1. Write it at the front
Recently I want to write a simple thing about permission processing. I have also learned that using binary number bit operations can accomplish this task well. Regarding the bit operations of binary numbers, the most common ones are the three simple operations of "OR, AND, and NOT". Of course, I also checked the PHP manual, and there are also the three operations of "XOR, left shift, and right shift" . I remember that my math teacher started nagging me when I was in junior high school. I don’t want to give any additional explanation of this operation here and go directly to the topic.
2. How to define permissions
Define the value of permissions according to the Nth power of 2, and so on. Why define it this way? This definition ensures that there is only one 1 in each permission value (binary), and it corresponds to exactly one permission. For example:
Copy code The code is as follows:
define('ADD', 1); // Add permissions
define('UPD', 2); // Modify permissions
define('SEL', 4); // Find permissions
define('DEL', 8); // Delete permissions
3. Permission operation
Permission operation actually involves the concept of "role". Performing permission operations is nothing more than granting certain permissions to a certain role, prohibiting certain permissions, and detecting whether a certain role has certain permissions. Relative to these three operations. It can be easily implemented using arithmetic operations between binary numbers.
Copy code The code is as follows:
// To give certain permissions use the "bitwise OR" operator
$ a_access = ADD | UPD | SEL | DEL; // a has the permission to add, delete, modify and check
$b_access = ADD | UPD | SEL; // b has the permission to add, modify and check
$c_access = ADD | UPD; // c has the permission to add and modify
// prohibits the use of "bit AND" and "bit NOT" operators for certain permissions
$d_access = $c_access & ~UPD; // d only has the permission to add
/ / To detect whether you have a certain permission, use the "bit AND" operator
var_dump($b_access & ADD); // 1 means b has increased permissions
var_dump($b_access & DEL); // 0 means b Do not have deletion permission
4. Implement simple permission classes and role classes
Using the above permission operation method, it can be simply encapsulated into a permission class and a role kind.
Copy code The code is as follows:
/**
* Simple permission class
*/
class Peak_Auth {
/**
* Permission counter
* Used to generate permission value
*
* @var int
*/
protected static $authCount = 0;
/**
* Permission name
*
* @var string
*/
protected $authName;
/**
* Permission details
*
* @var string
*/
protected $authMessage;
/**
* Permission value
*
* @var int 2 to the Nth power
*/
protected $authValue;
/**
* Constructor
* Initialize permission name, permission details and permission value
*
* @param string $authName Permission name
* @param string $authMessage Permission details
*/
public function __construct($authName, $authMessage = '') {
$this->authName = $authName;
$this->authMessage = $authMessage;
$this->authValue = 1 << self::$authCount;
self::$authCount++;
}
/**
* This class does not allow object copy operations
*/
private function __clone() {
}
/**
* Set permission details
*
* @param string $authMessage
*/
public function setAuthMessage($authMessage) {
$this->authMessage = $authMessage;
}
/**
* Get permission name
*
* @return string
*/
public function getAuthName() {
return $this->authName;
}
/**
* Get permission value
*
* @return int
*/
public function getAuthValue() {
return $this->authValue;
}
/**
* Get permission details
*
* @return string
*/
public function getAuthMessage() {
return $this->authMessage;
}
}
/**
* Simple character class
*
* @author 27_Man
*/
class Peak_Role {
/**
* Character name
*
* @var string
*/
protected $roleName;
/**
* Permission value owned by the role
*
* @var int
*/
protected $authValue;
/**
* Parent role object
*
* @var Peak_Role
*/
protected $parentRole;
/**
* Constructor
*
* @param string $roleName Role name
* @param Peak_Role $parentRole Parent role object
*/
public function __construct($roleName, Peak_Role $parentRole = null) {
$this->roleName = $roleName;
$this->authValue = 0;
if ($parentRole) {
$this->parentRole = $parentRole;
$this->authValue = $parentRole->getAuthValue();
}
}
/**
* Obtain the permissions of the parent role
*/
protected function fetchParenAuthValue() {
if ($this->parentRole) {
$this->authValue |= $this->parentRole->getAuthValue();
}
}
/**
*Give some permission
*
* @param Peak_Auth $auth
* @return Peak_Role for chain operation
*/
public function allow(Peak_Auth $auth) {
$this->fetchParenAuthValue();
$this->authValue |= $auth->getAuthValue();
return $this;
}
/**
* Block certain permissions
*
* @param Peak_Auth $auth
* @return Peak_Role for chained operations
*/
public function deny(Peak_Auth $auth) {
$this->fetchParenAuthValue();
$this->authValue &= ~$auth->getAuthValue();
return $this;
}
/**
* Detect whether you have certain permissions
*
* @param Peak_Auth $auth
* @return boolean
*/
public function checkAuth(Peak_Auth $auth) {
return $this->authValue & $auth->getAuthValue();
}
/**
* Get the permission value of the role
*
* @return int
*/
public function getAuthValue() {
return $this->authValue;
}
}
5.对权限类和角色类的简单操作例子
复制代码 代码如下:
//Create three permissions: readable, writable, and executable
$read = new Peak_Auth('CanRead');
$write = new Peak_Auth('CanWrite');
$exe = new Peak_Auth('CanExe');
// Create a role User
$user = new Peak_Role('User');
// Create another role Admin, he owns User All permissions
$admin = new Peak_Role('Admin', $user);
//Give User readable and writable permissions
$user->allow($read)-> allow($write);
//Give Admin executable permissions, and he also has User permissions
$admin->allow($exe);
//Prohibit Admin’s write permissions
$admin->deny($write);
// Check whether Admin has certain permissions
var_dump($admin->checkAuth($read));
var_dump($admin ->checkAuth($write));
var_dump($admin->checkAuth($exe));
http://www.bkjia.com/PHPjc/327987.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/327987.htmlTechArticle1. Write it at the front. I recently wanted to write a simple thing about permission processing. I have also learned about using it before. Bitwise operations on binary numbers perform this task brilliantly. About the bits of binary numbers...