frobou/frobou-system-permission

Frobou系统权限

维护者

详细信息

github.com/frobou/frobou-system-permission

主页

源代码

问题

安装: 105

依赖关系: 0

建议者: 0

安全性: 0

星标: 0

关注者: 2

分支: 0

开放问题: 0

1.0.12 2018-08-13 20:18 UTC

Requires

Requires (Dev)

MIT ca16f527b2f7bc96bba1c6b8b05d1c28deabb895

  • Fabio Pimenta <blobs.woop@frobou.com.br>

This package is not auto-updated.

Last update: 2024-09-14 20:09:28 UTC

README

SensioLabsInsight

使用权限验证系统。

如何工作:权限在需要的地方进行检查,如下例所示

$config = new FrobouDbConfig(json_decode(file_get_contents(__DIR__ . './../database.json')));
$connection = new FrobouDbConnection($config);
$perms = new FrobouSystemPermission($connection);
$user = $this->perms->login('test', 'pass', true);
$exp = $user->getPermission('admin');
var_dump($exp);
object(stdClass)#140 (4) {
  ["can_select"]=>
  bool(true)
  ["can_insert"]=>
  bool(false)
  ["can_update"]=>
  bool(true)
  ["can_delete"]=>
  bool(false)
}
if ($exp->can_select){
	echo "I can";
}

想法是拥有分层权限,admin.teste表示用户在admin页面的teste资源上有权限X

我们使用frobou-db-connect包来连接数据库。在实例化FrobouSystemPermission时,所有必要的资源都变得可用。

  • login($username, $password, $pass_in_plain = false)
  • getUserList()
  • getUserTypes()
  • createUser(SystemUser $user)
  • updateUser(SystemUser $user, array $where)
  • deleteUser($username)
  • undeleteUser($username)
  • createGroup($name)
  • getGroupList()
  • createResource($name, $permission)
  • registerGroupResource($username, $resourcename)
  • unregisterGroupResource($username, $resourcename)
  • registerUserResource($username, $resourcename)
  • unregisterUserResource($username, $resourcename)

login方法接收到的SystemUser实例除了用户数据外还提供

  • getPermission($resource, $separator = '.')
  • getInsertString()
  • getUpdateString(array $where)
  • getSqlParams()

权限类型

  • 分组权限。
  • 用户权限。
  • 统一权限
    • 查看MERGE_PERMISSIONS

使用

一些常量可以用作系统配置的一种方式。

  • MERGE_PERMISSIONS - 布尔型:true将使用户权限继承同名分组权限并合并,以提供结果的并集。
  • BASE_PERMISSION - 布尔型:true表示如果存在基本权限,则返回分配给它们的值,否则权限为0
  • PASSWORD_SALT - 字符串型:默认值为"default",如果提供值,则用于生成密码。 注意:使用salt生成的密码,如果PASSWORD_SALT的值被更改,则无法验证
  • TRUE_DELETE - 布尔型:如果为true,则用户记录将被实际删除,否则仅禁用。 注意:没有处理表间关系删除的处理,这意味着在删除用户之前,必须删除所有关联的记录,创建一个FrobouDbSgdbErrorException异常

测试登录

public function testLoginOk()
{
    $user = $this->perms->login('test', 'pass', true);
    $this->assertInstanceOf(SystemUser::class, $user);
}

测试权限

public function testPermissionForResourceAdminDotTeste()
{
    $user = $this->perms->login('test', 'pass', true);
    $exp = new \stdClass();
    $exp->can_select = true;
    $exp->can_insert = true;
    $exp->can_update = true;
    $exp->can_delete = true;
    $this->assertEquals($user->getPermission('admin.teste'), $exp);
}

创建一个分组

public function testInsertGroup()
{
    $this->assertTrue($this->perms->createGroup('grp_' . rand(0, 15988)));
}

创建一个权限

public function testInsertResource()
{
    $this->assertTrue($this->perms->createResource('admin.test', 0));
}

创建一个用户

public function testInsertUser()
{
    $user = new SystemUser();
    $user->setActive(1)->setCanEdit(1)->setCanLogin(1)->setCanUseApi(1)
        ->setCanUseWeb(1)->setCreateDate()->setEmail('capitao@caverna.com')->setName('Novo Usuario')
        ->setPassword('senhanha')->setSystemGroup(1)->setUsername('username_' . rand(0, 12345))->setUserType('T');
    $this->assertTrue($this->perms->createUser($user));
}

绑定分组X权限

public function testRegisterGroupResource()
{
	$this->perms->createResource('admin.com', 3);
	$this->assertTrue($this->perms->registerGroupResource('user', 'admin.com'));
}

解除分组X权限

public function testUnRegisterGroupResource()
{
	$this->perms->createResource('admin.com', 3);
	$this->assertTrue($this->perms->unregisterGroupResource('user', 'admin.com'));
}

绑定用户X权限

public function testRegisterUserResource()
{
    $this->perms->createResource('admin.com', 7);
    $this->assertTrue($this->perms->registerUserResource('ispti', 'admin.com'));
}

解除用户X权限

public function testRegisterUserResource()
{
    $this->perms->createResource('admin.com', 7);
    $this->assertTrue($this->perms->unregisterUserResource('ispti', 'admin.com'));
}

测试删除用户(禁用)

public function testDeleteUser(){
    $username = 'username_' . rand(0, 12345);
    $user = new SystemUser();
    $user->setActive(1)->setCanEdit(1)->setCanLogin(1)->setCanUseApi(1)
        ->setCanUseWeb(1)->setCreateDate()->setEmail('capitao@caverna.com')->setName('Novo Usuario')
        ->setPassword('senhanha')->setSystemGroup(1)->setUsername($username)->setUserType('T');
    $this->perms->createUser($user);
    $this->perms->createResource('admin.com', 3);
    $this->perms->registerGroupResource($username, 'admin.com');
    $this->perms->registerUserResource($username, 'admin.com');
    $this->assertTrue($this->perms->deleteUser($username));
}

测试激活用户

public function testUndeleteUser(){
    $username = 'fabio';
    $user = new SystemUser();
    $user->setActive(1)->setCanEdit(1)->setCanLogin(1)->setCanUseApi(1)
        ->setCanUseWeb(1)->setCreateDate()->setEmail('capitao@caverna.com')->setName('Novo Usuario')
        ->setPassword('senhanha')->setSystemGroup(1)->setUsername($username)->setUserType('T');
    $this->perms->createUser($user);
    $this->perms->deleteUser($username);
    $this->assertTrue($this->perms->undeleteUser($username));
}

测试删除用户(真正删除)

public function testDeleteUserReal(){
    define('TRUE_DELETE', true);
    $username = 'username_' . rand(0, 12345);
    $user = new SystemUser();
    $user->setActive(1)->setCanEdit(1)->setCanLogin(1)->setCanUseApi(1)
        ->setCanUseWeb(1)->setCreateDate()->setEmail('capitao@caverna.com')->setName('Novo Usuario')
        ->setPassword('senhanha')->setSystemGroup(1)->setUsername($username)->setUserType('T');
    $this->perms->createUser($user);
    $this->assertTrue($this->perms->deleteUser($username));
}