Php 角色类模型的正确实现
我一直在尝试将一个角色类模型模式实现到用PHP编写的网站用户访问机制中。不过我有一些疑问。以下是相关代码的简化版本:Php 角色类模型的正确实现,php,design-patterns,model,role,Php,Design Patterns,Model,Role,我一直在尝试将一个角色类模型模式实现到用PHP编写的网站用户访问机制中。不过我有一些疑问。以下是相关代码的简化版本: class User { public $role; public $uid; public function setRole($role) { $this->role = $role; } } // role classes responsible
class User
{
public $role;
public $uid;
public function setRole($role)
{
$this->role = $role;
}
}
// role classes responsible for restricted actions
class BaseRole {}
class AdminRole extends BaseRole
{
// do something adminish + log action into database (with User ID)
public function SomethingAdminish($admin_id) { }
}
$user = new User();
$user->setRole(new AdminRole());
// pass Admin ID (User ID) into method
$user->rola->SomethingAdminish($user->uid);
我在这里看到了一些弱点:
将任何其他$user->uid传递到SomethingAdminish方法将
将不正确的信息登录到我的日志系统错误的用户ID
如果我决定用上述方法记录其他用户信息,
本质上,我必须将整个用户对象作为参数传递,
像这样:
$user->rola->SomethingAdminish$user
我可能错过了一些重要的东西。你们能解释一下这个问题吗 我个人会设置并使用访问控制列表ACL模式 资源是控制访问的对象 角色是可以请求访问资源的对象 简单地说,角色请求访问资源。例如,如果 停车场服务员请求进入一辆车,然后停车场服务员 是请求角色,汽车是资源,因为访问 这辆车可能不是每个人都有 下面是一个使用上述代码的基本示例,说明ACL流的外观
// Create an ACL object to store roles and resources. The ACL also grants
// and denys access to resources.
$acl = new Acl();
// Create 2 roles.
$adminRole = new Acl_Role('admin');
$editorRole = new Acl_Role('editor');
// Add the Roles to the ACL.
$acl->addRole($adminRole)
->addRole($editorRole);
// Create an example Resource. A somethingAdminish() function in this case.
$exampleResource = new Acl_Resource('somethingAdminish');
// Add the Resource to the ACL.
$acl->add($exampleResource);
// Define the rules. admins can are allowed access to the somethingAdminish
// resource, editors are denied access to the somethingAdminish resource.
$acl->allow('admin', 'somethingAdminish');
$acl->deny('editor', 'somethingAdminish');
下面是用户对象如何与ACL交互
// Load the User
$userID = 7;
$user = User::load($userID);
// Set the User's Role. admin in this case.
$user->setRole($adminRole);
// Query the ACL to see if this User can access the somethingAdminish resource.
if ($acl->isAllowed($user, 'somethingAdminish')){
// Call the somethingAdminish function. Eg:
somethingAdminish();
// Log the action and pass the User object in so you can take any information
// you require from the User data.
$acl->logAction('somethingAdminish', $user)
}else{
die('You dont have permission to perform the somethingAdminish action.')
}
我个人会设置并使用访问控制列表ACL模式 资源是控制访问的对象 角色是可以请求访问资源的对象 简单地说,角色请求访问资源。例如,如果 停车场服务员请求进入一辆车,然后停车场服务员 是请求角色,汽车是资源,因为访问 这辆车可能不是每个人都有 下面是一个使用上述代码的基本示例,说明ACL流的外观
// Create an ACL object to store roles and resources. The ACL also grants
// and denys access to resources.
$acl = new Acl();
// Create 2 roles.
$adminRole = new Acl_Role('admin');
$editorRole = new Acl_Role('editor');
// Add the Roles to the ACL.
$acl->addRole($adminRole)
->addRole($editorRole);
// Create an example Resource. A somethingAdminish() function in this case.
$exampleResource = new Acl_Resource('somethingAdminish');
// Add the Resource to the ACL.
$acl->add($exampleResource);
// Define the rules. admins can are allowed access to the somethingAdminish
// resource, editors are denied access to the somethingAdminish resource.
$acl->allow('admin', 'somethingAdminish');
$acl->deny('editor', 'somethingAdminish');
下面是用户对象如何与ACL交互
// Load the User
$userID = 7;
$user = User::load($userID);
// Set the User's Role. admin in this case.
$user->setRole($adminRole);
// Query the ACL to see if this User can access the somethingAdminish resource.
if ($acl->isAllowed($user, 'somethingAdminish')){
// Call the somethingAdminish function. Eg:
somethingAdminish();
// Log the action and pass the User object in so you can take any information
// you require from the User data.
$acl->logAction('somethingAdminish', $user)
}else{
die('You dont have permission to perform the somethingAdminish action.')
}