如何设置用户角色和权限? [英] How to set up user roles and permissions?
问题描述
我希望对应用程序进行一些修改,以便在我的MY_Controller上检查是否允许用户访问当前页面。这是我的一个控制器的示例。我所有的人都具有读取,编辑,创建,删除功能。我只需要弄清楚如何全局设置权限以允许或禁止用户访问功能,而不是对每个功能执行if语句。
I'm looking to add in some modifications to my application so that on my MY_Controller it checks to see if the user is allowed to access the current page or not. This is an example of one of my controllers. All of mine have a read, edit, create, delete functions. I just need to figure out how to globally set up permissions to allow or disallow a user from accessing it the function other than doing if statements on every function.
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Content_pages extends MY_Controller
{
/**
* Account::__construct()
*
* Load the parent construct and any additional models, helper, libraries available.
*
* @return void
*/
public function __construct()
{
parent::__construct();
$this->load->model('content_page_model', 'content_page');
}
/**
* Content_pages::read()
*
* @return
*/
public function read()
{
//vardump($this->user_data);
// Checks to see if the user has a role id of four and if they do then it shows the admin dashboard and if not then shows the user dashboard.
if ($this->user_data->access_level_id >= 4)
{
// Retrieve all the users from the database that handle characters and assign it to the users variable.
$content_pages = $this->content_page->get_all();
// Place to dump the users array to verify it is the expected value.
// vardump($users);
// Checks to verify that there is data inside of the users array and that it is not empty.
if (!empty($content_pages))
{
$this->template->set('content_pages', $content_pages);
}
// Add the breadcrumbs to the view.
$this->breadcrumb->add_crumb('<li><a href="' . base_url() . 'wrestling-manager/control-panel" class="glyphicons home"><i></i> Control Panel</a></li>');
$this->breadcrumb->add_crumb('<li><i></i> Content Pages</li>');
$this->breadcrumb->change_link('<li class="divider"></li>');
// Sets all the properites for the template view.
$this->template
->set_theme('smashing')
->set_layout('control_panel_view')
->set_partial('header', 'partials/header')
->set_partial('sidebar','partials/sidebar')
->set_partial('footer', 'partials/footer')
->title('Content Pages')
->set('user_data', $this->user_data)
->build('content_pages_view');
}
else
{
echo 'haha';
//redirect('wrestling-manager/control-panel');
}
}
/**
* Content_pages::edit()
*
* @return void
*/
public function create()
{
echo 'testing for create function';
}
/**
* Content_pages::edit()
*
* @return void
*/
public function edit($content_page_id)
{
vardump($content_page_id);
}
public function delete($content_page_id)
{
vardump($content_page_id);
}
/**
* Content_pages::save()
*
* @return
*/
public function save()
{
echo 'testing for save function';
}
/**
* Content_pages::update()
*
* @return
*/
public function update()
{
echo 'testing for update function';
}
}
推荐答案
您可以在配置文件或数据库中设置权限。
You could have your permissions set up either in a configuration file or in database.
通过权限检查,您最好在调用任何控制器之前使用拦截器/过滤器。
With permission checking you'd probably be better off using interceptors/filters right before invoking any controller.
对于控制器,我不得不说您做错了一点,因为它们通常不打算执行CRUD操作,而是针对特定域的操作更高的级别(或者在较低级别的情况下,使用单个常见的 handleRequest
方法)。
For the controllers, I have to say you're doing it a bit wrong as they're generally not intended to carry out CRUD operations, but domain-specific operations on a far higher level (or, in lower level case, a single common handleRequest
method).
- 具有角色列表和权限列表。 (例如,GUEST,USER,ADMIN角色;权限是特定于域的)
- 根据需要将角色与权限相关联。
- 为每个用户分配一个角色
然后,您可以通过 AuthorizationService
检查当前用户是否允许做某事或不做某事。例如,此服务可以遍历给定操作需要验证的所有权限,以确保当前用户的角色确实拥有这些权限;例如:
You can then, via an AuthorizationService
, check whether the current user is allowed to do something or not. This service, for example could iterate over all the permissions a given operation requires an verify that the role for the current user does have those; for example:
class AuthorizationFilter {
public function verifyAccess($user, $request) {
$role = $user->getRole();
$permissions = $authorization->getPermissionsFor($request);
$allowed = true; // true as a missing permission will later set it to false
for ($i = 0; $i < size($permissions); $i++) {
$allowed &= $role->hasPermission($permissions[$i]);
}
return $allowed;
}
}
之后,您可以为原始请求调用控制器或基于授权结果的备用,例如:
Afterwards, you can invoke the controller for the original request or a "fallback" one based on the result of the authorization, e.g.:
class RequestDispatcher {
public function dispatch() {
// ...
if ($authFilter->verifyAccess($user, $request)) {
// invoke proper request controller
} else {
// invoke "you're not allowed to do this" controller
}
// ...
}
}
警告:以上代码仅是示例代码,绝不完整或不适合生产环境! !
这篇关于如何设置用户角色和权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!