Comparison of best implementation schemes of RBAC in PHP MVC

  ios, question

In my opinion, the principle sequence of implementing RBAC in PHP MVC framework is as follows:

data sheet

1.tb_user(id,uname,roleid)
 2.tb_role(roleid,rolename)
 3.tb_module(moduleid,moudulename,mvc_url)
 4.tb_access(accessid,roleid,mouduleid)

Implementation principle

1. get $roleid according to $uid.
 2. according to the current MVC parameter _ _ class _ _ method _ _ splice into routing web address $mvc_url
 3. according to the $mvc_url, query in the table tb_module to obtain $moduleid
 4. according to $roleid,$mouduleid queries whether there is this record in table tb_access
 5. If there is, it can be visited;  If not, access to the action method of the action is prohibited

Disadvantages
If there is a module, class Article, method functionslists (); .
If the current user only has the view permission but does not have the permission to modify, add or delete, how will the add, modify and delete buttons in the lists page be judged?

Another method

data sheet

1.tb_user(userid,username,roleid)
 2.tb_role(roleid,rolename)
 3.tb_module(moduleid,moudulename,link,upid)
 4.tb_permission(roleid,title,mouduleid,permission)

There are several values for permission

{1: View, 2: Add, 4: Modify, 8: Delete, 16:...}

RBAC implementation process
1. get $roleid through the user’s $userid
2. query the corresponding link in tb_module table through the user’s current web address to obtain $moduleid. If the module has a parent module. Then get his parent module. For example, if the current module MVC website is article/add, then his real moduleid is

select moduleid from tb_module
 where id=(
 select upid from tb_module where link='article/add'
 )

3. query tb_permission through $roleid and $moduleid to obtain the sum of records

select sum(permission) as permission from tb_permission
 where roleid=$roleid and moduleid=$moduleid

4. If you are currently visiting article/lst

switch($permission){
 Case 1: // Access Only
 break;
 
 Case 2:// Access, Add Permissions
 break;
 
 Case 4:// Access, Add, Modify Permissions
 break;
 
 Case 8:// Access, Add, Modify, Delete Permissions
 break;
 
 case 16:
 break;
 bracket

As for the second method, let’s say that it is similar to computer file’s 0777 authority.