首先,先建立Rbac那五张表(用户表,角色表,节点表,权限表,角色-用户表),后面四张可以在thinkphp中Rbac类里直接复制。
第二步,根据需求往那五张表里插入数据,注意:节点表里的节点名称一定要跟当前的应用,控制器和方法名称一致,还有应用的level值等于1,不是等于0的,以下为PHP代码:
<?php namespace HomeController; use ThinkController; use OrgUtilRbac; class RbacController extends CommonController{ public function index(){ $this->user=D('UserRelation')->relation(true)->select(); $this->display(); } public function addUser(){ $this->role=M('role')->select(); $this->display(); } public function addUserHandle(){ $arr=I('post.'); $data=array( 'userName'=>I('post.username'), 'password'=>I('post.password','','md5'), 'logintime' =>date('Y-m-d:H:i:s',time()), 'loginip' => get_client_ip() ); if ($uid=M('user')->add($data)) { foreach ($arr['rid'] as $v) { $id[]=array( 'role_id'=>$v, 'user_id'=>$uid ); } M('role_user')->addAll($id); $this->success('添加成功',U('Rbac/index')); }else{ $this->error('添加失败'); } } public function deleteUser(){ if (M('user')->where(array('id'=>I('get.id')))->delete()) { M('role_user')->where(array('user_id'=>I('get.id')))->delete(); $this->success('删除成功',U('Rbac/index')); }else{ $this->error('删除失败'); } } public function addRole(){ $this->display(); } public function addRoleHandle(){ if (M('role')->add(I('post.'))) { $this->success('添加成功',U('Rbac/roleList')); }else{ $this->error('添加失败'); } } public function roleList(){ $this->role=M('role')->select(); $this->display(); } public function deleteRole(){ if (M('role')->where(array('id'=>I('get.id')))->delete()) { M('access')->where(array('role_id'=>I('get.id')))->delete(); $this->success('删除成功',U('Rbac/roleList')); }else{ $this->error('删除失败'); } } public function addNode(){ $this->pid=I('get.pid',0); $this->level=I('get.level',1); switch ($this->level) { case '1': $this->string='应用'; break; case '2': $this->string='控制器'; break; case '3': $this->string='方法'; break; } $this->display(); } public function addNodeHandle(){ if (M('node')->add(I('post.'))) { $this->success('添加成功',U('Rbac/nodeList')); }else{ $this->error('添加失败'); } } public function nodeList(){ $node=M('node')->select(); $this->node=order($node); $this->display(); } public function deleteNode(){ $node=M('node')->select(); $pid=I('get.id'); $node=getChildrenId($node,$pid); M('node')->where(array('id'=>$pid))->delete(); foreach ($node as $v) { M('node')->where(array('id'=>$v))->delete(); } $this->success('删除成功',U('Rbac/nodeList')); } public function access(){ $node=M('node')->select(); $this->role_id=I('get.id'); $access=M('access')->where(array('role_id'=>$this->role_id))->getField('node_id',true); $this->node=order($node,$access); $this->display(); } public function accessHandle(){ $data=I('post.'); foreach ($data['access'] as $v) { $access=explode('_', $v); $arr[]=array( 'role_id'=>I('post.role_id'), 'node_id'=>$access['0'], 'level'=>$access['1'] ); } M('access')->where(array('role_id'=>I('post.role_id')))->delete(); if (M('access')->addAll($arr)) { $this->success('配置成功',U('Rbac/roleList')); }else{ $this->error('配置失败'); } } } ?>
第三步,编写配置项,以下代码:
<?php
return array(
'USER_AUTH_ON'=>true,
'USER_AUTH_TYPE'=>'1',
'USER_AUTH_KEY'=>'uid',
'ADMIN_AUTH_KEY'=>'superadmin',
'RBAC_SUPERADMIN'=>'admin',
'RBAC_ROLE_TABLE'=>'fsxb_role',
'RBAC_USER_TABLE'=>'fsxb_role_user',
'RBAC_ACCESS_TABLE'=>'fsxb_access',
'RBAC_NODE_TABLE'=>'fsxb_node',
'NOT_AUTH_CONTROLLER'=>'Public',
'NOT_AUTH_ACTION'=>'index,tree,consumerList,addUserHandle,addRoleHandle,addNodeHandle,accessHandle,agentList,modelList,download,addConsumerHandle,updateConsumerHandle,addAgentHandle,updateAgentHandle,addModelHandle,updateModelHandle'
);
第四步,调用thinkphp中Rbac类,在登陆方法存储session的时候,把权限也存储进去,添加以下代码:
if($username== C('RBAC_SUPERADMIN')) { session(C('ADMIN_AUTH_KEY'), true); } Rbac::saveAccessList();
第五步,在CommonController公共控制器的自动运行函数中调用Rbac权限认证方法,代码如下:
<?php namespace HomeController; use ThinkController; use OrgUtilRbac; class CommonController extends Controller{ public function _initialize(){ if(!session('uid')){ $this->redirect('Public/index'); } $notAuth = in_array(CONTROLLER_NAME , explode(',', C('NOT_AUTH_CONTROLLER'))) || in_array(ACTION_NAME, C('NOT_AUTH_ACTION')); //权限验证 if(C('USER_AUTH_ON') && !$notAuth) { //使用了项目分组,则必须引入GROUP_NAME RBAC::AccessDecision() || $this->error("你没有权限"); } } } ?>
到此为止,thinkphp权限认证编写完成