所以我想做的是想办法,我可以覆盖已经在角色中设置为标准的权限,所以即使用户是角色的一部分。我可以去找一个特定的用户,告诉他不允许他使用此特定权限,即使他的角色允许他做这个特定的事情,反之亦然!
在我的数据库中,我有以下表格。
users:
- fk_role_id
- ...
permissions:
- perm_id
- perm_name
- perm_key
role_rights:
- fk_role_id
- fk_perm_id
user_rights:
- fk_usr_id
- fk_perm_id
- allow
分解我的代码:
所以首先我想创建一个数组,我可以在其中存储我的所有权限。所以我可以使用if(in_array(((来允许人们使用某些内容。
$g_permissions = array();
在这里,我将加入包含哪些角色具有哪些权限的role_rights,在这里我获取具有特定 ID 的角色包含的权限。
$query = "SELECT * FROM role_rights
INNER JOIN permissions ON fk_perm_id = perm_id
WHERE fk_role_id = $roleID";
$roleArray = new DBfetch($query);
$roleArray创建的数组:
role_rights - DBfetch Object
(
[row] => Array
(
[0] => Array
(
[fk_role_id] => 1
[fk_perm_id] => 1
[perm_id] => 1
[perm_name] => Admin Panel: Panel Access
[perm_key] => panel_access
)
[1] => Array
(
[fk_role_id] => 1
[fk_perm_id] => 2
[perm_id] => 2
[perm_name] => Admin Panel: Create a user
[perm_key] => panel_create_user
)
[2] => Array
(
[fk_role_id] => 1
[fk_perm_id] => 3
[perm_id] => 3
[perm_name] => Admin panel: Edit a user
[perm_key] => panel_edit_user
)
)
[num_rows] => 3
)
在这里,我加入了包含特殊权限的user_rights,它有一个允许行,可以包含 0 或 1,如果它包含 0,则意味着它是应该删除的权限,如果它包含 1,则它是应该添加到数组中的权限。
$query = "SELECT * FROM user_rights
INNER JOIN permissions ON fk_perm_id = perm_id
WHERE fk_usr_id = $userID";
$userArray = new DBfetch($query);
$userArray创建的数组:
user_rights - DBfetch Object
(
[row] => Array
(
[0] => Array
(
[fk_usr_id] => 2
[fk_perm_id] => 3
[allow] => 0
[perm_id] => 3
[perm_name] => Admin panel: Edit a user
[perm_key] => panel_edit_user
)
[1] => Array
(
[fk_usr_id] => 2
[fk_perm_id] => 4
[allow] => 1
[perm_id] => 4
[perm_name] => Admin panel: Delete a user
[perm_key] => panel_delete_user
)
)
[num_rows] => 2
)
第一个 foreach 应该运行$roleArray获取的所有内容,它向我发送回一个对象,我通过这个数组运行一个数组,与 secound 相同。因此,如果数组找到与另一个表的外键匹配的外键,它将确定何时添加额外权限或将其从数组中删除。
foreach($roleArray->row as $key=>$value) {
foreach($userArray->row as $key2=>$value2) {
if($value["fk_perm_id"] == $value2["fk_perm_id"]) {
if($value2["allow"] == 1) {
$g_permissions[$value2['perm_id']] = $value2['perm_key'];
}else{
unset($g_permissions[$value2["perm_id"]]);
}
} else {
$g_permissions[$value['perm_id']] = $value['perm_key'];
}
}
}
所以我要求的,是一个解决方案。到目前为止,没有问题,但有两个,我无法添加或删除特定用户的权限。
所有代码:
$g_permissions = array();
$query = "SELECT * FROM role_rights
INNER JOIN permissions ON fk_perm_id = perm_id
WHERE fk_role_id = $roleID";
$roleArray = new DBfetch($query);
$query = "SELECT * FROM user_rights
INNER JOIN permissions ON fk_perm_id = perm_id
WHERE fk_usr_id = $userID";
$userArray = new DBfetch($query);
foreach($roleArray->row as $key=>$value) {
foreach($userArray->row as $key2=>$value2) {
if($value["fk_perm_id"] == $value2["fk_perm_id"]) {
if($value2["allow"] == 1) {
$g_permissions[$value2['perm_id']] = $value2['perm_key'];
}else{
unset($g_permissions[$value2["perm_id"]]);
}
} else {
$g_permissions[$value['perm_id']] = $value['perm_key'];
}
}
}
所以我的问题的解决方案是创建两个处理信息的函数,并将get_usr_permissions函数输出添加到我的数组中!
function get_permkeys_with_user_id($userID) {
$g_permissions = array();
$query = "SELECT * FROM users
INNER JOIN role_rights ON users.fk_role_id = role_rights.fk_role_id
INNER JOIN permissions ON permissions.perm_id = role_rights.fk_perm_id
WHERE users.usr_id = $userID";
$stuff = new DBfetch($query);
foreach($stuff->row as $key=>$value) {
$g_permissions[$value['perm_id']] = $value['perm_key'];
}
return $g_permissions;
}
function get_usr_permissions($userID) {
$runQuery = new DBhandler();
$query = "SELECT * FROM user_rights
INNER JOIN permissions ON fk_perm_id = perm_id
WHERE user_rights.fk_usr_id = $userID";
$perm_role = get_permkeys_with_user_id($userID);
$perm_usr = new DBfetch($query);
foreach($perm_usr->row as $index => $permission){
if($permission["allow"]){
$perm_role[$permission["perm_id"]] = $permission["perm_key"];
}else{
unset($perm_role[$permission["perm_id"]]);
}
}
return $perm_role;
}