Permissions Using Bitwise
This will be a quick tutorial on how to use bitwise operators in PHP to create permissions control. Some of next tutorials will cover how to implement it in application and how to use database to store permissions for users. Now some basics.
Bitwise operators
Those are operators (`&`, `|`, `^`, `~`, `>>` and `<<`) in PHP that convert your value to bites and then do their job. Here are some examples on those that we will use (`&`, `|` and `~`).
How do they work?
Their work is very simple. First they convert passed value to bits and then, depending on operator, check for set/non set bits. Let’s take for and example 4 bits integer (on 32 bit systems they are 32 bit integers but to simplify we will use 4 bits). Maximum value of that integer is 15.
Why?
Because 4 bit representation of 15 is 1111 and that are those 4 bits.
How do we get them?
Every bit has its position, right to left, starting from 0. That position is used as exponent for base 2 and then multiplied with value (0 or 1) on that position. To make it more clearly we will convert 1010 to integer. Starting from right to left first number is 0 so we do . Then we have . Next we have and last we have . Then we make sum of those number we got .
Now that you know what are bits, we can go further.
And operator (`&`)
This operators looks for bits that are set in both arguments and returns them. Let’s say you have this
echo 3 & 6;This would return 2.
Why?
Because if we make bit representation of those numbers like this
Integer | 8 | 4 | 2 | 1 |
3 | 0 | 0 | 1 | 1 |
6 | 0 | 1 | 1 | 0 |
3 & 6 | 0 | 0 | 1 | 0 |
you can see that only bits from column two are set in both 3 and 6. Since `&` searches for bits that are set in `a` and `b`, bit under two is set and is returned.
If we'd have
Integer | 8 | 4 | 2 | 1 |
11 | 1 | 0 | 1 | 1 |
14 | 1 | 1 | 1 | 0 |
11 & 14 | 1 | 0 | 1 | 0 |
it would return10 because bits under 2 and 8 are set. Sum of 2 and 8 is 10.
Or operator (`|`)
This operator looks for bits that are set (value is 1) either in `a` or in `b`. For example
echo 3 | 6;
would return 7 because if you look at our table bits 4, 2 and 1 have value of 1. Bit 8 has value if 0 in both of them and he is not set. When you make sum of 4, 2 and 1 you get 7.
echo 11 | 14;
would also return 15 because every bit is set in at least one of them. Bit 8 is set in both of them, 4 is set in 14, 2 is set in both of them and 1 is set in 11.
Not operator (`~`)
This operator just sets bits that are not set and unset bits that are set (1 goes to 0 and 0 goes to 1).
For example
echo ~6;
would return 9 because bits that are 1 now, are 0 and those that are 0, not are 1. If you look at our table bits 8 and 1 have value of 0 and they are not set. But bits 4 and 2 have value of 1 and they are unset. Now you have 1001 and that is 9. If we where using 32 bit integers then we would get -7.
Why?
Because 32 bit integer has 32 times 0 or 1. 32 bit representation of 6 would be 00000000000000000000000000000110 and when you make it inverse you get 11111111111111111111111111111001 which corresponds to -7.
Defining permissions
Now that you know how operators work, we can create our permissions control. We will use simple class with 4 constants defined to make it simpler (we could use normal constants but I intend to make it as much as possible object oriented).
This is class.
class perm { /** * Read constant. * * @var int */ const READ = 1; /** * Edit constant. * * @var int */ const EDIT = 2; /** * Publish constant. * * @var int */ const PUBLISH = 4; /** * Delete constant. * * @var int */ const DELETE = 8; }
Create user classes
Now we will use bitwise operators to make classes (not PHP classes, but classes like `Guest` or `Admin`).
This is code.
<?php $guest = perm::READ; $editor = $guest | perm::EDIT; $moderator = $editor | perm::PUBLISH; $publisher = $moderator & ~perm::EDIT; $admin = $moderator | perm::DELETE; ?>
Let me explain how did we created those roles. If you remember, on start I explained those operators. READ permission has only one bit set and that is first bit. EDIT has also only one bit and that is second bit. When we use `|` operator then we extend those two permissions and have two bits set and those are first and second. Then we do the same for $moderator and add one more bit (third bit). On publisher we want to disable one permission. To do that we inver permission that we want to disable so that only bit that is set becones 0 and all other become 1. Then we use `&` operator and set all bits that are set in both numbers. Here is how it works (we'll work again with 4 bits and not 32).
Variable $moderator has value of 7 (0111). Constant perm::EDIT has value of 2 (0010). When we invert EDIT constant we have 1101. Now we use `&` and we set only those bits that both have. In our example those are first and third bit. As you can see we do not have second bit because it was removed and that role has no EDIT permission.
Check if user can
This is the most easier part. We just use if statement and `&` operator. If we would like to check if $publisher can publish we would do it like so.
if ($publisher & perm::PUBLISH) echo 'Can'; else echo 'Can not';
Ok, but why do we use `&` to check if user can or can not do that?
Well, it's simple logic. If you remember, every bit that is set in both of them is returned. If no bit where set, 0 is returned and if there where any bits set then some integer that is not 0 is returned. If you know how PHP compares, then you also know that 0 is evaluated as false and any non-zero number is evaluated as true. If you wish you can read my article about comparing in PHP.
Test all roles and permissions
This is small function that will test all roles and permissions.
/** * Echoes permissions. * * @param array $roles Roles array * @param array $perms Permissions array */ function checkPerms($roles, $perms) { foreach ($roles as $k => $v) { echo '<b>', $k, '</b><br />'; foreach ($perms as $pk => $pv) { if ($v & $pv) echo '- can ', $pk, '<br />'; else echo '- can not ', $pk, '<br />'; } echo '<br />'; } } $roles = array( 'Guest' => $guest, 'Editor' => $editor, 'Moderator' => $moderator, 'Publisher' => $publisher, 'Administrator' => $admin ); $perms = array( 'read' => perm::READ, 'edit' => perm::EDIT, 'publish' => perm::PUBLISH, 'delete' => perm::DELETE ); checkPerms($roles, $perms);
Guest - can read - can not edit - can not publish - can not delete Editor - can read - can edit - can not publish - can not delete Moderator - can read - can edit - can publish - can not delete Publisher - can read - can not edit - can publish - can not delete Administrator - can read - can edit - can publish - can delete
Thank you for reading. You dan download source code here.
form: http://www.php4every1.com/tutorials/create-permissions-using-bitwise-operators-in-php/
相关推荐
ASP.NET2.0实现的通用权限管理系统,已调试可运行。
NTFS权限管理.超好用工具.Permissions Tools ,可以快速更改共享文件夹或子文件夹权限,包括继承和非继承。还可以复制权限,批量粘帖权限。神一样的NTFS权限管理工具。
Permissions
通用权限管理系统组件(GPM - General Permissions Manager)自2003年开始发布,目前是国内注册用户和免费盗版用户最多的权限管理系统,是各种信息管理系统开发中彻底的权限解决方案。本组件支持多种主流数据库...
通用权限管理系统组件(GPM - General Permissions Manager)自2003年开始发布,目前是国内注册用户和免费盗版用户最多的权限管理系统,是各种信息管理系统开发中彻底的权限解决方案。本组件支持多种主流数据库...
通用权限管理系统组件(GPM - General Permissions Manager)自2003年开始发布,目前是国内注册用户和免费盗版用户最多的权限管理系统,是各种信息管理系统开发中彻底的权限解决方案。本组件支持多种主流数据库...
小编我今天就尝试以浅显的语言来讲解下如何使用Django自带的权限管理机制。 什么是权限? 权限是能够约束用户行为和控制页面显示内容的一种机制。一个完整的权限应该包含3个要素: 用户,对象和权限,即什么用户对什么...
Laravel角色权限管理器Laravel版本:8预告片执照。用法这不是一个包-这是一个完整的Laravel项目,您应该将其用作入门模板,然后添加自己的自定义功能。 使用git clone存储库将.env.example文件复制到.env并在其中...
Laravel开发-permissions Laravel权限处理程序
烧瓶许可 Flask-Permissions是一个简单的Flask权限扩展,可与。 尽管这不是严格的要求,但它也可以与配合使用。安装使用PIP可以快速轻松地安装: pip install Flask-Permissions入门导入Flask,Flask-SQLAlchemy,...
例: < uses xss=removed> 单一权限: Permissions . check( this /* context */ , Manifest . permission . CALL_PHONE , null , new PermissionHandler () { @Override public void onGranted () { // do your ...
Windows7 Permissions zh-CN最高权限获取工具,删除正在运行的病毒文件和垃圾软件文件。
Android 6.0 permissions Demo
It shows how to check and request permissions at runtime, handle backwards compatibility using the support library and how to declare optional permissions for M-devices only. Introduction Android M ...
灰烬权限 Ember应用程序的权限管理。目录介绍@bagaar/ember-permissions是一个插件,允许您管理和验证当前用户会话的权限。 它还允许您定义每个路由所需的权限,从而可以保护应用程序的特定部分。 通过使用插件,您...
当然也可以对这些文件、文件夹进行权限的调节,但有些时候操作起来却是十分麻烦的事情,不过有了 Permissions Time Machine 就可以大大的降低权限调整的难度了。 Permissions Time Machine截图:
android6.0以上更好的保护了用户的隐私,Google将权限分为两类,一类是Normal Permissions, * 这类权限一般不涉及用户隐私,是不需要用户进行授权的,比如手机震动、访问网络等;另一类是 * Dangerous Permission...
如果要在管理界面中创建权限,请转到“全局权限”部分,然后单击“添加” 。 选择一个名称(应该是人类可读的),一个代码名称(将在您的应用程序中使用),然后保存它。 打开用户编辑页面,然后选择您刚刚创建的...
文件描述:RequiredPermissions.dll 文件大小:188K
此存储库包含Permissions API的某些源,Permissions API是Web应用程序能够管理权限的接口。 最新的编辑草稿位于