPHP5
Dec 05, 2022 am 09:20 AM
How to query yesterday's data in ThinkPHP5: 1. Open ThinkPHP5 related files; 2. Query yesterday's data through the expression "db('table')->whereTime('c_time', 'yesterday')->select();" Can.
How to set error prompts in thinkphp5
Dec 07, 2022 am 10:31 AM
How to set error prompts in thinkphp5: 1. Enter the public folder in the project root directory and open the index.php entry file; 2. View the comments on the debug mode switch; 3. Adjust the value of the "APP_DEBUG" constant to true to display Error message prompt.
