当前位置: 文江博客话题详情

在 ORM 中连接表

发布于 2024-12-23 01:45:23 字数 2150 浏览 0 评论 0原文

我正在尝试在 Kohana 中编写自己的 RBAC 模块。 我不想使用现有的模块,我只是想这样做来学习。

我的表是:用户、角色、权限和users_roles、roles_permissions(因为用户<->角色和角色<->权限之间存在多对多关系);

我的用户模型:

class Model_User extends ORM {

    protected $_primary_key = 'user_id';

    protected $_has_many = array(
        'roles' => array(
            'model'   => 'role',
            'through' => 'users_roles',
        ),
    );
}

我的角色模型:

class Model_Role extends ORM {

    protected $_primary_key = 'role_id';

    protected $_has_many = array(
        'users' => array(
            'model'   => 'user',
            'through' => 'users_roles',
        ),

        'permissions' => array(
            'model'   => 'permission',
            'through' => 'roles_permissions',
        ),
    );
}

和我的权限模型:

class Model_Permission extends ORM {

    protected $_primary_key = 'permission_id';

    protected $_has_many = array(
        'roles' => array(
            'model'   => 'role',
            'through' => 'roles_permissions',
        ),
    );
}

我创建用户:

$user = ORM::factory('user');
$user->username = 'johndoe';
$user->email = '[email protected]';
//etc
$user.save();

我创建角色:

$author = ORM::factory('role');
$author->name = 'author';
$author->save();

我创建权限:

$read = ORM::factory('permission');
$read->name = 'read';
$read->description = 'can read posts';
$read->save();

$write = ORM::factory('permission');
$write->name = 'write';
$write->description = 'can write posts';
$write->save();

我向用户添加角色:

$user->add('roles', $author);

我向角色添加权限:

$author->add('permissions', $read);
$author->add('permissions', $write);

一切正常。

但是,我的问题是如何检查用户是否具有给定的权限:在本例中如何检查johndoe是否有权写入邮政?

感谢您的帮助!

原文

I'm trying to write my own RBAC module in Kohana.
I don't want to use an existing module, I just want to do this to learn.

My tables are: users, roles, permission and users_roles, roles_permissions (because of the many to many relations between users<->roles, and roles<->permissions);

My User model:

class Model_User extends ORM {

    protected $_primary_key = 'user_id';

    protected $_has_many = array(
        'roles' => array(
            'model'   => 'role',
            'through' => 'users_roles',
        ),
    );
}

My Role Model:

class Model_Role extends ORM {

    protected $_primary_key = 'role_id';

    protected $_has_many = array(
        'users' => array(
            'model'   => 'user',
            'through' => 'users_roles',
        ),

        'permissions' => array(
            'model'   => 'permission',
            'through' => 'roles_permissions',
        ),
    );
}

and my Permission model:

class Model_Permission extends ORM {

    protected $_primary_key = 'permission_id';

    protected $_has_many = array(
        'roles' => array(
            'model'   => 'role',
            'through' => 'roles_permissions',
        ),
    );
}

I create users:

$user = ORM::factory('user');
$user->username = 'johndoe';
$user->email = '[email protected]';
//etc
$user.save();

I create roles:

$author = ORM::factory('role');
$author->name = 'author';
$author->save();

I create permissions:

$read = ORM::factory('permission');
$read->name = 'read';
$read->description = 'can read posts';
$read->save();

$write = ORM::factory('permission');
$write->name = 'write';
$write->description = 'can write posts';
$write->save();

I add roles to users:

$user->add('roles', $author);

I add permissions to roles:

$author->add('permissions', $read);
$author->add('permissions', $write);

and everything is working fine.

But, my question is how to check if a user has a given permission: in this case how to check if johndoe has permission to write a post?

Thank you for your help!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

墨落画卷 2024-12-30 01:45:23

一个查询,但与上一个答案相比只有两个连接

class Model_User extends ORM {

// ... some stuff here

public function has_permission($permission_name)
{
    return (bool) ORM::factory('permission')
        ->where('permission.name', '=', $permission_name)
        ->join('roles_permissions')
            ->on('roles_permissions.permission_id', '=', 'permision.permission_id')
        ->join('roles_users')
            ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
            ->on('roles_users.user_id', '=', DB::expr((int) $this->user_id))
        ->count_all();
}

}

One query, but only two joins as compared to the previous answer

class Model_User extends ORM {

// ... some stuff here

public function has_permission($permission_name)
{
    return (bool) ORM::factory('permission')
        ->where('permission.name', '=', $permission_name)
        ->join('roles_permissions')
            ->on('roles_permissions.permission_id', '=', 'permision.permission_id')
        ->join('roles_users')
            ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
            ->on('roles_users.user_id', '=', DB::expr((int) $this->user_id))
        ->count_all();
}

}

回复 原文
等风来 2024-12-30 01:45:23

我在 1 个查询中找到了一个解决方案:

$count = ORM::factory('permission')
                            ->join('roles_permissions')
                            ->on('permission.permission_id', '=', 'roles_permissions.permission_id')
                            ->join('roles')
                            ->on('roles.role_id', '=', 'roles_permissions.role_id')
                            ->join('users_roles')
                            ->on('roles.role_id', '=', 'users_roles.role_id')
                            ->join('users')
                            ->on('users.user_id', '=', 'users_roles.user_id')
                            ->on('users.user_id', '=', DB::expr($user->user_id))
->where('permission.name', '=', 'write')
                            ->find_all()
                            ->count();

然后 if $count > 0,表示$user有写入权限。

有更简单的解决方案吗?

I found a solution, in 1 query:

$count = ORM::factory('permission')
                            ->join('roles_permissions')
                            ->on('permission.permission_id', '=', 'roles_permissions.permission_id')
                            ->join('roles')
                            ->on('roles.role_id', '=', 'roles_permissions.role_id')
                            ->join('users_roles')
                            ->on('roles.role_id', '=', 'users_roles.role_id')
                            ->join('users')
                            ->on('users.user_id', '=', 'users_roles.user_id')
                            ->on('users.user_id', '=', DB::expr($user->user_id))
->where('permission.name', '=', 'write')
                            ->find_all()
                            ->count();

and then if $count > 0, it means $user has permission to write.

Is there a simpler solution?

回复 原文
反目相谮 2024-12-30 01:45:23

这是一个更好的解决方案,当提供主键或模型实例时,它将执行更快的查询:

<?php

class Model_User extends ORM {

    // ...

    /**
     * Check if a user is allowed to perform an action based on permissions
     * attached to the user's roles.
     *
     * @param  int|string|Model_Permission $permission name, primary key or instance of permission
     * @return boolean TRUE if allowed; FALSE otherwise
     */
    public function is_allowed_to($permission)
    {
        // We have a permission name
        if (is_string($permission) AND ! is_numeric($permission))
            return (bool) ORM::factory('permission')
                ->where('permission.name', '=', $permission)
                ->join('roles_permissions')
                    ->on('roles_permissions.permission_id', '=', 'permission.permission_id')
                ->join('roles_users')
                    ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
                ->where('roles_users.user_id', '=', $this->pk())
                ->count_all();

        // We can get the permission primary key
        // to perform a faster query
        $permission_id = ($permission instanceof Model_Permission)
            ? $permission->pk()
            : $permission;

        return (bool) DB::select(array(DB::expr('COUNT(*)'), 'records_found'))
            ->from('roles_permissions')
            ->join('roles_users')
                ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
            ->where('roles_permissions.permission_id', '=', $permission_id)
            ->where('roles_users.user_id', '=', $this->pk())
            ->execute()
            ->get('records_found');
    }

    // ...
}

Here is a better solution which will perform a faster query when primary key or a model instance is supplied:

<?php

class Model_User extends ORM {

    // ...

    /**
     * Check if a user is allowed to perform an action based on permissions
     * attached to the user's roles.
     *
     * @param  int|string|Model_Permission $permission name, primary key or instance of permission
     * @return boolean TRUE if allowed; FALSE otherwise
     */
    public function is_allowed_to($permission)
    {
        // We have a permission name
        if (is_string($permission) AND ! is_numeric($permission))
            return (bool) ORM::factory('permission')
                ->where('permission.name', '=', $permission)
                ->join('roles_permissions')
                    ->on('roles_permissions.permission_id', '=', 'permission.permission_id')
                ->join('roles_users')
                    ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
                ->where('roles_users.user_id', '=', $this->pk())
                ->count_all();

        // We can get the permission primary key
        // to perform a faster query
        $permission_id = ($permission instanceof Model_Permission)
            ? $permission->pk()
            : $permission;

        return (bool) DB::select(array(DB::expr('COUNT(*)'), 'records_found'))
            ->from('roles_permissions')
            ->join('roles_users')
                ->on('roles_users.role_id', '=', 'roles_permissions.role_id')
            ->where('roles_permissions.permission_id', '=', $permission_id)
            ->where('roles_users.user_id', '=', $this->pk())
            ->execute()
            ->get('records_found');
    }

    // ...
}
回复 原文
~没有更多了~

关于作者

清醇

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

紫罗兰の梦幻

文章 0 评论 0

-2134

文章 0 评论 0

liuxuanli

文章 0 评论 0

意中人

文章 0 评论 0

○愚か者の日

文章 0 评论 0

xxhui

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文