works:programmer:db-mysql:user-group-access
Создание пользователей и групп
В этом примере указанно как правильно создавать пользователей и применять их к группам с заменой прав как отдельного пользователя так и группы на определенный доступ…
DROP TABLES IF EXISTS `rules_to_users`, `user_to_groups`, `rules_to_groups`, `users`, `rules`, `groups`; CREATE TABLE users ( `id` INTEGER UNSIGNED AUTO_INCREMENT, `name` VARCHAR(50), PRIMARY KEY (`id`), UNIQUE (`name`) ) ENGINE=InnoDB; CREATE TABLE `rules` ( `id` INTEGER UNSIGNED AUTO_INCREMENT, `title` VARCHAR(50), `path` VARCHAR(127), `order` ENUM('ALLOW', 'DENY') NOT NULL DEFAULT 'DENY', PRIMARY KEY (`id`), UNIQUE (`title`) ) ENGINE=InnoDB; CREATE TABLE `groups` ( `id` INTEGER UNSIGNED AUTO_INCREMENT, `name` VARCHAR(50), PRIMARY KEY (`id`), UNIQUE (`name`) ) ENGINE=InnoDB; CREATE TABLE `user_to_groups` ( `user_id` INTEGER UNSIGNED, `group_id` INTEGER UNSIGNED, UNIQUE(`user_id`, `group_id`), FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE CASCADE ON DELETE CASCADE, FOREIGN KEY (`group_id`) REFERENCES `groups`(`id`) ON UPDATE CASCADE ON DELETE CASCADE ) ENGINE=InnoDB; CREATE TABLE `rules_to_groups` ( `group_id` INTEGER UNSIGNED NOT NULL, `rule_id` INTEGER UNSIGNED NOT NULL, `order` INTEGER UNSIGNED NOT NULL DEFAULT 0, INDEX (`order`), UNIQUE (`group_id`, `rule_id`), FOREIGN KEY (`group_id`) REFERENCES `groups`(`id`) ON UPDATE CASCADE ON DELETE CASCADE, FOREIGN KEY (`rule_id`) REFERENCES `rules`(`id`) ON UPDATE CASCADE ON DELETE CASCADE ) ENGINE=InnoDB; CREATE TABLE `rules_to_users` ( `user_id` INTEGER UNSIGNED NOT NULL, `rule_id` INTEGER UNSIGNED NOT NULL, `order` INTEGER UNSIGNED NOT NULL DEFAULT 0, INDEX (`order`), UNIQUE (`user_id`, `rule_id`), FOREIGN KEY (`user_id`) REFERENCES `users`(`id`) ON UPDATE CASCADE ON DELETE CASCADE, FOREIGN KEY (`rule_id`) REFERENCES `rules`(`id`) ON UPDATE CASCADE ON DELETE CASCADE ) ENGINE=InnoDB; INSERT `rules` (`title`, `path`, `order`) VALUES ('Default Rule! Don not Delete!!!', '/', 'DENY'), ('User profile read', '/user/get/', 'ALLOW'), ('User profile write own', '/user/post/', 'ALLOW'), ('Admin: User profile write others', '/user/push/', 'ALLOW'), ('List users on engine', '/user/list/', 'ALLOW'), ('Admin: General politics', '/admin/gpedit/', 'ALLOW'), ('Admin: General politics: Deny Write', '/admin/gpedit/save', 'DENY'); INSERT `users` (`name`) VALUES ("testuser"); INSERT `groups` (`id`, `name`) VALUES (NULL, "guest"), (NULL, "user"), (NULL, "moderator"), (NULL, "admin"); -- Allow users to get profile info INSERT `rules_to_groups` (`group_id`, `rule_id`) VALUES (2, 2), (2, 3); INSERT `rules_to_users` (`user_id`, `rule_id`, `order`) VALUES (1, 6, 1), (1, 7, 0); SELECT *, 'def' `definer`, 0 `order` FROM rules WHERE id = 1 -- id=1 DEFAULT RULE ID - FOR ALL! UNION (SELECT r.*, 'grp', rtg.`order` FROM rules `r` LEFT JOIN `rules_to_groups` rtg ON rtg.rule_id = r.id WHERE rtg.group_id IN (1, 2, 3) -- IN ... USER_GROUPS ARRAY CONSTANT ORDER BY rtg.`order` DESC) UNION (SELECT ur.*, 'usr', rtu.`order` FROM rules `ur` LEFT JOIN `rules_to_users` rtu ON rtu.rule_id = ur.id WHERE rtu.user_id = 1 -- user_id = ... USER_ID CONSTANT ORDER BY rtu.`order` DESC);
works/programmer/db-mysql/user-group-access.txt · Последнее изменение: 2019/04/23 22:57 — 127.0.0.1