wifidog认证服务器用户角色和权限架构(2)

API
对于大多数开发者来说只有两个问题:权限(定义权限)和安全(进行使用)
这些函数在processAdminUI进行权限检测时经常被使用,因为他们将避免异常的允许用户进行登录或重新尝试操作:

Security::requirePermission(Permission $permission, $target_object, $user=null);  
Security::requireAnyPermissions(Array $permissionsArray, $target_object, $user=null);
Security::requireAllPermissions(Array $permissionsArray, $user=null);

Mirror function的存在可以简单检测用户是否有此权限。一般应用在displayAdminUI(如果指定选项不可得,但用户仍然可以编辑对象的其它部分)。

Security::hasPermission(Permission $permission, $target_object, $user=null);
Security::hasAnyPermissions(Array $permissionsArray, $target_object, $user=null);
Security::hasAllPermissions(Array $permissionsArray, $user=null);

内部执行和临界情况(网关的相互作用)

Security::getObjectsWithPermission(Permission $permission, $user=null);  //TO find an object on which the user has the permissions.  Especially usefull to build lists in menus and select boxes.
Security::hasRole($role, $targetObject, $user);  //user is optional, if unspecified, the current user is used.  User can also be null, meaning that there is no user currently logged-in

主要用于进行报告(还没有执行)

Security::getUsersWithPermission($permission, $targetObject); //Return list of users with this permission
Security::getUsersWithRole($role, $objectId); //Return an array of users with the given role.  If objects_id is null, all users with the specific role are returned, along with an array of objects for which they have this role.  Maybe this function won't actually be implemented, as it's there mostly for reporting and sending notification of hotspots going down.
Security::getPermissions($user);  //returns array of PERMISSION constants for this user.

数据模型
stakeholder_type table:

  • stakeholder_type_id

permission table:

  • permission_id REFERENCES permission_type stakeholder_type_id
  • REFERENCES stakeholder_types

roles table:

  • role_id text NOT NULL,
  • role_description_content_id text,
  • is_system_role bool NOT NULL DEFAULT false,
  • stakeholder_type_id text NOT NULL REFERENCES stakeholder_types,
  • role_creation_date

role_has_permissions:

  • role_id REFERENCES roles
  • permission_id REFERENCES permissions

每个利害关系人类型都会从利害关系人表格那得到一个表格:
利害关系人

  • user_id text NOT NULL
  • role_id text NOT NULL
  • object_id text NOT NULL

这些表格要依据利害关系人类型来命名。例如:对于节点来说,表格名为node_stakeholders:
解决的问题
允许进行的操作实例

  • 允许所有者拥有更多的粒度权限来编辑内容(一些人可以编辑登录,一些人不能,等等)
  • 限制用户访问单独节点(user_can_access_all_nodes,网格权限)
  • Fon_like:用户只能在他的节点在线时才能登录
  • 使用互联网的时间限制

本文章由 http://www.wifidog.pro/2015/03/16/wifidog%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%94%A8%E6%88%B7%E8%A7%92%E8%89%B2%E5%92%8C%E6%9D%83%E9%99%90%E6%9E%B6%E6%9E%84-2.html整理编辑,转载请注明出处

标签: wifidog认证, wifidog流程, wifidog配置