CodeIgniter與Zend Acl結合實現輕量級權限控制

時間 2019-11-11

標籤 codeigniter zend acl 結合實現輕量級權限控制欄目 Apache 简体版

原文原文鏈接

CodeIgniter與Zend Acl結合實現輕量級權限控制

Tag ：CodeIgniter  Zend Acl 權限控制

1、 Zend_Acl簡介
Zend_Acl 爲權限管理提供輕量並靈活的訪問控制列表 (ACL,access control list) 的實現。通常地，應用軟件能夠利用這樣的功能限制某些特定對象來訪問特定保護的對象。
resource （資源）是一個限制訪問的對象。 在 Zend_Acl 中，建立一個 resource 很是簡單。Zend_Acl 提供了 resource 接口Zend_Acl_Resource_Interface 使開發者在程序中建立 resources 很是容易。
role （角色）是一個能夠發出請求去訪問Resource的對象。像 Resources 同樣，建立一個 role 也很是簡單。 Zend_Acl 提供了 Zend_Acl_Role_Interface 使開發者建立 roles 很是容易。
經過規範和訪問控制列表（ACL）的使用，應用軟件能夠控制角色（roles）如何來訪問資源（resources）。
2、 CodeIgniter設置
解壓ZendAcl目錄，放置在system/libraries/中以下圖所示：

 
 
其中包含Acl.php和Excetion.php兩個必須文件，以及Acl權限控制文件。固然，修改文件包含爲絕對路徑。例如：Acl.php中的包含文件修改成：
require_once BASEPATH.'/libraries/zend/Acl/Resource/Interface.php';
require_once BASEPATH.'/libraries/zend/Acl/role.php';
require_once BASEPATH.'/libraries/zend/Acl/Resource.php';
下面咱們在application/libraries/中寫下咱們本身的library—Acl.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
 * library Acl
 * @auth Liuguoqing
 * date 20091225
 * Using the Zend Framework ACL Library in Codeigniter
 * Acl.php
 * $roles ：角色
 * $resources： 資源
 * $permissions： 權限
 */
require_once BASEPATH .'libraries/zend/Acl.php';
class CI_Acl extends Zend_Acl {
    /*
     * 初始化Acl
     */
    function __construct() {
       $CI = &get_instance();
       $this->acl = new Zend_Acl();
        //獲取角色
       $CI->db->order_by('ParentId', 'ASC');
       $query = $CI->db->get('cw_roles');
       $roles = $query->result();
        //獲取資源
       $CI->db->order_by('parentId', 'ASC');
       $query = $CI->db->get('cw_resources');
       $resources = $query->result();
        //獲取權限
       $query = $CI->db->get('cw_permissions');
       $permissions = $query->result();
        //Add the roles to the ACL
       foreach ($roles as $roles) {
           $role = new Zend_Acl_Role($roles->id);
           $roles->parentId != null ?
              $this->acl->addRole($role,$roles->parentId):
              $this->acl->addRole($role);
       }
        //Add the resources to the ACL
       foreach($resources as $resources) {
           $resource = new Zend_Acl_Resource($resources->id);
           $resources->parentId != null ?
              $this->acl->add($resource, $resources->parentId):
              $this->acl->add($resource);
       }
        //Add the permissions to the ACL
       foreach($permissions as $perms) {
           $perms->read == '1' ?
              $this->acl->allow($perms->role, $perms->resource, 'read') :
              $this->acl->deny($perms->role, $perms->resource, 'read');
           $perms->write == '1' ?
              $this->acl->allow($perms->role, $perms->resource, 'write') :
              $this->acl->deny($perms->role, $perms->resource, 'write');
           $perms->modify == '1' ?
              $this->acl->allow($perms->role, $perms->resource, 'modify') :
              $this->acl->deny($perms->role, $perms->resource, 'modify');
           $perms->publish == '1' ?
              $this->acl->allow($perms->role, $perms->resource, 'publish') :
              $this->acl->deny($perms->role, $perms->resource, 'publish');
           $perms->delete == '1' ?
              $this->acl->allow($perms->role, $perms->resource, 'delete') :
              $this->acl->deny($perms->role, $perms->resource, 'delete');
       }     
       //Change this to whatever id your adminstrators group is
       //管理員默認擁有全部權限
       $this->acl->allow('1');
    }
    /*
     * Methods to query the ACL.
     */
 
    function can_read($role, $resource) {
       return $this->acl->isAllowed($role, $resource, 'read')? TRUE : FALSE;
    }
    function can_write($role, $resource) {
       return $this->acl->isAllowed($role, $resource, 'write')? TRUE : FALSE;
    }
    function can_modify($role, $resource) {
       return $this->acl->isAllowed($role, $resource, 'modify')? TRUE : FALSE;
    }
    function can_delete($role, $resource) {
       return $this->acl->isAllowed($role, $resource, 'delete')? TRUE : FALSE;
    }
    function can_publish($role, $resource) {
       return $this->acl->isAllowed($role, $resource, 'publish')? TRUE : FALSE;
    }
}
至此，咱們就能夠在controller中加載本身的類庫實現權限控制了。可是咱們發現仍是不很方便，爲此咱們能夠再添加一個zendacl_helper：
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
 * ZendAcl Helper
 *
 * Contains shortcuts to well used Userlib functions
 * Using the Zend Framework ACL Library in Codeigniter
 * @package         CentWare
 * @subpackage    Helpers
 * @author          Liu Guoqing
 * @copyright       Copyright (c) 2010
 * @license        
 * @link           
 * @filesource
 */
 
// ---------------------------------------------------------------------------
/*
 *
 * check_acl
 * check_acl 權限控制設置
 * $resource 資源
 * $action   動做
 * @author Liuguoqing
 */
if( ! function_exists('check_acl'))
{
    function check_acl($resource,$action=NULL)
    {
       $CI = & get_instance();
       $role=$CI->session->userdata('Roelid');
       if($action=='read'){
           return $CI->acl->can_read($role, $resource);
       }
       if($action=='add'){
           return $CI->acl->can_write($role, $resource);
       }
       if($action=='modify'){
           return $CI->acl->can_modify($role, $resource);
       }
       if($action=='delete'){
           return $CI->acl->can_delete($role, $resource);
       }
       if($action=='publish'){
           return $CI->acl->can_publish($role, $resource);
       }
       return FALSE;
    }
}
/* End of file zendacl_helper.php */
/* Location: ./helpers/zendacl_helper.php */

3、 服數據庫結構表：
SQl：--
-- 表的結構 `ci_sessions`
--
 
CREATE TABLE IF NOT EXISTS `ci_sessions` (
  `session_id` varchar(40) character set latin1 NOT NULL default '0',
  `ip_address` varchar(16) character set latin1 NOT NULL default '0',
  `user_agent` varchar(50) character set latin1 NOT NULL,
  `user_data` text NOT NULL,
  `last_activity` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
--
-- 表的結構 `cw_permissions`
--
 
CREATE TABLE IF NOT EXISTS `cw_permissions` (
  `id` int(11) NOT NULL auto_increment,
  `role` int(11) default NULL COMMENT '角色',
  `resource` int(11) default NULL COMMENT '資源',
  `read` tinyint(1) default '0',
  `write` tinyint(1) default '0',
  `modify` tinyint(1) default '0',
  `delete` tinyint(1) default '0',
  `publish` tinyint(1) default '0',
  `description` varchar(255) collate utf8_bin default NULL COMMENT '描述',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
--
-- 表的結構 `cw_resources`
--
 
CREATE TABLE IF NOT EXISTS `cw_resources` (
  `id` int(11) NOT NULL auto_increment,
  `name` varchar(255) collate utf8_bin default NULL COMMENT '名稱',
  `description` varchar(255) collate utf8_bin default NULL COMMENT '描述',
  `parentId` int(11) default NULL COMMENT '父類ID',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
--
-- 表的結構 `cw_roles`
--
 
CREATE TABLE IF NOT EXISTS `cw_roles` (
  `id` int(11) NOT NULL auto_increment,
  `name` varchar(255) collate utf8_bin NOT NULL,
  `description` varchar(255) collate utf8_bin default NULL,
  `date` datetime NOT NULL COMMENT '日期',
  `parentId` int(11) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;
--
-- 表的結構 `cw_users`
--
 
CREATE TABLE IF NOT EXISTS `cw_users` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `username` varchar(32) NOT NULL,
  `password` varchar(40) NOT NULL,
  `email` varchar(254) NOT NULL,
  `active` tinyint(1) unsigned NOT NULL default '0',
  `roles` int(10) unsigned default NULL,
  `activation_key` varchar(32) default NULL,
  `last_visit` timestamp NULL default CURRENT_TIMESTAMP,
  `created` datetime NOT NULL,
  `modified` datetime default NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `username` (`username`),
  UNIQUE KEY `email` (`email`),
  KEY `password` (`password`),
  KEY `group` (`roles`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

FROM: http://blog.csdn.net/djboy850317/article/details/5105501php

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。