通过用户ID而不是角色的ACL(访问控制列表)代码生成器
[英]ACL (Access Control List) Codeigniter by User ID not by Roles
问题描述
I tried to create ACL (access control list) but per user id, not by role because the client wants that same level but has different permission 
我尝试创建ACL(访问控制列表),但按用户ID而不是按角色创建,因为客户端需要相同级别但具有不同权限
how I can check if the user accessing a method or controller that don't have permission in database 如何检查用户是否访问数据库中没有权限的方法或控制器
here is table permissions structure 这是表权限结构
+------------------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------------------+--------------+------+-----+---------+----------------+
| permission_id | int(11) | NO | PRI | NULL | auto_increment |
| permission_name | varchar(255) | NO | | NULL | |
| permission_desc | text | YES | | NULL | |
| permission_created_at | datetime | YES | | NULL | |
| permission_modified_at | datetime | YES | | NULL | |
+------------------------+--------------+------+-----+---------+----------------+
then, permissions table has relation with permission_role table and here is permission_role 's structure 然后, 权限表与表permission_role关系,这里的permission_role结构
+--------------------+---------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------------------+---------+------+-----+---------+----------------+
| permission_role_id | int(11) | NO | PRI | NULL | auto_increment |
| user_id | int(11) | NO | MUL | NULL | |
| permission_id | int(11) | NO | MUL | NULL | |
+--------------------+---------+------+-----+---------+----------------+
now, I am confused if the user accesses a controller that the user doesn't have permissions to access it, how I can check it? 现在,如果用户访问的控制器没有权限访问该控制器,我会感到困惑,该如何检查? if check by route or URI but my database didn't save class controller ... Any solution please ? 如果通过路由或URI进行检查,但是我的数据库没有保存类控制器...请采取任何解决方案?
Thank you, and sorry for my bad English 谢谢,对不起,我英语不好
1 个解决方案
解决方案1
0 2018-12-10 15:06:08
Assuming Branch .etc. 假设Branch .etc。 is the controller and view , edit are methods with your storage system you would have to do: 是控制器,而view , edit是您必须使用的存储系统方法:
class Branch extends CI_Controller {
public function view {
$this->acl->can_access(6);
}
public function edit {
$this->acl->can_access(9);
}
}
Acl Model: ACL型号:
class Acl extends CI_Model {
public function can_access($permission_id = null) {
$uid = $this->session->userdata('user_id');
if (!is_null($uid) && !is_null($permission_id)) {
$this->db->where('user_id', $uid);
$this->db->where('permission_id', $permission_id);
$this->db->from('permissions_role');
if ($this->db->count_all_results() > 0) {
return;
}
}
show_error('Not allowed'); // function exits
}
}
If you refactored your db structure to contain both your controller/method in the permission table you wouldn't have to include can_access in every auth method and could just have your controllers extend a MY_Controller with code that looks like: 如果您将数据库结构重构为在permission表中同时包含控制器/方法,则不必在每个auth方法中都包含can_access ,而只需让控制器使用以下代码扩展MY_Controller :
class MY_Controller extends CI_Controller {
public function __construct() {
parent::__construct();
$this->can_access();
}
private function can_access() {
$controller = $this->router->class;
$method = $this->router->method;
$curr_user = $this->session->userdata('user_id');
// do join between permissions and permissions role...
// check if num_rows > 0 for current user given the controller/method
// if num_rows is not greater than 0 (user doesn't have permission)
// then show error. otherwise do nothing (user has permission)
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.