这更像是一个概念问题。我想从非常有经验的成员那里获得有关如何更好地安排我的代码的建议。通常在处理用户的请求时,我们需要检查他们的权限,以确定他们执行某些功能或方法的权利。问题是在执行如下函数之前验证访问权限是否更好:
//handling some POST data from AJAX
//lets assume we have some function check_some_rights() which takes user id as argument and returns 1 if user has some right or 0 if he/she doesnt
if (check_some_rights($user)){ //the privileges are verified
some_function_that_does_some_stuff()
} else {//nope, this user got no right to do this
echo "Like hell you do!";//denying access to this user
}
或者,如果启动执行功能,最好立即检查访问权限:
//alternative solution with embedded privilege check
function some_function_that_does_some_stuff($user){
if (check_some_rights($user)){//the privileges are verified
//go on with the procedure
// ...
} else {
echo "Like hell you do!";//denying access to this user
}
}
我个人认为第二种方法会更好,因为我们不必担心每次都要记得检查权限,但是需要有更多经验的人的意见,并且会受到高度赞赏。谢谢。