如何限制用户对对象的访问?

发布于 2024-08-22 09:38:05 字数 629 浏览 9 评论 0原文

嗨,Sitepoint 向导人员,

假设我们有一个管理应用程序,其中包含多个用户和各种对象。我想做的是控制对象本身的访问 - 也就是说,它对于一种类型的用户将以一种方式运行,而对于其他用户则以另一种方式运行。例如...

主管 Mike 可以覆盖接待处用户 Sally 的注册日期。人们会认为迈克可以设定过去或未来的任何日期。然后,我们有工资单用户 Steve,他也可以修改 Sally 的注册日期,但仅限于过去的日期,直到(例如)一年前。更有趣的是,人力资源经理 Mary 也可以修改 Sally 的注册日期,但仅限于从 2007 年 6 月 23 日起直到一个月后的日期...

我如何对访问限制进行编程,以便在前面最后,表单控件受到最小和最大日期的限制,并且在后端,验证器检查输入的日期以确保它落在这些日期之间?显然,我需要能够调整每种用户类型的最小和最大日期。其他对象可能具有不同的参数 - 例如,折扣字段的最大金额或一周中的加班日期。

我以不同的方式问过这个问题,但每次我都因实施而陷入困境。我目前正在将其开发为基于 php/MySQL Web 的应用程序,但非常欢迎来自其他平台的想法和评论!这次我讲的是第一性原理,所以不管你的背景是什么,如果你有什么想法,请告诉我!您甚至如何称呼这种类型的访问控制......?

Hi Sitepoint wizard people,

Say we have an admin application that has multiple users and various objects. What I'd like to do is control access within the object itself - that is, it will behave one way for one type of user, and another way for other users. For example...

Director Mike can override Reception user Sally's registration date. One would assume that Mike could set any date both in the past or in the future. Then we have Payroll user Steve who can also modify Sally's registration date, but only for dates in the past up until (for example) one year ago. To spice things up, then we have the HR Manager Mary who can also amend Sally's registration date, but only for dates from precisely 23rd June 2007 up until one month from now...

How can I program the access restrictions so that on the front end, the form control is restricted with a min and max date, and in the backend, the validator checks the entered date to make sure it falls between those dates? I'd obviously need to be able to tweak the min and max dates for each user type. Other objects might have different parameters - maximum amount on a discount field or days of the week for overtime, for example.

I've asked this question in different ways, but each time I get bogged down by the implementation. I'm currently developing it as a php/MySQL web-based application, but thoughts and comments from other platforms very welcome! This time I'm looking at first principles, so it doesn't matter what your background is, if you have any ideas, please let me know! What do you even call this type of access control...?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

我一直都在从未离去 2024-08-29 09:38:05

根据应用程序的基础,您可以在应用程序启动时要求提供凭据,并且根据需要访问的人员,您可以加载包含不同设置的不同 xml 文件。

至于安全问题,请确保用户无法访问不同的xml文件。

编辑:
由于您使用的是 MySQL,因此您可以执行类似的操作。
假设您有一个用户表,其中包含以下字段:UserId、UserName、RestrictionId。
并使用如下所示的限制表:RestrictionId、FieldName、FieldCondition。

这样,在您的 php 应用程序中,当用户通过身份验证时,您可以在字段上获取正确的“限制”并将其应用到您的代码中。如果您有多个字段需要不同的规则,那么您只需使用正确的 RestrictionId 添加它们即可。

这个数据库设计远非完美,我很确定你可以做得更好

Depending of how you application is based, you could ask for credentials at the start of the application and depending on who is requiring access, you could load a different xml file containing different settings.

As for security issue, make sure that the different xml files can't be reached by the users.

Edit:
Since you are using MySQL you could do something like this.
Let's say you have a table of users that has those fields : UserId, UserName, RestrictionId.
And with a Restriction table that looks like : RestrictionId, FieldName, FieldCondition.

This way, in your php app, when a user is authenticated, you can go fetch the correct "Restrictions" on the field and apply them in your code. If it happens that you have multiple fields that require different rules then you can simply add them with the correct RestrictionId.

This DB design is far from perfect, I'm pretty sure you can do better

你穿错了嫁妆 2024-08-29 09:38:05

因为,您已经在使用 MySql db。您可以在数据库本身中维护 UserRole Master 表详细信息。根据登录加载用户角色数据,然后您可以轻松验证用户所做的相应更改。

Since, you are already using MySql db. You can maintain the UserRole Master table details in DB itself. Load the user role data based on login, then you can easily validate the changes made by the user accordingly.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文