实现简单的ACL

php代码
$rsid,
            'access' => self::formataccessvalue($access),
            'desc' => $desc,
            'created_at' => current_timestamp
        );
return singletablecrud::insert($this->tbresources,$resource);
    }
/**
     * 修改资源,返回成功状态
     *
     * @param array $resource
     * @return int
     */
    function updateresource(array $resource){
        if (!isset($resource['rsid'])) return false;
$resource['updated_at'] = current_timestamp;
return singletablecrud::update($this->tbresources,$resource,'rsid');
    }
/**
     * 删除资源
     *
     * @param string $rsid
     * @return int
     */
    function deleteresource($rsid){
        if (emptyempty($rsid)) return false;
        return singletablecrud::delete($this->tbresources,array('rsid'=>$rsid));
    }
/**
     * 创建角色,返回角色记录主键
     *
     * @param string $rolename
     * @param string $desc
     *
     * @return int
     */
    function createrole($rolename,$desc){
        if (emptyempty($rolename)) return false;
$role = array(
            'rolename' => $rolename,
            'desc' => $desc,
            'created_at' => current_timestamp
        );
return singletablecrud::insert($this->tbroles,$role);
    }
/**
     * 修改角色,返回成功状态
     *
     * @param array $role
     * @return int
     */
    function updaterole(array $role){
        if (!isset($role['id'])) return false;
if (isset($role['rolename'])) unset($role['rolename']);
        $role['updated_at'] = current_timestamp;
return singletablecrud::update($this->tbroles,$role,'id');
    }
/**
     * 删除角色
     *
     * @param int $role_id
     * @return int
     */
    function deleterole($role_id){
        if (emptyempty($role_id)) return false;
        return singletablecrud::delete($this->tbroles,array('role_id'=>(int) $role_id));
    }
/**
     * 为资源指定角色,每次均先全部移除表中相关记录再插入
     *
     * @param int $rsid
     * @param mixed $roleids
     * @param boolean $setnull 当角色id不存在时,是否将资源从关联表中清空
     */
    function allocaterolesforresource($rsid,$roleids,$setnull=false,$defaultaccess=-1){
        if (emptyempty($rsid)) return false;
$roleids = normalize($roleids,',');
        if (emptyempty($roleids)){
            if ($setnull){
                singletablecrud::delete($this->tbrefresourcesroles,array('rsid'=>$rsid));
if ($defaultaccess != -1){
                    $defaultaccess = self::formataccessvalue($defaultaccess);
                    $this->updateresource(array('rsid'=>$rsid,'access'=>$defaultaccess));
                }
                return true;
            }
            return false;
        }
singletablecrud::delete($this->tbrefresourcesroles,array('rsid'=>$rsid));
$roleids = array_unique($roleids);
foreach ($roleids as $role_id){
            singletablecrud::insert($this->tbrefresourcesroles,array('rsid'=>$rsid,'role_id'=>(int)$role_id));
        }
        return true;
    }
function cleanrolesforresource($rsid){
        if (emptyempty($rsid)) return false;
        return singletablecrud::delete($this->tbrefresourcesroles,array('rsid'=>$rsid));
    }
function cleanresourcesforrole($role_id){
        if (emptyempty($role_id)) return false;
        return singletablecrud::delete($this->tbrefresourcesroles,array('role_id'=>(int) $role_id));
    }
/**
     * 为角色分配资源,每次均先全部移除表中相关记录再插入
     *
     * @param int $role_id
     * @param mixed $rsids
     *
     * @return boolean
     */
    function allocateresourcesforrole($role_id,$rsids){
        if (emptyempty($role_id)) return false;
$role_id = (int) $role_id;
        $rsids = normalize($rsids,',');
        if (emptyempty($rsids)){
            return false;
        }
singletablecrud::delete($this->tbrefresourcesroles,array('role_id'=>$role_id));
$rsids = array_unique($rsids);
foreach ($rsids as $rsid){
            singletablecrud::insert($this->tbrefresourcesroles,array('rsid'=>$rsid,'role_id'=>$role_id));
        }
        return true;
    }
/**
     * 为用户指派角色,每次均先全部移除表中相关记录再插入
     *
     * 此处在用户很多的时候可能会有性能问题... 后面再想怎么优化
     *
     * @param int $user_id
     * @param mixed $roleids
     *
     * @return boolean
     */
    function allocaterolesforuser($user_id,$roleids){
        if (emptyempty($user_id)) return false;
$user_id = (int) $user_id;
        $rsids = normalize($rsids,',');
        if (emptyempty($rsids)){
            return false;
        }
singletablecrud::delete($this->tbrefusersroles,array('user_id'=>$user_id));
$roleids = array_unique($roleids);
foreach ($roleids as $roleid){
            singletablecrud::insert($this->tbrefusersroles,array('user_id'=>$user_id,'role_id'=>$role_id));
        }
        return true;
    }
function cleanrolesforuser($user_id){
        if (emptyempty($user_id)) return false;
        return singletablecrud::delete($this->tbrefusersroles,array('user_id'=>(int) $user_id));
    }
function cleanusersforrole($role_id){
        if (emptyempty($role_id)) return false;
        return singletablecrud::delete($this->tbrefusersroles,array('role_id'=>(int) $role_id));
    }
}
/**
* 对资源进行acl校验
*
* @param string $rsid 资源标识
* @param array $user 特定用户,不指定则校验当前用户
*
* @return boolean
*/
function aclverity($rsid,array $user = null){
    if (emptyempty($rsid)) return false;
}
java代码
/*
     * 校验步骤如下:
     *
     * 1. 先校验资源本身access 属性
     *    everyone => true,nobody => false * 其它的属性在下面继续校验
     * 2. 从session(或者用户session表)中获取角色id集合
     * 3. 如果用户拥有角色则has_role => true , no_role => false;反之亦然
     * 4. 如果资源access == allocate_roles
     *      1. 从缓存(或者$tbrefresourcesroles)中获取资源对应的角色id集合
     *      2. 将用户拥有的角色id集合与资源对应的角色id集合求交集
     *      3. 存在交集=> true;否则=> false
     */
花了半个小时晕死明天再抽空完善....
http://www.bkjia.com/phpjc/478723.htmlwww.bkjia.comtruehttp://www.bkjia.com/phpjc/478723.htmltecharticlephp代码 ?php /** * 简单的acl 权限控制功能 * * 表定义 * * 1. 资源定义 (rsid,access,desc) * 2. 角色定义 (id,rolename,desc) * 3. 资源-角色关联(rsid,role_id...

实现简单的ACL_PHP教程

推荐信息