diff --git a/.gitignore b/.gitignore index 55940e5..2234772 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /vendor/ -composer.lock \ No newline at end of file +composer.lock +.idea/ diff --git a/README.md b/README.md index 9754b6c..76f7ce4 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# EasySwoole Policy -用于验证、解析Policy结构和语法 +## 简介 +Policy(即策略)是在特定模型或者资源中组织授权逻辑的类,用来处理用户授权动作。 ## 安装 ```bash composer require EasySwoole/Policy @@ -10,44 +10,53 @@ composer require EasySwoole/Policy use EasySwoole\Policy\PolicyNode; use EasySwoole\Policy\Policy; -$policy = new Policy(); +//授权动作 +//PolicyNode::EFFECT_ALLOW 允许 +//PolicyNode::EFFECT_DENY 拒绝 +//PolicyNode::EFFECT_UNKNOWN 未知 + +$policy = new Policy(); +//添加节点授权 $policy->addPath('/user/add',PolicyNode::EFFECT_ALLOW); $policy->addPath('/user/update',PolicyNode::EFFECT_ALLOW); $policy->addPath('/user/delete',PolicyNode::EFFECT_DENY); $policy->addPath('/user/*',PolicyNode::EFFECT_DENY); -var_dump($policy->check('user/asdasd')); -var_dump($policy->check('user/add')); -var_dump($policy->check('user/update')); +//验证节点权限 +var_dump($policy->check('user/asdasd'));//deny +var_dump($policy->check('user/add')); //allow +var_dump($policy->check('user/update'));//allow + /* * 允许/api/*,但是唯独拒绝/api/order/charge,/api/order/info,/api/sys/* */ + $policy->addPath('/api/*',PolicyNode::EFFECT_ALLOW); $policy->addPath('/api/order/charge',PolicyNode::EFFECT_DENY); $policy->addPath('/api/order/info',PolicyNode::EFFECT_DENY); $policy->addPath('/api/sys/*',PolicyNode::EFFECT_DENY); + var_dump($policy->check('/api/whatever')); var_dump($policy->check('/api/order/charge')); var_dump($policy->check('/api/order/info')); - var_dump($policy->check('/api/sys/whatever')); -///* -// * *表示通配,根节点 -// */ -//$root = new PolicyNode('*'); -// -//$userChild = $root->addChild('user'); -//$userChild->addChild('add'); -//$userChild->addChild('update'); -//$userChild->addChild('*'); -// -//$apiChild = $root->addChild('charge'); -////$apiChild->addChild('*'); -////$userChild->addChild('*'); -// -// -//var_dump($root->search('/user/update')); +//对象添加 +$root = new PolicyNode('*'); +$userChild = $root->addChild('user'); +$userAddChild = $userChild->addChild('add'); +$userAddChild->addChild('aaaaaa')->setAllow(PolicyNode::EFFECT_ALLOW); +$userChild->addChild('update')->setAllow(PolicyNode::EFFECT_DENY); +$userChild->addChild('*')->setAllow(PolicyNode::EFFECT_ALLOW); + +$apiChild = $root->addChild('charge'); +$apiChild->addChild('*'); + +$node = $root->search('/user/add/aaaa'); +if ($node) { + var_dump($node->isAllow()); +} + ``` \ No newline at end of file diff --git a/src/Policy.php b/src/Policy.php index 679df2e..7a3ae35 100644 --- a/src/Policy.php +++ b/src/Policy.php @@ -20,35 +20,46 @@ class Policy function __construct() { - /* - * *表示通配,根节点 - */ + /** + * 表示通配,根节点 + */ $this->root = new PolicyNode("*"); } - /* - * + /** + * 添加路劲并设置权限 + * @param string $path + * @param string $allow */ - public function addPath(string $path,string $allow = PolicyNode::EFFECT_ALLOW) + public function addPath(string $path, string $allow = PolicyNode::EFFECT_ALLOW) { - $list = explode('/',trim($path,'/')); + $list = explode('/', trim($path, '/')); $temp = $this->root; - foreach ($list as $path){ - $temp = $temp->addChild($path); + foreach ($list as $path) { + $temp = $temp->addChild($path);//递归设置节点 } $temp->setAllow($allow); } + /** + * 检测权限 + * @param string $path + * @return string + */ public function check(string $path) { $node = $this->root->search($path); - if($node){ + if ($node) { return $node->isAllow(); - }else{ + } else { return PolicyNode::EFFECT_UNKNOWN; } } + /** + * 所有节点 + * @return array + */ public function toArray() { return $this->root->toArray(); diff --git a/src/PolicyNode.php b/src/PolicyNode.php index 41f2b47..f3dac61 100644 --- a/src/PolicyNode.php +++ b/src/PolicyNode.php @@ -47,6 +47,7 @@ function addChild(string $nodeName):PolicyNode } /** + * 获取节点名称 * @return string */ public function getName(): string @@ -55,6 +56,7 @@ public function getName(): string } /** + * 设置节点名称 * @param string $name */ public function setName(string $name): void @@ -63,6 +65,7 @@ public function setName(string $name): void } /** + * 获取节点的权限 * @return array */ public function getLeaves(): array @@ -71,6 +74,7 @@ public function getLeaves(): array } /** + * 设置节点权限 * @param array $leaves */ public function setLeaves(array $leaves): void @@ -78,11 +82,19 @@ public function setLeaves(array $leaves): void $this->leaves = $leaves; } + /** + * 判断是否允许 + * @return string + */ public function isAllow() { return $this->allow; } + /** + * 设置是否允许 + * @param string $allow + */ public function setAllow(string $allow): void { $this->allow = $allow; diff --git a/test/Test.php b/test/Test.php new file mode 100644 index 0000000..db25377 --- /dev/null +++ b/test/Test.php @@ -0,0 +1,45 @@ +addPath('/user/add', PolicyNode::EFFECT_ALLOW); //添加允许的单节点 +//$policy->addPath('/user/update', PolicyNode::EFFECT_ALLOW); +//$policy->addPath('/user/delete', PolicyNode::EFFECT_DENY); //添加拒绝的单节点 +//$policy->addPath('/user/*', PolicyNode::EFFECT_DENY); //添加拒绝的通配节点 +// +////验证权限 +//var_dump($policy->check('user/asdasd/dsad')); //deny +//var_dump($policy->check('user/add')); //allow +//var_dump($policy->check('user/update')); //allow +//var_dump($policy->check('user/delete')); //deny +// +//print_r($policy->toArray());//树形结构 + + +//对象添加授权 +$root = new PolicyNode('*'); + +$userChild = $root->addChild('user'); +$userAddChild = $userChild->addChild('add'); +$userAddChild->addChild('aaaaaa')->setAllow(PolicyNode::EFFECT_ALLOW); +$userChild->addChild('update')->setAllow(PolicyNode::EFFECT_DENY); +$userChild->addChild('*')->setAllow(PolicyNode::EFFECT_ALLOW); + +$apiChild = $root->addChild('charge'); +$apiChild->addChild('*'); + +$node = $root->search('/user/add/aaaa'); +if ($node) { + var_dump($node->isAllow()); +}