BestHub
Sign in
Backend Development 4 min read

Implementing Role-Based Access Control (RBAC) with the Auth Class in ThinkPHP

This guide explains how to set up an Auth class in ThinkPHP, create the necessary database tables for groups and rules, design admin and permission tables, configure user‑group relationships, handle login sessions, and integrate the Auth class into a common controller to enforce RBAC checks.

php Courses
php Courses
php Courses
Implementing Role-Based Access Control (RBAC) with the Auth Class in ThinkPHP

1. Download the auth class and place it in extend\auth\auth.php.

2. Execute the SQL statements in the class to create three tables: auth_group (user groups), auth_rule (permission rules), and auth_group_access (user‑group mapping).

3. Add hierarchical fields to auth_rule: pid (parent id, 0 for top level), level, and sort.

4. Create an admin table (e.g., admin) with typical CRUD fields and a group column indicating the user’s group.

5. Build the auth_group table with id, name, status (enabled/disabled), and rule (linked to auth_rule ids).

6. Build the auth_rule table with id, name (controller/method), title (rule name), and status (enabled/disabled).

7. When adding a user, store uid (user id) and group_id (the user’s group id) to associate the user with a group.

8. Implement login functionality that stores the logged‑in member’s ID in session('id').

9. In the common controller ( common.php), import and instantiate the Auth class to check permissions for each request, skipping the super administrator ( uid == 1) and pages listed in $notCheck.

<?php
namespace app\admin\controller;
use think\Controller;
use think\Request;
use auth\Auth; // import Auth class

class Common extends Controller
{
    public function _initialize()
    {
        // Check if user is logged in
        if (!session('uname')) {
            $this->error('请先登陆系统!', 'login/index');
        }

        // Get current module, controller, and action
        $request = Request::instance();
        $module = $request->module(); // module name
        $con = $request->controller(); // controller name
        $action = $request->action(); // method name
        $this->assign(array(
            'con' => $con,
            'action' => $action,
        ));

        $rules = $con . '/' . $action; // controller/action
        $auth = new Auth(); // instantiate Auth class
        $notCheck = array('Index/index'); // pages that do not require permission

        if (session('uid') != 1) { // non‑super admin needs permission check
            if (!in_array($rules, $notCheck)) { // not in open list
                if (!$auth->check($rules, session('uid'))) { // check permission
                    $this->error('没有权限', 'index/index');
                }
            }
        }
    }
}

Finally, the interface displays the permission‑controlled pages as shown in the accompanying screenshots.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

BackendAuthenticationPHPAuthorizationRBACThinkPHP
php Courses
Written by

php Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment