laravel RBAC权限管理学习
参考资料
| 名称 | 地址 |
|---|---|
| 第三方博客 | link link |
项目链接
1.权限管理简介:(个人理解)
上级与下级的关系,总经理有管理全公司的权限,而财务只有管理公司财务与开支的权限,
小组组长有管理一个小组工作任务的权限,而普通的员工只有领导赋予 的基本权限。
2.RBAC模型:
基于角色的访问控制(RBAC)是实施面向企业安全策略的一种有效的访问控制方式。
中文名基于角色的访问控制外文名RBAC(Role-Based Access Control)解 释访问控制方式基本思想建立一个角色集合
其基本思想是,对系统操作的各种权限不是直接授予具体的用户,而是在用户集合与权限集合之间建立一个角色集合。每一种角色对应一组相应的权限。一旦用户被分配了适当的角色后,该用户就拥有此角色的所有操作权限。这样做的好处是,不必在每次创建用户时都进行分配权限的操作,只要分配用户相应的角色即可,而且角色的权限变更比用户的权限变更要少得多,这样将简化用户的权限管理,减少系统的开销。
| 用法就是先把角色赋予权限,然后再把角色赋予用户,
表与表之间是多对多的关系。一个用户可以授予多个角色。 |
2.1RBAC功能模块
2.2 数据库设计
数据表ddl
/*
Navicat Premium Data Transfer
Source Server : local
Source Server Type : MySQL
Source Server Version : 50725
Source Host : localhost:3306
Source Schema : admin
Target Server Type : MySQL
Target Server Version : 50725
File Encoding : 65001
Date: 01/07/2021 11:17:26
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for migrations
-- ----------------------------
DROP TABLE IF EXISTS `migrations`;
CREATE TABLE `migrations` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`migration` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`batch` int(11) NOT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of migrations
-- ----------------------------
INSERT INTO `migrations` VALUES (1, '2014_10_12_000000_create_users_table', 1);
INSERT INTO `migrations` VALUES (2, '2014_10_12_100000_create_password_resets_table', 1);
-- ----------------------------
-- Table structure for password_resets
-- ----------------------------
DROP TABLE IF EXISTS `password_resets`;
CREATE TABLE `password_resets` (
`email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`token` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
INDEX `password_resets_email_index`(`email`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of password_resets
-- ----------------------------
-- ----------------------------
-- Table structure for permission
-- ----------------------------
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '权限标题',
`urls` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '对应页面的url' , # 一般这里都会设计两个字段 一个是控制器 还有一个是方法名称
`status` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '权限表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of permission
-- ----------------------------
INSERT INTO `permission` VALUES (1, '后台登录权限', 'App\\Http\\Controllers\\Admin\\LoginController@index', NULL, NULL, NULL);
-- ----------------------------
-- Table structure for role
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
`status` int(11) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '角色表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES (1, '皇帝', NULL, NULL, NULL);
-- ----------------------------
-- Table structure for role_permission
-- ----------------------------
DROP TABLE IF EXISTS `role_permission`;
CREATE TABLE `role_permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`role_id` int(11) NULL DEFAULT NULL COMMENT '角色id',
`permission_id` int(11) NULL DEFAULT NULL COMMENT '对应权限表的权限id',
`created_at` timestamp(0) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '角色权限关系表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of role_permission
-- ----------------------------
INSERT INTO `role_permission` VALUES (1, 1, 1, NULL, NULL);
-- ----------------------------
-- Table structure for user_role
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NULL DEFAULT NULL COMMENT '用户id',
`role_id` int(11) NULL DEFAULT NULL COMMENT '角色id',
`created_at` timestamp(0) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 3 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '用户角色关系表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES (2, 1, 1, NULL, NULL);
-- ----------------------------
-- Table structure for users
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`email` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`remember_token` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL,
`created_at` timestamp(0) NULL DEFAULT NULL,
`updated_at` timestamp(0) NULL DEFAULT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `users_email_unique`(`email`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 2 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES (1, 'admin', '762301880@qq.com', 'admin', NULL, NULL, NULL);
SET FOREIGN_KEY_CHECKS = 1;
3.粗略的逻辑设计
3.1给角色授权
得到角色列表
public function index()
{
//
$role = Role::get();
return view('admin.role.list', compact('role'));
}
3.2授权
获取当前页面的信息
public function auth($id, Request $request)
{ #获取当前角色
$role = Role::find($id);
#获取所有的权限列表
$perms = Permission::get();
#获取当前用户已经拥有的角色
$own_perms = $role->permission;
$own_pers = [];
foreach ($own_perms as $v) {
$own_pers[] = $v->id;
}
return view('admin.role.auth', compact('role', 'perms', 'own_pers'));
}
添加授权
public function doauth(Request $request)
{
$input = $request->except('_token');
//删除当前角色已有的权限
\DB::table('role_permission')->where('role_id', $input['id'])->delete();
#添加新赋予的权限
try{
if (!empty($input['permission_id'])){
foreach ($input['permission_id'] as $v) {
\DB::table('role_permission')->insert(['role_id'=>$input['id'],'permission_id'=>$v]);
}
}
return redirect('admin/role');
}catch (\Exception $exception){
return $exception->getMessage();
}
}
3.2当然还有用户授权这里就不过多的演示
3.3 需要注意的模型类
public function permission()
{
return $this->belongsToMany(Permission::class,'role_permission','role_id','permission_id');
}
4核心代码控制授权的中间件(注意使用的时候注册)
public function handle($request, Closure $next)
{
#1.获取当前请求的路由 对应的控制器方法名
// "App\Http\Controllers\Admin\LoginController@index"
$route = \Route::current()->getActionName();
#2.获取当前用户的权限组
$user = Users::find(session()->get('user')->id);#获取当前用户
#获取当前用户的角色
$roles = $user->Role;
#根据用户拥有的角色,找对应的权限
$arr = [];#存放url
foreach ($roles as $v) {
$perms = $v->permission;
foreach ($perms as $perm) {
$arr[] = $perm->urls;
}
}
$permission=Permission::pluck('urls')->toArray();
#如果当前请求的路由存在于全部权限中,并且当前请求的路由拥有权限中放行
if (in_array($route, $permission)&&in_array($route, $arr)) {
return $next($request);
}else{
return redirect('noaccess');
}
}
使用方式再需要约束的路由后面单个添加中间件
例子
Route::post('user/auth/edit','UserAuthController@edit')->middleware('hasRole');
