Zend_Db_Select 行级安全性

发布于 2024-10-18 01:07:48 字数 915 浏览 3 评论 0原文

如何使用 Zend_Db_Select 实现行级安全性？我可以想到一些选择，但它们似乎并不完全适合该模式。

假设我有用户、内容和许多不同的 ACL 级别。这是我想到的一个解决方案：

$select = $db->select()
             ->from('content')
             ->where('content_type NOT IN (?)',
                     Model_Content::userAllowedContentTypes()
             )
             ->order('date DESC')
);

但问题是，如果您决定为不同类型的安全性添加另一个字段怎么办？所以，我想也许是这样的：

/**
 * @var Zend_Db_Select
 */
$where = Model_Content::getWhere();
$db->select()
    ->from('content')
    ->$where()
    ->order('date DESC');

更好......但这感觉也不太正确。我想要的是更像这样的东西：

$db->select()
    ->from(array('c' => 'content'))
    ->getPlugin(new Model_Content_Security('c'))
    ->order('date DESC');

但这似乎有点太接近扩展或修改库以获得可能已经存在的东西，但我还没有完全看到它。

有其他人有这样的需求吗？你是如何解决的？

原文

How could I accomplish row level security using Zend_Db_Select? I can think of a few options, but they don't really seem to fit the pattern quite right.

Let's say I have users, content, and many different ACL levels. Here's one solution I've thought of:

$select = $db->select()
             ->from('content')
             ->where('content_type NOT IN (?)',
                     Model_Content::userAllowedContentTypes()
             )
             ->order('date DESC')
);

But the problem is, what if you decide to add another field for different types of security? So, I thought maybe something like this:

/**
 * @var Zend_Db_Select
 */
$where = Model_Content::getWhere();
$db->select()
    ->from('content')
    ->$where()
    ->order('date DESC');

Better.. but that doesn't feel quite right either. What I'd like is something more like this:

$db->select()
    ->from(array('c' => 'content'))
    ->getPlugin(new Model_Content_Security('c'))
    ->order('date DESC');

But that seems like I'm getting a little too close to extending or modifying the library to get something that might already be there, but I'm not quite seeing it.

Has anyone else had this sort of need, and how did you solve it?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

余罪 2024-10-25 01:07:48

如果您的安全性是在数据库中控制的，您可以保留连接：

    $select = $db->select()
             ->from('content')
             ->joinLeft( array( 'pt'=>'permissionTable' ),'content.id = pt.contentId AND pt.userId = ' . $escapedUserId, array() )
             ->where( pt.contentId IS NOT NULL )        
             ->order('date DESC');

也许扩展 Zend_Db_Select 来检查正在访问的表，并让它调用将 select 语句作为参数传递的安全对象。例如，您的内容类可能负责添加 joinLeft() 和 where() 语句。

public function addSecurityToSelect( Zend_Db_Select $select ){
    return $select->joinLeft( array( 'pt'=>'permissionTable' ),'content.id = pt.contentId AND pt.userId = ' . $escapedUserId, array() )
                  ->where( pt.contentId IS NOT NULL )

让

扩展的 Zend_Db_Select 类循环遍历包含的表，检查是否有可以调用的安全函数，然后调用它。

另一种选择（数据库效率低得多）是查询所有项目，并在迭代结果集时对返回的行进行安全检查。

If your security is controlled in the db you can left join to it:

    $select = $db->select()
             ->from('content')
             ->joinLeft( array( 'pt'=>'permissionTable' ),'content.id = pt.contentId AND pt.userId = ' . $escapedUserId, array() )
             ->where( pt.contentId IS NOT NULL )        
             ->order('date DESC');

Perhaps extend Zend_Db_Select to inspect the tables being accessed and have it make calls to security objects passing the select statement as a parameter. For instance, your content class could be responsible for adding the joinLeft() and where() statements.

public function addSecurityToSelect( Zend_Db_Select $select ){
    return $select->joinLeft( array( 'pt'=>'permissionTable' ),'content.id = pt.contentId AND pt.userId = ' . $escapedUserId, array() )
                  ->where( pt.contentId IS NOT NULL )

}

Have your extended Zend_Db_Select class loop through the included tables, check to see if there is a security function it can call and then call it.

Another option (much less db efficient) would be to query for all items and do the security check on the returned rows while iterating through the result set.

回复收藏 0 原文