ThinkPHP中:RBAC权限控制的实习步骤
使用版本ThinkPHP3.1.3
第一步,建表及数据
第二步,建关联模型
第三步,控制器使用关联模型、配置文件
第四步,模板显示数据
第一步,建表及数据
在数据库中,建立一个companysvn数据库,库下建立五张表
建表好导入数据的代码如下
1 # -------------------------------------------------------- 2 # Host: 127.0.0.1 3 # Server version: 5.0.45-community-nt-log 4 # Server OS: Win32 5 # HeidiSQL version: 6.0.0.3603 6 # Date/time: 2015-02-11 10:01:26 7 # -------------------------------------------------------- 8 9 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; 10 /*!40101 SET NAMES utf8 */; 11 /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; 12 /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; 13 14 # Dumping database structure for companysvn 15 CREATE DATABASE IF NOT EXISTS `companysvn` /*!40100 DEFAULT CHARACTER SET utf8 */; 16 USE `companysvn`; 17 18 19 # Dumping structure for table companysvn.ad_access 20 CREATE TABLE IF NOT EXISTS `ad_access` ( 21 `role_id` smallint(6) unsigned NOT NULL, 22 `node_id` smallint(6) unsigned NOT NULL, 23 `level` tinyint(1) NOT NULL, 24 `module` varchar(50) default NULL, 25 KEY `groupId` (`role_id`), 26 KEY `nodeId` (`node_id`) 27 ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 28 29 # Dumping data for table companysvn.ad_access: 16 rows 30 /*!40000 ALTER TABLE `ad_access` DISABLE KEYS */; 31 INSERT INTO `ad_access` (`role_id`, `node_id`, `level`, `module`) VALUES 32 (1, 11, 3, NULL), 33 (1, 12, 3, NULL), 34 (1, 13, 3, NULL), 35 (1, 10, 3, NULL), 36 (1, 9, 3, NULL), 37 (1, 8, 3, NULL), 38 (1, 5, 2, NULL), 39 (1, 18, 3, NULL), 40 (1, 3, 2, NULL), 41 (2, 4, 2, NULL), 42 (2, 18, 3, NULL), 43 (2, 3, 2, NULL), 44 (2, 1, 1, NULL), 45 (1, 1, 1, NULL), 46 (2, 6, 3, NULL), 47 (2, 7, 3, NULL); 48 /*!40000 ALTER TABLE `ad_access` ENABLE KEYS */; 49 50 51 # Dumping structure for table companysvn.ad_node 52 CREATE TABLE IF NOT EXISTS `ad_node` ( 53 `id` smallint(6) unsigned NOT NULL auto_increment, 54 `name` varchar(20) NOT NULL, 55 `title` varchar(50) default NULL, 56 `status` tinyint(1) default '0', 57 `remark` varchar(255) default NULL, 58 `sort` smallint(6) unsigned default NULL, 59 `pid` smallint(6) unsigned NOT NULL, 60 `level` tinyint(1) unsigned NOT NULL, 61 PRIMARY KEY (`id`), 62 KEY `level` (`level`), 63 KEY `pid` (`pid`), 64 KEY `status` (`status`), 65 KEY `name` (`name`) 66 ) ENGINE=MyISAM AUTO_INCREMENT=19 DEFAULT CHARSET=utf8; 67 68 # Dumping data for table companysvn.ad_node: 18 rows 69 /*!40000 ALTER TABLE `ad_node` DISABLE KEYS */; 70 INSERT INTO `ad_node` (`id`, `name`, `title`, `status`, `remark`, `sort`, `pid`, `level`) VALUES 71 (1, 'Admin', '后台应用', 1, NULL, 1, 0, 1), 72 (2, 'Index', '前端应用', 1, NULL, 1, 0, 1), 73 (3, 'Index', '后台首页', 1, NULL, 1, 1, 2), 74 (4, 'MsgManager', '帖子管理', 1, NULL, 1, 1, 2), 75 (5, 'Rbac', 'RBAC权限', 1, NULL, 1, 1, 2), 76 (6, 'index', '帖子列表', 1, NULL, 1, 4, 3), 77 (7, 'delete', '删除帖子', 1, NULL, 1, 4, 3), 78 (8, 'index', '用户列表', 1, NULL, 1, 5, 3), 79 (9, 'role', '角色列表', 1, NULL, 1, 5, 3), 80 (10, 'node', '节点列表', 1, NULL, 1, 5, 3), 81 (11, 'addUser', '添加用户', 1, NULL, 1, 5, 3), 82 (12, 'addRole', '添加角色', 1, NULL, 1, 5, 3), 83 (13, 'addNode', '添加节点', 1, NULL, 1, 5, 3), 84 (14, 'Member', '会员中心', 1, NULL, 1, 0, 1), 85 (15, 'Index', '前端首页', 1, NULL, 1, 2, 2), 86 (16, 'index', '首页面', 1, NULL, 1, 15, 3), 87 (17, 'newsList', '新闻列表', 1, NULL, 1, 15, 3), 88 (18, 'main', '后台首页', 1, NULL, 1, 3, 3); 89 /*!40000 ALTER TABLE `ad_node` ENABLE KEYS */; 90 91 92 # Dumping structure for table companysvn.ad_role 93 CREATE TABLE IF NOT EXISTS `ad_role` ( 94 `id` smallint(6) unsigned NOT NULL auto_increment, 95 `name` varchar(20) NOT NULL, 96 `pid` smallint(6) default NULL, 97 `status` tinyint(1) unsigned default NULL, 98 `remark` varchar(255) default NULL, 99 PRIMARY KEY (`id`), 100 KEY `pid` (`pid`), 101 KEY `status` (`status`) 102 ) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; 103 104 # Dumping data for table companysvn.ad_role: 2 rows 105 /*!40000 ALTER TABLE `ad_role` DISABLE KEYS */; 106 INSERT INTO `ad_role` (`id`, `name`, `pid`, `status`, `remark`) VALUES 107 (1, 'Manager', NULL, 1, '普通管理员'), 108 (2, 'Editor', NULL, 1, '网站编辑'); 109 /*!40000 ALTER TABLE `ad_role` ENABLE KEYS */; 110 111 112 # Dumping structure for table companysvn.ad_role_user 113 CREATE TABLE IF NOT EXISTS `ad_role_user` ( 114 `role_id` mediumint(9) unsigned default NULL, 115 `user_id` char(32) default NULL, 116 KEY `group_id` (`role_id`), 117 KEY `user_id` (`user_id`) 118 ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 119 120 # Dumping data for table companysvn.ad_role_user: 4 rows 121 /*!40000 ALTER TABLE `ad_role_user` DISABLE KEYS */; 122 INSERT INTO `ad_role_user` (`role_id`, `user_id`) VALUES 123 (1, '2'), 124 (2, '4'), 125 (1, '4'), 126 (2, '3'); 127 /*!40000 ALTER TABLE `ad_role_user` ENABLE KEYS */; 128 129 130 # Dumping structure for table companysvn.ad_user 131 CREATE TABLE IF NOT EXISTS `ad_user` ( 132 `id` int(10) unsigned NOT NULL auto_increment, 133 `username` char(20) NOT NULL, 134 `password` char(32) NOT NULL, 135 `logintime` int(10) unsigned NOT NULL, 136 `loginip` varchar(30) NOT NULL, 137 `lock` tinyint(1) unsigned NOT NULL, 138 PRIMARY KEY (`id`), 139 UNIQUE KEY `username` (`username`), 140 KEY `id` (`id`) 141 ) ENGINE=MyISAM AUTO_INCREMENT=41 DEFAULT CHARSET=utf8; 142 143 # Dumping data for table companysvn.ad_user: 4 rows 144 /*!40000 ALTER TABLE `ad_user` DISABLE KEYS */; 145 INSERT INTO `ad_user` (`id`, `username`, `password`, `logintime`, `loginip`, `lock`) VALUES 146 (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 1423578142, '127.0.0.1', 0), 147 (3, 'wangwu', '9f001e4166cf26bfbdd3b4f67d9ef617', 1423315785, '127.0.0.1', 0), 148 (4, 'zhaoliu', '27311020efc4ce2806feca0aab933fbd', 1423578114, '127.0.0.1', 0), 149 (2, 'lisi', 'dc3a8f1670d65bea69b7b65048a0ac40', 1423574601, '127.0.0.1', 0); 150 /*!40000 ALTER TABLE `ad_user` ENABLE KEYS */; 151 /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; 152 /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; 153 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
效果如图:
数据库
01-ad_user结构和数据
==============================================================
02-ad_role结构和数据
==============================================================
03-ad_role_user结构和数据
==============================================================
04-ad_node结构和数据
05-ad_access结构和数据
==============================================================
第二步,建关联模型
UserRelationModel.class.php中的代码如下
1 <?php 2 class UserRelationModel extends RelationModel{ 3 //定义主表名称 4 protected $tableName='user'; 5 //定义关联关系 6 protected $_link=array( 7 'role'=>array( 8 'mapping_type'=>MANY_TO_MANY, //多对多关系 9 'relation_table'=>'ad_role_user',//中间表名称 10 'foreign_key'=>'user_id', //主表在中间表中的字段名称 11 'relation_key'=>'role_id', //副表在中间表中的字段名称 12 'mapping_fields'=>'id,name,remark'//要读取的字段 13 ) 14 ); 15 } 16 ?>
==============================================================
第三步,控制器使用关联模型、配置文件
使用关联模型的控制器中的代码
1 //用户列表 2 public function index(){ 3 header('content-type:text/html;charset=utf-8'); 4 $user=D('UserRelation')->relation(true)->order('id')->select(); 5 $this->user=$user; 6 $this->display(); 7 }
验证权限的控制器Common.class.php中的代码
1 <?php 2 //后台登录页 3 Class CommonAction extends Action{ 4 protected $sess_user; 5 6 //后台登录页面 7 Public function _initialize(){ 8 9 $sess_uid=$_SESSION['uid']; 10 $sess_uname=$_SESSION['username']; 11 //判断是否存在uid和uname 12 if (!isset($_SESSION[C('USER_AUTH_KEY')])) { 13 $this->redirect('Admin/Login/index'); 14 } 15 16 //读取session中的变量 17 $this->sess_user=$sess_uname; 18 19 //权限验证 20 //不需要验证的控制器和方法 21 $notAuth=in_array(MODULE_NAME,explode(',',C('NOT_AUTH_MODULE'))) || 22 in_array(ACTION_NAME,explode(',',C('NOT_AUTH_ACTION')))|| 23 C('RBAC_SUPERADMIN')==$_SESSION['username']; 24 //需要验证的程序 25 if (C('USER_AUTH_ON')&&!$notAuth) { 26 import('ORG.Util.RBAC'); 27 //读取用户权限 28 RBAC::saveAccessList();//将权限写入$_SESSION['_ACCESS_LIST'] 29 $myauth= RBAC::AccessDecision(GROUP_NAME);//独立分组必填GROUP_NAME 30 $myauth||$this->error('没有权限',U('Admin/Index/main')); 31 } 32 33 34 } 35 36 } 37 38 ?>