TP thinkphp 权限管理 权限认证 功能

wmm123

目前,在tp框架中做权限管理 分rbac(老)与auth(推荐)认证方式;

老的tp版本中封装的是rbac认证;

新一点的都开始使用auth方式管理了。推荐使用此方式;

实现步骤一:引入类库Auth.class.php

实现步骤二:创建数据表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
a.菜单表
CREATE TABLE `wifi_admin_nav` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT COMMENT \'菜单表\',
  `pid` int(11) unsigned DEFAULT \'0\' COMMENT \'所属菜单\',
  `name` varchar(15) DEFAULT \'\' COMMENT \'菜单名称\',
  `mca` varchar(255) DEFAULT \'\' COMMENT \'模块、控制器、方法\',
  `ico` varchar(20) DEFAULT \'\' COMMENT \'font-awesome图标\',
  `order_number` int(11) unsigned DEFAULT NULL COMMENT \'排序\',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=43 DEFAULT CHARSET=utf8;
 
INSERT INTO `wifi_admin_nav` VALUES (\'1\'\'0\'\'系统设置\'\'Admin/ShowNav/config\'\'cog\'\'1\');
INSERT INTO `wifi_admin_nav` VALUES (\'2\'\'1\'\'菜单管理\'\'Admin/Nav/index\', null, null);
INSERT INTO `wifi_admin_nav` VALUES (\'7\'\'4\'\'权限管理\'\'Admin/Rule/index\'\'\'\'1\');
INSERT INTO `wifi_admin_nav` VALUES (\'4\'\'0\'\'权限控制\'\'Admin/ShowNav/rule\'\'expeditedssl\'\'2\');
INSERT INTO `wifi_admin_nav` VALUES (\'8\'\'4\'\'用户组管理\'\'Admin/Rule/group\'\'\'\'2\');
INSERT INTO `wifi_admin_nav` VALUES (\'9\'\'4\'\'管理员列表\'\'Admin/Rule/admin_user_list\'\'\'\'3\');
INSERT INTO `wifi_admin_nav` VALUES (\'16\'\'0\'\'会员管理\'\'Admin/ShowNav/\'\'users\'\'4\');
INSERT INTO `wifi_admin_nav` VALUES (\'17\'\'16\'\'会员列表\'\'Admin/User/index\'\'\', null);
INSERT INTO `wifi_admin_nav` VALUES (\'36\'\'0\'\'文章管理\'\'Admin/ShowNav/posts\'\'th\'\'6\');
INSERT INTO `wifi_admin_nav` VALUES (\'37\'\'36\'\'文章列表\'\'Admin/Posts/index\'\'\', null);
 
b.用户组表
CREATE TABLE `wifi_auth_group` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `title` char(100) NOT NULL DEFAULT \'\',
  `status` tinyint(1) NOT NULL DEFAULT \'1\',
  `rules` text COMMENT \'规则id\',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=8 DEFAULT CHARSET=utf8 COMMENT=\'用户组表\';
 
INSERT INTO `wifi_auth_group` VALUES (\'1\'\'超级管理员\'\'1\'\'6,96,20,1,2,3,4,5,64,126,21,7,8,9,10,11,12,13,14,15,16,123,124,125,19,104,105,106,107,108,109,110,111,112,117\');
INSERT INTO `wifi_auth_group` VALUES (\'2\'\'产品管理员\'\'1\'\'6,96,1,2,3,4,56,57,60,61,63,71,72,65,67,74,75,66,68,69,70,73,77,78,82,83,88,89,90,99,91,92,97,98,104,105,106,107,108,118,109,110,111,112,117,113,114\');
INSERT INTO `wifi_auth_group` VALUES (\'4\'\'文章编辑\'\'1\'\'6,96,57,60,61,63,71,72,65,67,74,75,66,68,69,73,79,80,78,82,83,88,89,90,99,100,97,98,104,105,106,107,108,118,109,110,111,112,117,113,114\');
 
 
c.用户与用户组关系表
CREATE TABLE `wifi_auth_group_access` (
  `uid` int(11) unsigned NOT NULL COMMENT \'用户id\',
  `group_id` int(11) unsigned NOT NULL COMMENT \'用户组id\',
  UNIQUE KEY `uid_group_id` (`uid`,`group_id`),
  KEY `uid` (`uid`),
  KEY `group_id` (`group_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT=\'用户组明细表\';
 
INSERT INTO `wifi_auth_group_access` VALUES (\'1\'\'1\');
INSERT INTO `wifi_auth_group_access` VALUES (\'211\'\'2\');
INSERT INTO `wifi_auth_group_access` VALUES (\'203\'\'4\');
 
d.权限表
CREATE TABLE `wifi_auth_rule` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `pid` int(11) unsigned NOT NULL DEFAULT \'0\' COMMENT \'父级id\',
  `name` char(80) NOT NULL DEFAULT \'\' COMMENT \'规则唯一标识\',
  `title` char(20) NOT NULL DEFAULT \'\' COMMENT \'规则中文名称\',
  `status` tinyint(1) NOT NULL DEFAULT \'1\' COMMENT \'状态:为1正常,为0禁用\',
  `type` tinyint(1) unsigned NOT NULL DEFAULT \'1\',
  `condition` char(100) NOT NULL DEFAULT \'\' COMMENT \'规则表达式,为空表示存在就验证,不为空表示按照条件验证\',
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM AUTO_INCREMENT=127 DEFAULT CHARSET=utf8 COMMENT=\'规则表\';
 
INSERT INTO `wifi_auth_rule` VALUES (\'1\'\'20\'\'Admin/ShowNav/nav\'\'菜单管理\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'2\'\'1\'\'Admin/Nav/index\'\'菜单列表\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'3\'\'1\'\'Admin/Nav/add\'\'添加菜单\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'4\'\'1\'\'Admin/Nav/edit\'\'修改菜单\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'5\'\'1\'\'Admin/Nav/delete\'\'删除菜单\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'21\'\'0\'\'Admin/ShowNav/rule\'\'权限控制\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'7\'\'21\'\'Admin/Rule/index\'\'权限管理\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'8\'\'7\'\'Admin/Rule/add\'\'添加权限\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'9\'\'7\'\'Admin/Rule/edit\'\'修改权限\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'10\'\'7\'\'Admin/Rule/delete\'\'删除权限\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'11\'\'21\'\'Admin/Rule/group\'\'用户组管理\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'12\'\'11\'\'Admin/Rule/add_group\'\'添加用户组\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'13\'\'11\'\'Admin/Rule/edit_group\'\'修改用户组\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'14\'\'11\'\'Admin/Rule/delete_group\'\'删除用户组\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'15\'\'11\'\'Admin/Rule/rule_group\'\'分配权限\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'16\'\'11\'\'Admin/Rule/check_user\'\'添加成员\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'19\'\'21\'\'Admin/Rule/admin_user_list\'\'管理员列表\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'20\'\'0\'\'Admin/ShowNav/config\'\'系统设置\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'6\'\'0\'\'Admin/Index/index\'\'后台首页\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'64\'\'1\'\'Admin/Nav/order\'\'菜单排序\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'96\'\'6\'\'Admin/Index/welcome\'\'欢迎界面\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'104\'\'0\'\'Admin/ShowNav/posts\'\'文章管理\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'105\'\'104\'\'Admin/Posts/index\'\'文章列表\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'106\'\'105\'\'Admin/Posts/add_posts\'\'添加文章\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'107\'\'105\'\'Admin/Posts/edit_posts\'\'修改文章\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'108\'\'105\'\'Admin/Posts/delete_posts\'\'删除文章\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'109\'\'104\'\'Admin/Posts/category_list\'\'分类列表\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'110\'\'109\'\'Admin/Posts/add_category\'\'添加分类\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'111\'\'109\'\'Admin/Posts/edit_category\'\'修改分类\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'112\'\'109\'\'Admin/Posts/delete_category\'\'删除分类\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'117\'\'109\'\'Admin/Posts/order_category\'\'分类排序\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'123\'\'11\'\'Admin/Rule/add_user_to_group\'\'设置为管理员\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'124\'\'11\'\'Admin/Rule/add_admin\'\'添加管理员\'\'1\'\'1\'\'\');
INSERT INTO `wifi_auth_rule` VALUES (\'125\'\'11\'\'Admin/Rule/edit_admin\'\'修改管理员\'\'1\'\'1\'\'\');

实现步骤三:项目配置文件config.php中添加

复制代码
\'AUTH_CONFIG\'=>array(
        \'AUTH_ON\' => true, //认证开关
        \'AUTH_TYPE\' => 1, // 认证方式,1为时时认证;2为登录认证。
        \'AUTH_GROUP\' => \'wifi_auth_group\', //用户组表
        \'AUTH_GROUP_ACCESS\' => \'wifi_auth_group_access\', //用户与用户组关系表
        \'AUTH_RULE\' => \'wifi_auth_rule\', //权限表
        \'AUTH_USER\' => \'wifi_admin\'//用户表
    )
复制代码

实现步骤四:创建Common控制器,定义_initialize 方法,检测当前用户是否权限(所有权限验证的类都需要继承这个类),并规避不进行验证的模块(配置文件中定义的NOT_AUTH_MODULE)

复制代码
复制代码
<?php
class CommonAction extends Action{
    public function _initialize(){
      // 用户权限检查
      import("ORG.Util.Auth");
      $auth=new Auth();
      $rule_name=GROUP_NAME.\'/\'.MODULE_NAME.\'/\'.ACTION_NAME;
      if (C(\'USER_AUTH_ON\') && !in_array(MODULE_NAME, explode(\',\', C(\'NOT_AUTH_MODULE\'))) && $rule_name != "Admin/Public/verify") {
         $result=$auth->check($rule_name,$_SESSION[\'authId\']);
         if(!$result)
            $this->error(\'您没有权限访问\');
     }
   }
}
复制代码
复制代码

实现步骤五:

a.菜单管理:(NavAction控制器,AdminNavModel模型),对后台菜单进行增删改查排序等

b.权限管理:权限管理功能。RuleAction控制器 AuthRuleModel模型 AuthGroupModel模型 AuthGroupAccessModel模型

   1、对权限进行展示、添加、修改、删除
   2、对用户组进行权限分配、用户绑定、展示、添加、修改、删除
   3、对管理员进行用户组绑定与信息修改

分类:

技术点:

相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode