English
English
When developing a background management system or permission management module, permission control is usually an indispensable part. A typical scenario is that there is a complete set of permissions in the system, and each user is granted only a portion of the permissions. In order to effectively filter out permissions that users do not have before presenting the interface or executing functions, we need an accurate and efficient method for permission filtering. The array_diff_ukey() function provided by PHP can implement this permission filtering in some scenarios.
This article will use a practical example to demonstrate how to efficiently implement user permission filtering using array_diff_ukey() .
Suppose the system defines a complete set of permissions:
$allPermissions = [
'user.view' => 'View users',
'user.edit' => 'Edit User',
'post.view' => 'View the article',
'post.edit' => 'Edit the article',
'admin.panel' => 'Visit the background',
];
The permissions of an ordinary user are as follows:
$userPermissions = [
'user.view' => true,
'post.view' => true,
];
We want to get a list of permissions that the user does not own for functions such as logging, security checking, or permission prompts.
The function of the array_diff_ukey() function is to compare the key names of two arrays, and use the callback function for custom comparison, and return key-value pairs that exist in the first array but not in other arrays .
We can use it to get permissions that the user does not own in $allPermissions :
$diff = array_diff_ukey(
$allPermissions,
$userPermissions,
function($key1, $key2) {
return strcmp($key1, $key2);
}
);
In the above code, $diff will return an array containing permissions not owned by all users:
[
'user.edit' => 'Edit User',
'post.edit' => 'Edit the article',
'admin.panel' => 'Visit the background',
]
Imagine that we have a permission configuration page that shows the administrator the permissions missing items of a certain user for adjustments. We can do this:
function getMissingPermissions(array $allPermissions, array $userPermissions): array {
return array_diff_ukey(
$allPermissions,
$userPermissions,
fn($a, $b) => strcmp($a, $b)
);
}
// All permissions
$allPermissions = [
'user.view' => 'View users',
'user.edit' => 'Edit User',
'post.view' => 'View the article',
'post.edit' => 'Edit the article',
'admin.panel' => 'Visit the background',
];
// Permissions owned by the user
$userPermissions = [
'user.view' => true,
'post.view' => true,
];
// Get missing permissions
$missing = getMissingPermissions($allPermissions, $userPermissions);
// Output result
foreach ($missing as $code => $desc) {
echo "Missing permissions: $desc ($code)" . PHP_EOL;
}
The output result is:
Missing permissions: Edit User (user.edit)
Missing permissions: Edit the article (post.edit)
Missing permissions: Visit the background (admin.panel)
Permission audit system : Quickly find missing items when reviewing user permission configuration.
Difference logging : Record the differences before and after user permission changes.
Front-end permission tree filtering : Dynamically build user-unauthorized function items for front-end processing.
URL permission verification : Integrate access control with routing permission identification. For example:
$permissions = [
'/dashboard' => 'Access the dashboard',
'/admin/users' => 'Manage users',
'/admin/settings' => 'System Settings',
];
$userPermissions = [
'/dashboard' => true,
];
$unauthorized = array_diff_ukey($permissions, $userPermissions, 'strcmp');
foreach ($unauthorized as $url => $desc) {
echo "Users do not have permission to access: https://m66.net$url ($desc)" . PHP_EOL;
}
Output:
