RBAC Privilege Management in PHP

Time:2019-8-10

1. RBAC Concept and Principle

RBAC: The full name is Role-Based Access Control. The Chinese translation is called role-based access control. Its main function is to realize the control of project authority.

Effect: Different administrators can access different pages. For example, operators can only see the operation-related modules. Financial personnel can only see financial related modules.

Traditional authority management:

              RBAC privilege management:

             RBAC privilege management:

Privilege management is relatively standardized, and the privileges of roles can be defined according to certain standards.

Administrators can have corresponding permissions by specifying roles.

2. Data sheet design:

              Basic Data Table: Administrator Table, Role Table, Permission Table

Correspondence: Administrators correspond to one role and one role corresponds to multiple permissions. (An administrator can also correspond to multiple roles)

Maintenance of correspondence:

The first one is three-table structure, adding role ID field in administrator table, adding authority IDS field in role table, and finally three tables.

The second is the five-table structure, adding an administrator role association table and a role permission Association table. The final five tables.

               Here we take the three-table structure as an example:

Query the permissions of an administrator:

First query the administrator table to get the role ID

Query the role table again to get the permission IDS you have

Finally, query the permission table according to permission ids, where id in (1, 2, 3)

Recommended Today

Implementation of PHP Facades

Example <?php class RealRoute{ public function get(){ Echo’Get me’; } } class Facade{ public static $resolvedInstance; public static $app; public static function __callStatic($method,$args){ $instance = static::getFacadeRoot(); if(!$instance){ throw new RuntimeException(‘A facade root has not been set.’); } return $instance->$method(…$args); } // Get the Facade root object public static function getFacadeRoot() { return static::resolveFacadeInstance(static::getFacadeAccessor()); } protected […]