dongzongzi0379 2018-01-31 15:22
浏览 71

PHP角色系统 - 逻辑问题[关闭]

I'm developing a small project that I want to implement an "advanced" role system based on the page user visit. I have some trouble in processing the logic behind this scheme, since I want to be able to add and remove roles and permissions, I think in this way to do it. Hope you can share your suggestions with me.

I have my users table that beside the username, password, etc fields, it contains a userlevel field.

I'm planning to create the following scheme:

Roles table:

id - AI -> is referenced with **userlevel** field in users table
name - Role Name 
description - Role Description Description

pages table:

id - AI
page_link -> saves the link of the page
description

permissions table:

id - AI
role_id -> referenced with **id** in roles table
page_id -> referenced with **id** in pages table

So my thought is:

Every page that is supposed to be protected in some way:

  1. read the userlevel from users table;
  2. Search if that role exists in roles table;
  3. If not, deny access, if exists, create an array of page_id for the role_id from users permissions;
  4. Create an array for pages_link from table pages based in the each page_id from table permissions;
  5. Read the URL and if page link in array, allow access, if not, deny access;

I have my links like: /add-user /remove-user/user_id

If I give permissions to page /remove-user, can a user delete an user? (Basically access to /remove-user/user_id)

Am I thinking this the right way? I'm getting really confused in creating such system. I would really like to have access to pages and features (for example, a moderador should be allowed to ban an user but not to delete it - if those features are on the same page, how can I achieve it?). Beside that I need another table for "functions" that allow the user do that or not and the create the code in the way?

For example table userfunctions

id
role_id
permission

If in this table there is a permission edit_users, then when rendering the page, if in array "feature", show or not button?

Can you kind please guide me in this way? There is a quicker way to do this without such theory? I can easily do this code, I'm just confused in the logic process behind a scheme like this.

Thanks

  • 写回答

1条回答 默认 最新

  • dsedug8644 2018-01-31 15:54
    关注

    My personal approach:

    1. Check if page is public (not restricted to any user), if so, stop.
    2. Check if user is logged in, if not redirect to log in page.
    3. Check if user's level is sufficient enough to view the page, if not redirect to their home page.

    I usually do this by having at the top of each page one function to do all of the above:

    <?php
require('system_loader.php');
check_access(ACCESS_LEVEL_ADMIN);

    In my configuration files, I define a set of the current roles:

    define('ACCESS_LEVEL_SUPERADMIN',1);
define('ACCESS_LEVEL_ADMIN',2);
define('ACCESS_LEVEL_MODERATOR',5);
define('ACCESS_LEVEL_USER',10);
define('ACCESS_LEVEL_PUBLIC',100);

    This then allows me to at the top of each page define what access level is required to view it.

    So, the pseudo-code for the function would be:

    function check_access($level_required) {
 if ($level_required= ACCESS_LEVEL_PUBLIC) return;
 if (user_session_is_not_valid) redirect to login
 if (user_level < $level_required) redirect to user account page
}

    This is a basic system, but it saves you from worrying about the logic, so long as you get everything in place in terms of managing the user session. It relies on a sliding scale of permission, such that the highest value will always have the most permission, and the lowest will have only public permission.

    Mind you, having the roles hard coded in to the system is different that what you proposed in having the roles in the database. The same logic could be applied, except you would need to check the role in the database.

    I should also note that your proposed system would work fine as well. It would be more complicated and would give far greater control in regards to individual functions and such.

    In my example, you could simply restrict using conditional coding, checking if the user should be allowed to do a particular function.

    If you expect to have roles not fitting in to a sliding scale of access, then you would indeed have to maintain a reference table linking the level of access with particular pages or functions.

    评论

报告相同问题?

悬赏问题

  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径