其次谈谈权限的利用。凡是的做法(最少我是这么做的),即在“所需”时,依据以上逻辑判别某用户绝对某权限“是不是经由过程”,例如(乱写的,只是想暗示是在需求是停止判别):
CODE
// when someone posts a new topic
if ($access_controller->check($user, 'post'))
{
// access passed
$user->post($content);
}
else
{
// access denied
$sys->accessDenied();
}
而我一向很想测验考试的,是如许一种权限利用办法:即在$user实例出来时,已拆卸好他具有的权限(check once, run anywhere),例如:
CODE
class User
{
var $sid;
var $name;
var $passwd;
var $email;
// ...
function __call()
{
// it must be a ACCESS DENIED process here
die('no permission');
}
// maybe no other methods here...
}
// we need overload the User class in PHP4
// for the __call magic method
overload('User');
$user = new User();
// we need a AccessInject method to inject accesses into user object
$access_controller->access_inject($user)
// then, the user object includes its access methods...
// ok, we use the user's method directly
$user->post($content);
// if the user object includes the post method, it has the right permission...