Php 如何处理每页权限?
我有X个页面,我希望为每个页面的用户设置权限 起初,我想用一种新的方法。然而,我已经意识到,如果我的页面数量超过一定数量(在MySQLPhp 如何处理每页权限?,php,mysql,database-design,Php,Mysql,Database Design,我有X个页面,我希望为每个页面的用户设置权限 起初,我想用一种新的方法。然而,我已经意识到,如果我的页面数量超过一定数量(在MySQLunsigned BIGINT列中只能存储64个页面),那么我的位掩码的十进制等价物可能会变得太大 e、 g.第64页的十进制等价物是18446744073709551615,这只允许它查看一页 那么,您将如何在每页、每用户的基础上设置大量页面的查看权限呢?我将保持简单,只需设置页面用户和用户页面权限表格。最后一个将只是页面和用户之间的映射。我将保持它的简单性,只
unsigned BIGINT
列中只能存储64个页面),那么我的位掩码的十进制等价物可能会变得太大
e、 g.第64页的十进制等价物是18446744073709551615
,这只允许它查看一页
那么,您将如何在每页、每用户的基础上设置大量页面的查看权限呢?我将保持简单,只需设置
页面
用户
和用户页面权限
表格。最后一个将只是页面和用户之间的映射。我将保持它的简单性,只需要页面
用户
和用户页面权限
表格。最后一个是页面和用户之间的映射。我曾经看到一个系统,它有一个类似于UNIX文件权限的用户权限表-用户可以读取或写入(嗯,编辑内容,这是CMS)该表中的任何页面。“页面”由一个唯一的名称标识,这样每个页面都知道自己的名称,当访问该页面时,它也知道哪个用户正在访问该页面,然后查找该用户对该页面的权限,并在可用时显示相应的编辑控件
示例:
users
user_name (other columns)
----------
bob
lisa
ADMIN
pages
page_id page_name (other columns)
----------------------
1 landing_page
2 products
3 corporate_about_us
page_permissions
page_id user_name read write
------------------------------
1 Bob Y
1 ADMIN Y Y
2 ADMIN Y
这样,您只需要为
只读用户“Y”的用户存储页面权限
记录。缺点是您需要更多的逻辑来处理这种设置。我曾经看到一个系统,它有一个类似于UNIX文件权限的用户权限表-用户可以读取或写入(嗯,编辑内容,这是CMS)该表中的任何页面。“页面”由一个唯一的名称标识,这样每个页面都知道自己的名称,当访问该页面时,它也知道哪个用户正在访问该页面,然后查找该用户对该页面的权限,并在可用时显示相应的编辑控件
示例:
users
user_name (other columns)
----------
bob
lisa
ADMIN
pages
page_id page_name (other columns)
----------------------
1 landing_page
2 products
3 corporate_about_us
page_permissions
page_id user_name read write
------------------------------
1 Bob Y
1 ADMIN Y Y
2 ADMIN Y
这样,您只需要为只读用户“Y”的用户存储页面权限
记录。缺点是您需要更多的逻辑来处理这种设置。为什么不在数据库中存储它们作为多对多关系
像
然后,您可以从user\u id=?
的users\u页面中获取用户可以使用SELECT*查看的页面,或者您可以通过执行SELECT*从page\u id=?的users\u页面中确定是否允许用户查看特定页面?而user_id=?
为什么不将它们作为多对多关系存储在数据库中
<?php
/**
* acl_parser.inc.php
* this is not a formal system of acls but a simplification
* there are a number of attribuates known which are given
* a value of 1, unknown attributes are numbered 0
* then logical combinations of attributes are evaluated
*
* example of rule is:
* personnel and manager not (plonker or temp)
* note that rules are NOT case sensitive
* @package simple_acl
* @author Colin McKinnon <colin.mckinnon at google's public mail service>
* @copyright 24th November 2007
*/
/**
* implements the parser
*
* IMORTANT: this method uses PHP's 'eval()' function - this has SERIOUS security implications unless you are 100%
* sure of the provenance of data supplied to it.
* The class has no built-in data access and must be populated with facts and a rule before evaluation
*/
class acl_parser
{
/**
* @var array of fact=>value, private (use method to update)
* e.g. $fact['timenow']=date('His'); $fact['manager']=true;
*/
var $facts;
/**
* @var string the acl to check, private (use method to update)
* e.g. $rule="personnel and manager not (plonker or temp) and (timenow > '0900' and timenow < '1730')";
*/
var $rule;
/**
* @var string the expression which was eval'd - for debugging
*/
var $rewrite;
/**
* constructor
* @param $facts array can be set/updated later
* @see var $facts
* @return null
*/
function acl_parser($facts=false)
{
// set up default subsitutions for operators....
$this->facts=array('and' => '*', // must come between expressions
'or' => '+', // must come between expressions
'not' => '!', // must come before expression
'true' => '1'
);
// did we get some data to set up?
if (is_array($facts)) {
foreach ($facts as $name=>$val) {
$this->add_fact($name, $val);
}
}
$this->rule===false;
}
/**
* wrapper to control access to $this->rule
* @param string
* @return bool - true if successful
*
* could be used to set site specific policies relating to rules - e.g. no less than / greater than
*/
function set_rule($rule)
{
$this->rule=$rule;
return(true);
}
/**
* set a single fact for addition
*/
function add_fact($name, $value)
{
$this->facts[$name]=$value;
}
/**
* evaluate the rule applying the known facts
* @return bool
*/
function test($rule=false)
{
if ($rule!=false) {
$this->rule=$rule;
}
if (($this->rule===false) || (!count($this->facts))) {
trigger_error("acl_parser not initialised with rule and facts");
return(false);
}
$match=array();
$replace=array();
foreach ($this->facts as $name=>$val) {
$match[]='/([^a-z]|^)(' . $name . ')([^a-z]|$)/i';
$replace[]='${1}' . $val . '${3}';
}
// this macro gets added on end to pick up on undefined elements
$match[]='/[a-z]+/i';
$replace[]='0';
$rewrite=preg_replace($match,$replace,$this->rule);
$this->rewrite=$rewrite;
return((bool)eval("return($rewrite);"));
}
}
?>
像
然后,您可以从user\u id=?
的users\u页面中获取用户可以使用SELECT*查看的页面,或者您可以通过执行SELECT*从page\u id=?的users\u页面中确定是否允许用户查看特定页面?用户id=?
@George请看vidnia的答案。“这就是我的建议。”乔治看到维尼亚的回答。这就是我的建议。当它扩展时,这不是很低效吗?我不确定,但只要你为这两列设置了正确的索引,我想它会表现得很好。但是当它扩展时,这不是很低效吗?我不确定,但只要你为这两列设置了正确的索引,我想它会表现得很好。我相信这很好。。。但是它做什么呢?它使用一组事实计算任意表达式-参见示例我相信这很好。。。但它做什么呢?它使用一组事实对任意表达式求值-参见示例
<?php
/**
* acl_parser.inc.php
* this is not a formal system of acls but a simplification
* there are a number of attribuates known which are given
* a value of 1, unknown attributes are numbered 0
* then logical combinations of attributes are evaluated
*
* example of rule is:
* personnel and manager not (plonker or temp)
* note that rules are NOT case sensitive
* @package simple_acl
* @author Colin McKinnon <colin.mckinnon at google's public mail service>
* @copyright 24th November 2007
*/
/**
* implements the parser
*
* IMORTANT: this method uses PHP's 'eval()' function - this has SERIOUS security implications unless you are 100%
* sure of the provenance of data supplied to it.
* The class has no built-in data access and must be populated with facts and a rule before evaluation
*/
class acl_parser
{
/**
* @var array of fact=>value, private (use method to update)
* e.g. $fact['timenow']=date('His'); $fact['manager']=true;
*/
var $facts;
/**
* @var string the acl to check, private (use method to update)
* e.g. $rule="personnel and manager not (plonker or temp) and (timenow > '0900' and timenow < '1730')";
*/
var $rule;
/**
* @var string the expression which was eval'd - for debugging
*/
var $rewrite;
/**
* constructor
* @param $facts array can be set/updated later
* @see var $facts
* @return null
*/
function acl_parser($facts=false)
{
// set up default subsitutions for operators....
$this->facts=array('and' => '*', // must come between expressions
'or' => '+', // must come between expressions
'not' => '!', // must come before expression
'true' => '1'
);
// did we get some data to set up?
if (is_array($facts)) {
foreach ($facts as $name=>$val) {
$this->add_fact($name, $val);
}
}
$this->rule===false;
}
/**
* wrapper to control access to $this->rule
* @param string
* @return bool - true if successful
*
* could be used to set site specific policies relating to rules - e.g. no less than / greater than
*/
function set_rule($rule)
{
$this->rule=$rule;
return(true);
}
/**
* set a single fact for addition
*/
function add_fact($name, $value)
{
$this->facts[$name]=$value;
}
/**
* evaluate the rule applying the known facts
* @return bool
*/
function test($rule=false)
{
if ($rule!=false) {
$this->rule=$rule;
}
if (($this->rule===false) || (!count($this->facts))) {
trigger_error("acl_parser not initialised with rule and facts");
return(false);
}
$match=array();
$replace=array();
foreach ($this->facts as $name=>$val) {
$match[]='/([^a-z]|^)(' . $name . ')([^a-z]|$)/i';
$replace[]='${1}' . $val . '${3}';
}
// this macro gets added on end to pick up on undefined elements
$match[]='/[a-z]+/i';
$replace[]='0';
$rewrite=preg_replace($match,$replace,$this->rule);
$this->rewrite=$rewrite;
return((bool)eval("return($rewrite);"));
}
}
?>