rbac权限控制
说明
rbac主要是用来存放权限的,全称叫做基于角色权限控制
思路
- 权限表中存在着url,
- 根据当前用户查找对应的角色
- 根据角色权限表,查找出权限表中的url字段
- 判断当前url是否与权限表中的多个url中的一个相等,
- 相等证明有权限仿问
数据表
- 角色表role
- 用户表user
- 权限表permission
- 角色权限表rolePermission
表与表之间的联系
- 角色下面有用户,角色与用户是一对多的关系
- 角色权限表,角色与权限是多对多的关系
建立数据表
数据库
角色表(role)
CREATE TABLE `role` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '角色id',
`name` varchar(255) DEFAULT NULL COMMENT '标题',
`status` int(1) DEFAULT '1' COMMENT '0:不可用,1:可用',
`created_at` datetime DEFAULT NULL COMMENT '创建时间',
`updated_at` datetime DEFAULT NULL COMMENT '更改时间',
PRIMARY KEY (`id`),
UNIQUE KEY `title` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='角色';
用户表(user)
CREATE TABLE `user` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '用户id',
`username` varchar(255) DEFAULT NULL COMMENT '用户名',
`password` varchar(255) DEFAULT NULL COMMENT '用户密码',
`created_at` datetime DEFAULT NULL COMMENT '创建时间',
`updated_at` datetime DEFAULT NULL COMMENT '更改时间',
`role_id` int(11) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户表';
权限表(permission)
CREATE TABLE `permission` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '权限id',
`title` varchar(255) DEFAULT NULL COMMENT '标题',
`url` varchar(255) DEFAULT NULL COMMENT '连接地址',
`status` int(1) DEFAULT '1' COMMENT '0:不可用,1:可用',
`created_at` datetime DEFAULT NULL COMMENT '创建时间',
`updated_at` datetime DEFAULT NULL COMMENT '更改时间',
`permission_id` int(11) DEFAULT NULL COMMENT '当前表id',
PRIMARY KEY (`id`),
UNIQUE KEY `title` (`title`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='权限';
角色权限表(rolepermission)
CREATE TABLE `role_permission` (
`id` int(11) NOT NULL AUTO_INCREMENT COMMENT '角色权限id',
`role_id` int(11) DEFAULT NULL COMMENT '角色id',
`permission_id` int(11) DEFAULT NULL COMMENT '权限id',
`created_at` datetime DEFAULT NULL,
`updated_at` datetime DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB ENT=3 DEFAULT CHARSET=utf8mb4 COMMENT='角色权限多对多';
创建项目
新建egg-rbac项目
egg-init egg-rbac --type=simple
cd egg-example
cnpm install
安装依赖
cnpm install egg-sequelize mysql2 egg-view-ejs --save
配置依赖
config\plugin.js
module.exports = {
ejs: {
enable: true,
package: 'egg-view-ejs',
},
sequelize: {
enable: true,
package: 'egg-sequelize',
},
};
配置数据库
config\config.default.js
config.sequelize = {
dialect: 'mysql', // support: mysql, mariadb, postgres, mssql
dialectOptions: {
charset: 'utf8mb4',
},
database: 'eggrbac',
host: 'localhost',
port: '3306',
username: 'root',
password: '123456',
timezone: '+08:00',
};
建立model
role
因为查找role的时候,想要知道这个role下面有多少个user,所以
app.model.Role.hasMany(app.model.User, { as: 'user' });
app\model\role.js
'use strict';
module.exports = app => {
const { INTEGER, STRING, DATE } = app.Sequelize;
const Role = app.model.define('role', {
id: {
type: INTEGER,
primaryKey: true,
autoIncrement: true,
},
name: {
type: STRING,
},
status: {
type: INTEGER,
},
created_at: DATE,
updated_at: DATE,
}, {
freezeTableName: true,
});
Role.associate = function() {
app.model.Role.hasMany(app.model.User, { as: 'user' });
};
return Role;
};
user
因为查找user的时候,想要知道这个user归属于哪一个role,所以
app.model.User.belongsTo(app.model.Role, { as: 'role' });
app\model\user.js
'use strict';
module.exports = app => {
const { INTEGER, STRING, DATE } = app.Sequelize;
const User = app.model.define('user', {
id: {
type: INTEGER,
primaryKey: true,
autoIncrement: true,
},
username: {
type: STRING,
},
password: {
type: STRING,
},
created_at: DATE,
updated_at: DATE,
role_id: {
type: INTEGER,
},
}, {
freezeTableName: true,
});
User.associate = function() {
app.model.User.belongsTo(app.model.Role, { as: 'role' });
};
return User;
};
permission
自关联查询,所以
app.model.Permission.belongsTo(app.model.Permission, { as: 'permissions', foreignKey: 'permission_id' });
app\model\permission.js
'use strict';
module.exports = app => {
const { INTEGER, STRING, DATE } = app.Sequelize;
const Permission = app.model.define('permission', {
id: {
type: INTEGER,
primaryKey: true,
autoIncrement: true,
},
title: {
type: STRING,
},
url: {
type: STRING,
},
status: {
type: INTEGER,
},
created_at: DATE,
updated_at: DATE,
permission_id: {
type: INTEGER,
},
}, {
freezeTableName: true,
});
Permission.associate = function() {
app.model.Permission.belongsTo(app.model.Permission, { as: 'permissions', foreignKey: 'permission_id' });
};
return Permission;
};
role_permission
查询role_id,permission_id归属,所以
app.model.RolePermission.belongsTo(app.model.Role, { as: 'role' });
app.model.RolePermission.belongsTo(app.model.Permission, { as: 'permission' });
app\model\role_permission.js
'use strict';
module.exports = app => {
const { INTEGER, STRING, DATE } = app.Sequelize;
const RolePermission = app.model.define('role_permission', {
id: {
type: INTEGER,
primaryKey: true,
autoIncrement: true,
},
role_id: {
type: INTEGER,
},
permission_id: {
type: INTEGER,
},
created_at: DATE,
updated_at: DATE,
}, {
freezeTableName: true,
});
RolePermission.associate = function() {
app.model.RolePermission.belongsTo(app.model.Role, { as: 'role' });
app.model.RolePermission.belongsTo(app.model.Permission, { as: 'permission' });
};
return RolePermission;
};
测试
app\controller\home.js
async index() {
const { ctx } = this;
const data = await ctx.model.Role.findAll();
ctx.body = data;
}
