【发布时间】:2014-01-30 19:16:54
【问题描述】:
我正在设计一个权限系统,该系统可以根据用户权限字段中设置的标志来确定用户是否可以访问页面。以下是我的想法:
// define constants for permissions
defined('CAN_ACCESS_ADMIN') ? null : define('CAN_ACCESS_ADMIN', 0x002);
defined('CAN_ACCESS_STORE') ? null : define('CAN_ACCESS_STORE', 0x004);
defined('CAN_ACCESS_POST') ? null : define('CAN_ACCESS_POST', 0x008);
...etc
function area_requires_permission($admin_id, $required_permissions) {
$admin = get_admin_by_id($admin_id);
// is admin access required?
if ( $required_permissions & CAN_ACCESS_ADMIN ) {
// does user have admin access?
if ( !($admin->permissions & CAN_ACCESS_ADMIN) ) {
// if not redirect
header("Location: index.php");
exit();
}
}
if ( $required_permissions & CAN_ACCESS_STORE ) {
if ( !($admin->permissions & CAN_ACCESS_STORE) ) {
header("Location: index.php");
exit();
}
}
...etc
}
// include this on each page were certain permissions are required
area_requires_permission($_SESSION['admin_id'], CAN_ACCESS_STORE | CAN_ACCESS_POST);
我想知道是否有更优雅/更常见的方法来做到这一点。如果$required_permissions包含1和$admin->permissions中的相应位,是否可以使用将产生false的位运算符的某种组合直接比较$required_permissions和$admin->permissions才不是?还是这个相当重复的功能是最好的方法?
【问题讨论】:
-
你的意思是
$required_permissions & $admin->permissions == $required_permissions?
标签: php bit-manipulation