There are two ways of permission management in thinkphp. The more common one is RBAC, which is also more human and easy to understand. It is node-based permission management. Auth can also do permission management based on rules. Let’s talk about them separately.
1. Thinkphp RBAC permission management, 5 tables can easily manage permissions
User table think_username
id name password
User group table (also known as role table) think_group
gid gname
The relationship table between users and roles think_group_user
id uid gid
Permission table (also known as access permission table, table between controllers and methods, also known as node table) think_role
id jname
The table think_role_group between roles and permissions
id gid jid
#代码找不到了,具体可参考幕课网RBAC视频教程
2. Thinkphp Auth permission management is based on rules
Auth authority authentication is to authenticate according to the rules. In the database we have
Rule table (think_auth_rule)
user group table (think_auth_group)
user group obvious table (think_auth_group_access)
We define permission rules in the rule table, define what permission rules each user group has in the user group table, and define users in the user group obvious table The user group to which it belongs.
<?php
namespace Home\Controller;
use Think\Auth;
use Think\Controller;
use Think\Page;
class AuthController extends CommonController
{
/**
* 规则列表
*/
public function index()
{
$rules = M('AuthRule')->select();
$count = count($rules);
$page = new Page($count,10);// 实例化分页类 传入总记录数和每页显示的记录数(10)
$show = $page->show();// 分页显示输出
$menu1 = M('AuthRule')->where(array('pid'=>0))->select();
$rules = M('AuthRule')->limit($page->firstRow.','.$page->listRows)->select();
$this->assign('page',$show);
$this->assign("count",$count);
$this->assign("rules",$rules);
$this->assign("menurules",$menu1);
$this->display();
}
/**
* 查找规则
*/
public function findrule()
{
$cond = array('id'=>$_POST['id']);
$rule = M('AuthRule')->where($cond)->find();
$this->ajaxReturn($rule,'json');
}
/**
* 添加规则
*/
public function add()
{
$rules = M('AuthRule')->where(array('pid'=>0))->select();
if ($_POST){
$name = $_POST['name'];
$title = $_POST['title'];
$type = $_POST['type'];
$status = $_POST['status']?$_POST['status']:0;
$condition = $_POST['condition'];
$pid = $_POST['pid'];
$ismenu = $_POST['ismenu'];
$sort_order = $_POST['sort_order'];
$data = compact('name','title','type','status','condition','pid','ismenu','sort_order');
M('AuthRule')->add($data);
alert('添加成功','/home/auth/index');
}
$this->assign("rules",$rules);
$this->display();
}
/**
* 修改规则
*/
public function editrule()
{
if ($_POST['id'])
{
$data = array(
'name'=>$_POST['name'],
'title'=>$_POST['title'],
'status'=>$_POST['status']?$_POST['status']:0,
'condition'=>$_POST['condition']?$_POST['condition']:0,
'pid'=>$_POST['pid'],
'ismenu'=>$_POST['ismenu'],
'sort_order'=>$_POST['sort_order']
);
M('AuthRule')->where(array('id'=>$_POST['id']))->save($data);
}
$re = array(
'code'=>1,
'message'=>'success'
);
$this->ajaxReturn($re,'json');
}
/**
* 删除规则
*/
public function delrule()
{
$id = $_GET['id'];
if ($id)
{
M('AuthRule')->where(array('id'=>$id))->delete();
alert("删除成功!",'/home/auth/index');
}else{
alert("删除失败",'/home/auth/index');
}
}
/**
* 规则组
*/
public function authGroup()
{
$groupRules = M('AuthGroup')->select();
$count = count($groupRules);
$this->assign("count",$count);
$this->assign('groupRules',$groupRules);
$this->display();
}
/**
* 添加规则组
*/
public function addAuthGroup()
{
$rules = M('AuthRule')->select();
$auth = new Auth();
$rules = $auth->unlimitedForLayer($rules);
if ($_POST)
{
$postrules = $_POST['rules'];
$cond['id'] = array('in',$postrules);
$crules = M('AuthRule')->where($cond)->select();
$auth = new Auth();
$data = $auth->childForLayer($crules);
$saverules = implode(",",array_column($data,'id'));
$data = array(
'title'=>$_POST['title'],
'status'=>$_POST['status'],
'rules'=>$saverules
);
M('AuthGroup')->add($data);
alert("添加成功",'/home/auth/authGroup');
}
$this->assign('rules',$rules);
$this->display();
}
/**
* 修改规则组页面
*/
public function editAuthGroup()
{
$id = $_GET['id'];
$group = M('AuthGroup')->where(array('id'=>$id))->find();
$grouprules = explode(',', trim($group['rules'], ','));
$rules = M('AuthRule')->select();
/**************************************************/
$auth = new Auth();
$rules = $auth->unlimitedForLayer($rules);
// print_r($rules);die();
/**************************************************/
$this->assign('rules',$rules);
$this->assign('grouprules',$grouprules);
$this->assign('group',$group);
$this->display();
}
/**
* 修改规则组逻辑
*/
public function updateAuthGroup()
{
$postrules = $_POST['rules'];
$cond['id'] = array('in',$postrules);
$rules = M('AuthRule')->where($cond)->select();
$auth = new Auth();
$data = $auth->childForLayer($rules);
$rules = implode(",",array_column($data,'id'));
$data = array(
'title'=>$_POST['title'],
'status'=>$_POST['status']?$_POST['status']:0,
'rules'=>$rules
);
M('AuthGroup')->where(array('id'=>$_POST['id']))->save($data);
alert("添加成功",'/home/auth/authGroup');
}
/**
* 删除规则组
*/
public function delGroup()
{
$id = $_GET['id'];
$re = M('AuthGroup')->where(array('id'=>$id))->delete();
if ($re)
{
alert('删除成功','/home/auth/authGroup');
}else{
alert('删除失败','/home/auth/authGroup');
}
}
/**
* 用户组
*/
public function userGroup()
{
$users = M('admin a')
->join('yixiang_auth_group_access agc on a.id=agc.uid')
->join('yixiang_auth_group ag on ag.id = agc.group_id')
->field('a.id as id,a.username as username,ag.title as title')
->select();
// dump($users);die();
$groups = M('AuthGroup ag')->select();
$count = count($users);
$this->assign('users',$users);
$this->assign('groups',$groups);
$this->assign('count',$count);
$this->display();
}
/**
* 编辑用户组
*/
public function editgroup()
{
if ($_POST)
{
$uid = $_POST['userid'];
$groupid = $_POST['groupid'];
$data = array(
'group_id'=>$groupid
);
M('AuthGroupAccess')->where(array('uid'=>$uid))->save($data);
$returndata = array(
'code'=>1,
'message'=>'success'
);
$this->ajaxReturn($returndata);
}
}
public function getOnemenu()
{
$menu = M('AuthRole')->where(array('pid'=>0))->select();
return $menu;
}
public function setmenu()
{
$this->display('Common/nav');
}
}