将 PHP 数组移植到 MySQL 架构以进行 ACL 授权

发布于 2025-01-07 00:47:33 字数 1640 浏览 1 评论 0原文

我正在使用一个 PHP 类，该类在我的 Web 应用程序上执行 ACL。它是基于驱动程序的，实际上它只是使用配置数组。我想将这个数组迁移到 MySQL 模式来为它做一个驱动程序。这是实际的配置数组：

$config = array(

    /**
     * Groups as id => array(name => <string>, roles => <array>)
     */
    'groups' => array(
        -1  => array('name' => 'Banned', 'roles' => array('banned')),
        0   => array('name' => 'Guests', 'roles' => array()),
        1   => array('name' => 'Users', 'roles' => array('user')),
        50  => array('name' => 'Moderators', 'roles' => array('user', 'moderator')),
        100 => array('name' => 'Administrators', 'roles' => array('user', 'moderator', 'admin')),
    ),

    /**
     * Roles as name => array(location => rights)
     */
    'roles' => array(
        '#'          => array('website' => array('read')), // default rights
        'banned'     => false,
        'user'       => array('comments' => array('create', 'read')),
        'moderator'  => array('comments' => array('update', 'delete')),
        'admin'      => array(
            'website'  => array('create', 'update', 'delete'),
            'admin'    => array('create', 'read', 'update', 'delete'),
        ),
        'super'      => true,
    ),

);

这就是我一直在想的：

MySQL schema

这让我将角色与现有的关联组所以我解决了第一件事。我不知道如何添加的是每个角色的位置和权限。显然，它将转到与 role_id 相关的单独表，但是重现以下内容的最佳方法是什么：array('comments' => array('update', 'delete'))？

最后一件事，如果一个角色有一个布尔值（例如角色被禁止或角色超级），则意味着全部为真或全部为假。这可能更适合角色。不？

先感谢您！

原文

I'm a working with a PHP class that does ACL on my web application. It's driver based and actually it's just working with a config array. I want to migrate this array to a MySQL schema to do a driver for it. This is the actual config array:

$config = array(

    /**
     * Groups as id => array(name => <string>, roles => <array>)
     */
    'groups' => array(
        -1  => array('name' => 'Banned', 'roles' => array('banned')),
        0   => array('name' => 'Guests', 'roles' => array()),
        1   => array('name' => 'Users', 'roles' => array('user')),
        50  => array('name' => 'Moderators', 'roles' => array('user', 'moderator')),
        100 => array('name' => 'Administrators', 'roles' => array('user', 'moderator', 'admin')),
    ),

    /**
     * Roles as name => array(location => rights)
     */
    'roles' => array(
        '#'          => array('website' => array('read')), // default rights
        'banned'     => false,
        'user'       => array('comments' => array('create', 'read')),
        'moderator'  => array('comments' => array('update', 'delete')),
        'admin'      => array(
            'website'  => array('create', 'update', 'delete'),
            'admin'    => array('create', 'read', 'update', 'delete'),
        ),
        'super'      => true,
    ),

);

This is what I've been thinking:

MySQL schema

This let me associate roles to the existing groups so I've the first thing solved. What I don't know how to add is the locations and rights for each role. Obviously it will go to a separate table with a relation to a role_id but what is the best way to reproduce something like: array('comments' => array('update', 'delete'))?

Last thing, if a role has a boolean (like role banned or role super) it means that all true or all false. This probably fits more on roles. No?

Thank you in advance!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

只想待在家 2025-01-14 00:47:33

这个怎么样？

roles_has_access
-----
role_id FK
location_id FK
right_id FK

locations
-----
id PK
name
-- ?
-- whatever resources/locations you have here (website, admin, comments)

rights
-----
id PK
name
-- `CREATE`, `UPDATE`, `DELETE`, `READ` etc.

How about this?

roles_has_access
-----
role_id FK
location_id FK
right_id FK

locations
-----
id PK
name
-- ?
-- whatever resources/locations you have here (website, admin, comments)

rights
-----
id PK
name
-- `CREATE`, `UPDATE`, `DELETE`, `READ` etc.

回复收藏 0 原文

~没有更多了~