A complete system will inevitably involve the management of permissions. After years of study, I have written the permission design that I understand as follows, which is also an improvement for myself and may also help others.
First of all, we need to understand a few terms.
noun:
User: the logged in user
Role: that is, a general term for a type of person, who is also the owner of a series of functional sets.
Function: That is to say, a specific item is displayed on the menu, such as new connection under the file module under navicat, open connection, close connection, and export connection are all functions.
Module: It is a classification of a series of functions. For example, the file module, viewing module, tool module, help module, etc. under Navicat.
Clarify the relationship:
Then we need to sort out the relationship between them.
A person has multiple roles, and a role can be owned by multiple people. That is, a many-to-many relationship.
A role has multiple functions, and a function can be owned by multiple roles. That is, a to-many relationship.
A function can only belong to one module, and a module can have multiple functions. That is, a many-to-one relationship.
Table Design:
After clarifying the relationship between them, so good, we use the table to store the relationship between them. We need a user table, a role table, a function table module table, and then a table for storing the relationship between users and roles, and a table for roles that have functions. In order to store this many-to-many relationship, create a new table is required, functions and modules can be stored in a table. So we need five tables.
Use of the permission system:
So how do we apply it to program development? ? ?
We can do this. First, our user logs in to the system to obtain the login account and the user's role. According to the logged-in role, we can query the functions possessed by the role. This is definitely possible. Next, how do we associate modules with roles? ? Then I will provide an idea: we query the function according to the role, then naturally we will wait until the function and the corresponding module, and then we can use distinct to get the module again , which will also associate the role, of course The query result can be regarded as a new table T1 (T1 only records the functions under the function modules and roles). Then, for the functions under the module, we can query the function module table just queried, which is the T1 table, and query the function module ID equal to the module ID we just queried. This will complete the permission system.