构建基于parent =>对象的子关系的访问矩阵?

时间:2013-01-30 09:15:13

标签: php mysql matrix parent-child access-control

一些背景知识:

game属于round
round属于season
season属于competition competition是无主的。

我们有八张桌子

name =>专栏

`games`            => `id`, `round_id`,  
`rounds`           => `id`, `season_id`,  
`seasons`          => `id`, `competition_id`,  
`competitions`      => `id`,
----
`user_game`        => `user_id`, `game_id`, 
`user_round`       => `user_id`, `round_id`,
`user_season`      => `user_id`, `season_id`,
`user_competition` => `user_id`, `competition_id`

因此,前四个表将不同的部分链接在一起,
后四个表将用户链接到相应的部分。

一些虚拟数据,请注意我在第二个ID更改时拆分表格以便于阅读。

前四个表

/--GAMES--------------\      /--ROUNDS-------------\
| id | round_id       |      | id | season_id      |
| 1  | 1              |      | 1  | 1              |
| 2  | 1              |      | 2  | 1              |
|----|----------------|      | 3  | 1              |
| 3  | 2              |      |----|----------------|
| 4  | 2              |      | 4  | 2              |
|----|----------------|      | 5  | 2              |
| 5  | 3              |      | 6  | 2              |
| 6  | 3              |      |----|----------------|
|----|----------------|      | 7  | 3              |
| 7  | 4              |      | 8  | 3              |
| 8  | 4              |      | 9  | 3              |
|----|----------------|      |----|----------------|
| 9  | 5              |      | 10 | 4              |
| 10 | 5              |      \---------------------/
|----|----------------|
| 11 | 6              |      /--SEASONS------------\
| 12 | 6              |      | id | competition_id |
|----|----------------|      | 1  | 1              |
| 13 | 7              |      | 2  | 1              |
| 14 | 7              |      |----|----------------|
|----|----------------|      | 3  | 2              |
| 15 | 8              |      | 4  | 2              |
| 16 | 8              |      \---------------------/
|----|----------------|
| 17 | 9              |      /--COMPETITIONS-------\
| 18 | 9              |      | id                  |
|----|----------------|      | 1                   |
| 19 | 10             |      | 2                   |
| 20 | 10             |      \---------------------/
\---------------------/ 

接下来的四个表格在下面的列表中得到了最好的解释

用户:

  • 用户1
    • 仅与游戏1相关联:user_game (user_id:1, game_id:1)
    • 在游戏1上有direct次访问权
    • 第1轮parent次访问
    • 第1季有parent次访问
    • parent次参加比赛1
  • 用户2
    • 仅与第1轮相关联:user_round (user_id:2, round_id:1)
    • 在游戏1,2
    • 上有child次访问权限
    • 第1轮direct次访问
    • 第1季有parent次访问
    • parent次参加比赛1
  • 用户3
    • 与第1轮相关联:user_round (user_id:3, round_id:1)
    • 拥有用户2 的所有访问权限
    • 链接到游戏2:
      `user_game(user_id:3,game_id:2)。
    • 在游戏2上有direct次访问权
    • 还与游戏13相关联:user_game (user_id:3, game_id:13)
    • 在游戏13上有direct次访问权
    • 第7轮parent访问
    • 第3季有parent次访问
    • parent访问竞争2

因此,当获取上述三个用户的访问权限时,我想最终得到这三个数组, 注意到:
parent_access:用户具有访问子对象的部分访问权限(无论对象是什么)
direct_access:用户具有直接授予的完全访问权限 child access:用户具有完全访问权限,作为父对象(无论哪个对象)被授予直接访问权限

用户1

$user1 = array(
    'games' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => false,
            'direct_access' => true,
            'child_access'  => false
        )
    ),

    'rounds' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        )
    ),

    'seasons' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        ),
    ),

    'competitions' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        ),
    )
);

用户2

$user2 = array(
    'games' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => false,
            'direct_access' => false,
            'child_access'  => true
        ),
        [2] => array(
            'id' => 2,
            'parent_access' => false,
            'direct_access' => false,
            'child_access'  => true
        )
    ),

    'rounds' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => false,
            'direct_access' => true,
            'child_access'  => false
        )
    ),

    'seasons' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        ),
    ),

    'competitions' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        ),
    )
);

用户3

$user3 = array(
    'games' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => false,
            'direct_access' => false,
            'child_access'  => true
        ),
        [2] => array(
            'id' => 2,
            'parent_access' => false,
            'direct_access' => true,
            'child_access'  => true
        ),
        [13] => array(
            'id' => 13,
            'parent_access' => false,
            'direct_access' => true,
            'child_access'  => false
        )
    ),

    'rounds' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => false,
            'direct_access' => true,
            'child_access'  => false
        ),
        [7] => array(
            'id' => 7,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        )
    ),

    'seasons' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        ),
        [3] => array(
            'id' => 3,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        )
    ),

    'competitions' => array(
        [1] => array(
            'id' => 1,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        ),
        [2] => array(
            'id' => 2,
            'parent_access' => true,
            'direct_access' => false,
            'child_access'  => false
        )
    )
);

2 个答案:

答案 0 :(得分:0)

结果略有不同,但这张贴在这里是为了显示我当前的工作,它仍然可以作为答案,尽管我不满意。

所以,这是我目前的代码: 像$competitions = $this->competitions->disabled(true)->getAll();这样的行在竞争表上运行查询并返回一个自定义对象,所以事情有点不同,但是你应该能够通过代码解决它的作用。

你不喜欢这里的是我们有 18个foreach循环!许多嵌套,以便 18重新运行foreach循环!任何人都可以看到一种方式减少这个?

public function access($user_id, $action = 'none')
{

    $access = array(
        'competitions' => array()
    );

    /* COMPETITIONS */
    $competitions = $this->competitions->disabled(true)->getAll();
    foreach ($competitions as $competition) {
        $access['competitions'][$competition->data('id')] = array(
            //'item' => $competition,
            'type' => 'competition',
            'id' => $competition->data('id'),
            'child_access' => false,
            'direct_access' => false,
            'parent_access' => false,
            'seasons' => array()
        );

        /* SEASONS */
        $seasons = $competition->seasons(true);
        foreach ($seasons as $season) {
            $access['competitions'][$competition->data('id')]['seasons'][$season->data('id')] = array(
                //'item' => $season,
                'type' => 'season',
                'id' => $season->data('id'),
                'child_access' => false,
                'direct_access' => false,
                'parent_access' => false,
                'rounds' => array()
            );

            /* ROUNDS */

            $rounds = $season->rounds(true);
            foreach ($rounds as $round) {
                $access['competitions'][$competition->data('id')]['seasons'][$season->data('id')]['rounds'][$round->data('id')] = array(
                    //'item' => $round,
                    'type' => 'round',
                    'id' => $round->data('id'),
                    'child_access' => false,
                    'direct_access' => false,
                    'parent_access' => false,
                    'games' => array()
                );

                /* GAMES */
                $games = $round->games(true);
                foreach ($games as $game) {
                    //dump('$access["competitions"]['.$competition->data('id').']["seasons"]['.$season->data('id').']["rounds"]['.$round->data('id').']["games"]['.$game->data('id').']');
                    $access['competitions'][$competition->data('id')]['seasons'][$season->data('id')]['rounds'][$round->data('id')]['games'][$game->data('id')] = array(
                        //'item' => $game,
                        'type' => 'game',
                        'id' => $game->data('id'),
                        'child_access' => false,
                        'direct_access' => false,
                        'parent_access' => false
                    );
                }

            }
        }
    }


    /* CHECK COMPETITIONS */
    $competitions = $this->db->select('competition_id')->from('user_competition')->where('user_id', $user_id)->get();
    foreach ($competitions->result() as $id) {
        $id = $id->competition_id;
        $access['competitions'][$id]['direct_access'] = true;

        /* SEASONS */
        foreach ($access['competitions'][$id]['seasons'] as &$season) {
            $season['child_access'] = true;

            /* ROUNDS */
            foreach ($season['rounds'] as &$round) {
                $round['child_access'] = true;

                /* GAMES */
                foreach ($round['games'] as &$game) {
                    $game['child_access'] = true;
                    unset($game);
                }

                unset($round);

            }
            unset($season);
        }
    }

    /* CHECK SEASONS */
    $seasons = $this->db->select('season_id')->from('user_season')->where('user_id', $user_id)->get();
    foreach ($seasons->result() as $id) {
        $id = $id->season_id;
        $competition_id = $this->seasons->disabled(true)->get($id)->data('competition id');

        $competition = $access['competitions'][$competition_id];
        $competition['parent_access'] = true;

        $season = $competition['seasons'][$id];
        $season['direct_access'] = true;

        /* ROUNDS */
        foreach ($season['rounds'] as &$round) {
            $round['child_access'] = true;

            /* GAMES */
            foreach ($round['games'] as &$game) {
                $game['child_access'] = true;
                unset($game);
            }
            unset($round);

        }
    }

    /* CHECK ROUNDS */
    $rounds = $this->db->select('round_id')->from('user_round')->where('user_id', $user_id)->get();
    foreach ($rounds->result() as $id) {
        $id = $id->round_id;
        $round_obj = $this->rounds->disabled(true)->get($id);
        $season_obj = $round_obj->season();
        $competition_id = $season_obj->data('competition id');

        $access['competitions'][$competition_id]['parent_access'] = true;

        $access['competitions'][$competition_id]['seasons'][$season_obj->data('id')]['parent_access'] = true;

        $access['competitions'][$competition_id]['seasons'][$season_obj->data('id')]['rounds'][$id]['direct_access'] = true;


        /* GAMES */

        foreach ($access['competitions'][$competition_id]['seasons'][$season_obj->data('id')]['rounds'][$id]['games'] as &$game) {
            $game['child_access'] = true;
            unset($game);
        }

    }

    /* CHECK GAMES */
    $games = $this->db->select('game_id')->from('user_game')->where('user_id', $user_id)->get();
    foreach ($games->result() as $id) {
        $id = $id->game_id;
        $game_obj = $this->games->disabled(true)->get($id);
        $round_obj = $game_obj->round();
        $season_obj = $round_obj->season();
        $competition_id = $season_obj->data('competition id');

        $access['competitions'][$competition_id]['parent_access'] = true;

        $access['competitions'][$competition_id]['seasons'][$season_obj->data('id')]['parent_access'] = true;

        $access['competitions'][$competition_id]['seasons'][$season_obj->data('id')]['rounds'][$round_obj->data('id')]['parent_access'] = true;
        $access['competitions'][$competition_id]['seasons'][$season_obj->data('id')]['rounds'][$round_obj->data('id')]['games'][$id]['direct_access'] = true;

    }

    if ($action == 'trim') {
        foreach ($access['competitions'] as $k => &$competition) {
            if ($competition['child_access'] === false &&
                $competition['direct_access'] === false &&
                $competition['parent_access'] === false
            ) {
                unset($access['competitions'][$k]);
                continue;
            }

            foreach ($competition['seasons'] as $k1 => &$season) {
                if ($season['child_access'] === false &&
                    $season['direct_access'] === false &&
                    $season['parent_access'] === false
                ) {
                    unset($competition['seasons'][$k1]);
                    continue;
                }
                foreach ($season['rounds'] as $k2 => &$round) {
                    if ($round['child_access'] === false &&
                        $round['direct_access'] === false &&
                        $round['parent_access'] === false
                    ) {
                        unset($season['rounds'][$k2]);
                        continue;
                    }

                    foreach ($round['games'] as $k3 => $game) {
                        if ($game['child_access'] === false &&
                            $game['direct_access'] === false &&
                            $game['parent_access'] === false
                        ) {
                            unset($round['games'][$k3]);
                            continue;
                        }
                    }
                }
            }
        }
    }

    dump($access);
}

答案 1 :(得分:0)

您需要使用授权语言(如XACML)来表达谁可以访问哪些特定数据。然后,您已经成为“属性”的一个来源。

使用XACML,您可以表达以下规则:

  • 如果该用户参与该游戏,则用户可以查看游戏
  • 用户可以查看游戏,如果该用户可以查看游戏所属的回合(亲子关系)......