zhengxifeng
/
zc10000
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
暂无描述
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
1 提交
4 分支
分支: develop
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'develop'
${ noResults }
zc10000/application/common/controller/Adminbase.php

Adminbase.php 20KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502 
  1. <?php

  2. // +----------------------------------------------------------------------

  3. // | Yzncms [ 御宅男工作室 ]

  4. // +----------------------------------------------------------------------

  5. // | Copyright (c) 2018 http://yzncms.com All rights reserved.

  6. // +----------------------------------------------------------------------

  7. // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )

  8. // +----------------------------------------------------------------------

  9. // | Author: fastadmin: https://www.fastadmin.net/

  10. // +----------------------------------------------------------------------

  11. 

  12. // +----------------------------------------------------------------------

  13. // | 后台控制模块

  14. // +----------------------------------------------------------------------

  15. namespace app\common\controller;

  16. 

  17. use app\admin\service\User;

  18. use think\facade\Config;

  19. use think\facade\Hook;

  20. use think\facade\Session;

  21. use think\Validate;

  22. 

  23. //定义是后台

  24. define('IN_ADMIN', true);

  25. 

  26. class Adminbase extends Base

  27. {

  28.     //无需登录的方法,同时也就不需要鉴权了

  29.     protected $noNeedLogin = [];

  30.     //无需鉴权的方法,但需要登录

  31.     protected $noNeedRight = [];

  32.     //当前登录账号信息

  33.     //public $_userinfo;

  34.     //Multi方法可批量修改的字段

  35.     protected $multiFields = 'status,listorder';

  36.     /**

  37.      * 权限控制类

  38.      * @var Auth

  39.      */

  40.     protected $auth = null;

  41.     //模型对象

  42.     protected $modelClass = null;

  43.     //快速搜索时执行查找的字段

  44.     protected $searchFields = 'id';

  45.     //Selectpage可显示的字段

  46.     protected $selectpageFields = '*';

  47.     //是否是关联查询

  48.     protected $relationSearch = false;

  49.     //前台提交过来,需要排除的字段数据

  50.     protected $excludeFields = "";

  51.     /**

  52.      * 是否开启数据限制

  53.      * 支持auth/personal

  54.      * 表示按权限判断/仅限个人

  55.      * 默认为禁用,若启用请务必保证表中存在admin_id字段

  56.      */

  57.     protected $dataLimit = false;

  58.     //数据限制字段

  59.     protected $dataLimitField = 'admin_id';

  60.     //数据限制开启时自动填充限制字段值

  61.     protected $dataLimitFieldAutoFill = true;

  62.     //是否开启Validate验证

  63.     protected $modelValidate = false;

  64.     //是否开启模型场景验证

  65.     protected $modelSceneValidate = false;

  66. 

  67.     /*

  68.      * 引入后台控制器的traits

  69.      */

  70.     use \app\admin\library\traits\Curd;

  71. 

  72.     //初始化

  73.     protected function initialize()

  74.     {

  75.         parent::initialize();

  76.         $this->auth = User::instance();

  77. 

  78.         $modulename     = $this->request->module();

  79.         $controllername = parse_name($this->request->controller());

  80.         $actionname     = strtolower($this->request->action());

  81. 

  82.         $path = $controllername . '/' . $actionname;

  83.         // 定义是否Dialog请求

  84.         !defined('IS_DIALOG') && define('IS_DIALOG', $this->request->param("dialog") ? true : false);

  85.         // 检测是否需要验证登录

  86.         if (!$this->auth->match($this->noNeedLogin)) {

  87.             if (defined('UID')) {

  88.                 return;

  89.             }

  90.             if (!$this->auth->isLogin()) {

  91.                 Hook::listen('admin_nologin', $this);

  92.                 $this->error('请先登陆', url('admin/index/login'));

  93.             }

  94.             define('UID', (int) $this->auth->id);

  95. 

  96.             // 是否是超级管理员

  97.             define('IS_ROOT', $this->auth->isAdministrator());

  98. 

  99.             if (!IS_ROOT && config::get('site.admin_forbid_ip')) {

  100.                 // 检查IP地址访问

  101.                 $arr = explode(',', config::get('site.admin_forbid_ip'));

  102.                 foreach ($arr as $val) {

  103.                     //是否是IP段

  104.                     if (strpos($val, '*')) {

  105.                         if (strpos($this->request->ip(), str_replace('.*', '', $val)) !== false) {

  106.                             $this->error('403:你在IP禁止段内,禁止访问!');

  107.                         }

  108.                     } else {

  109.                         //不是IP段,用绝对匹配

  110.                         if ($this->request->ip() == $val) {

  111.                             $this->error('403:IP地址绝对匹配,禁止访问!');

  112.                         }

  113. 

  114.                     }

  115.                 }

  116.             }

  117.             if (!IS_ROOT && !$this->auth->match($this->noNeedRight)) {

  118.                 //检测访问权限

  119.                 if (!$this->auth->check($path)) {

  120.                     Hook::listen('admin_nopermission', $this);

  121.                     $this->error('未授权访问!');

  122.                 }

  123.             }

  124.         }

  125.         $site   = Config::get("site.");

  126.         $config = [

  127.             'modulename'     => $modulename,

  128.             'controllername' => $controllername,

  129.             'actionname'     => $actionname,

  130.         ];

  131.         //监听插件传入的变量

  132.         $site = array_merge($site, $config, ...Hook::listen("config_init"));

  133.         $this->assign('site', $site);

  134.         $this->assign('auth', $this->auth);

  135.         $this->assign('userInfo', Session::get('admin'));

  136.         $this->view->filter(function ($content) {

  137.             return Hook::listen("admin_view_filter", $content, true) ?: $content;

  138.         });

  139.     }

  140. 

  141.     /**

  142.      * 渲染配置信息

  143.      * @param mixed $name  键名或数组

  144.      * @param mixed $value 值

  145.      */

  146.     protected function assignconfig($name, $value = '')

  147.     {

  148.         $this->view->site = array_merge($this->view->site ? $this->view->site : [], is_array($name) ? $name : [$name => $value]);

  149.     }

  150. 

  151.     /**

  152.      * 构建请求参数

  153.      * @param mixed   $searchfields   快速查询的字段

  154.      * @param array $excludeFields 忽略构建搜索的字段

  155.      * @param boolean $relationSearch 是否关联查询

  156.      * @return array

  157.      */

  158.     protected function buildTableParames($searchfields = null, $excludeFields = [], $relationSearch = null)

  159.     {

  160.         $searchfields   = is_null($searchfields) ? $this->searchFields : $searchfields;

  161.         $relationSearch = is_null($relationSearch) ? $this->relationSearch : $relationSearch;

  162.         $search         = $this->request->get("search", '');

  163.         $filter         = $this->request->get("filter", '');

  164.         $op             = $this->request->get("op", '', 'trim');

  165.         $sort           = $this->request->get("sort", !empty($this->modelClass) && $this->modelClass->getPk() ? $this->modelClass->getPk() : 'id');

  166.         $order          = $this->request->get("order", "DESC");

  167.         $limit          = $this->request->get("limit/d", 999999);

  168.         $page           = $this->request->get("page/d", 1);

  169.         //新增自动计算分页偏移

  170.         $offset = $page ? ($page - 1) * $limit : 0;

  171.         if ($this->request->has("offset")) {

  172.             $offset = $this->request->get("offset/d", 0);

  173.         }

  174.         $this->request->withGet([config::get('paginate.var_page') => $page]);

  175.         $filter    = (array) json_decode($filter, true);

  176.         $op        = (array) json_decode($op, true);

  177.         $filter    = $filter ? $filter : [];

  178.         $where     = [];

  179.         $alias     = [];

  180.         $bind      = [];

  181.         $name      = '';

  182.         $aliasName = '';

  183.         if (!empty($this->modelClass) && $relationSearch) {

  184.             $name         = $this->modelClass->getTable();

  185.             $alias[$name] = parse_name(basename(str_replace('\\', '/', get_class($this->modelClass))));

  186.             $aliasName    = $alias[$name] . '.';

  187.         }

  188.         $sortArr = explode(',', $sort);

  189.         foreach ($sortArr as $index => &$item) {

  190.             $item = stripos($item, ".") === false ? $aliasName . trim($item) : $item;

  191.         }

  192.         unset($item);

  193.         $sort     = implode(',', $sortArr);

  194.         $adminIds = $this->getDataLimitAdminIds();

  195.         if (is_array($adminIds)) {

  196.             $where[] = [$aliasName . $this->dataLimitField, 'in', $adminIds];

  197.         }

  198.         if ($search) {

  199.             $searcharr = is_array($searchfields) ? $searchfields : explode(',', $searchfields);

  200.             foreach ($searcharr as $k => &$v) {

  201.                 $v = stripos($v, ".") === false ? $aliasName . $v : $v;

  202.             }

  203.             unset($v);

  204.             $where[] = [implode("|", $searcharr), "LIKE", "%{$search}%"];

  205.         }

  206.         $index = 0;

  207.         foreach ($filter as $k => $v) {

  208.             if (!preg_match('/^[a-zA-Z0-9_\-\.]+$/', $k)) {

  209.                 continue;

  210.             }

  211.             $sym = isset($op[$k]) ? $op[$k] : '=';

  212.             if (stripos($k, ".") === false) {

  213.                 $k = $aliasName . $k;

  214.             }

  215.             $v   = !is_array($v) ? trim($v) : $v;

  216.             $sym = strtoupper(isset($op[$k]) ? $op[$k] : $sym);

  217.             //null和空字符串特殊处理

  218.             if (!is_array($v)) {

  219.                 if (in_array(strtoupper($v), ['NULL', 'NOT NULL'])) {

  220.                     $sym = strtoupper($v);

  221.                 }

  222.                 if (in_array($v, ['""', "''"])) {

  223.                     $v   = '';

  224.                     $sym = '=';

  225.                 }

  226.             }

  227. 

  228.             switch ($sym) {

  229.                 case '=':

  230.                 case '<>':

  231.                     $where[] = [$k, $sym, (string) $v];

  232.                     break;

  233.                 case 'LIKE':

  234.                 case 'NOT LIKE':

  235.                 case 'LIKE %...%':

  236.                 case 'NOT LIKE %...%':

  237.                     $where[] = [$k, trim(str_replace('%...%', '', $sym)), "%{$v}%"];

  238.                     break;

  239.                 case '>':

  240.                 case '>=':

  241.                 case '<':

  242.                 case '<=':

  243.                     $where[] = [$k, $sym, intval($v)];

  244.                     break;

  245.                 case 'FINDIN':

  246.                 case 'FINDINSET':

  247.                 case 'FIND_IN_SET':

  248.                     $v       = is_array($v) ? $v : explode(',', str_replace(' ', ',', $v));

  249.                     $findArr = array_values($v);

  250.                     foreach ($findArr as $idx => $item) {

  251.                         $bindName        = "item_" . $index . "_" . $idx;

  252.                         $bind[$bindName] = $item;

  253.                         $where[]         = ["FIND_IN_SET(:{$bindName}, `" . str_replace('.', '`.`', $k) . "`)", [$bindName => $item]];

  254.                     }

  255.                     break;

  256.                 case 'IN':

  257.                 case 'IN(...)':

  258.                 case 'NOT IN':

  259.                 case 'NOT IN(...)':

  260.                     $where[] = [$k, str_replace('(...)', '', $sym), is_array($v) ? $v : explode(',', $v)];

  261.                     break;

  262.                 case 'BETWEEN':

  263.                 case 'NOT BETWEEN':

  264.                     $arr = array_slice(explode(',', $v), 0, 2);

  265.                     if (stripos($v, ',') === false || !array_filter($arr)) {

  266.                         continue 2;

  267.                     }

  268.                     //当出现一边为空时改变操作符

  269.                     if ($arr[0] === '') {

  270.                         $sym = $sym == 'BETWEEN' ? '<=' : '>';

  271.                         $arr = $arr[1];

  272.                     } elseif ($arr[1] === '') {

  273.                         $sym = $sym == 'BETWEEN' ? '>=' : '<';

  274.                         $arr = $arr[0];

  275.                     }

  276.                     $where[] = [$k, $sym, $arr];

  277.                     break;

  278.                 case 'RANGE':

  279.                 case 'NOT RANGE':

  280.                     $v   = str_replace(' - ', ',', $v);

  281.                     $arr = array_slice(explode(',', $v), 0, 2);

  282.                     if (stripos($v, ',') === false || !array_filter($arr)) {

  283.                         continue 2;

  284.                     }

  285.                     //当出现一边为空时改变操作符

  286.                     if ($arr[0] === '') {

  287.                         $sym = $sym == 'RANGE' ? '<=' : '>';

  288.                         $arr = $arr[1];

  289.                     } elseif ($arr[1] === '') {

  290.                         $sym = $sym == 'RANGE' ? '>=' : '<';

  291.                         $arr = $arr[0];

  292.                     }

  293.                     $tableArr = explode('.', $k);

  294.                     if (count($tableArr) > 1 && $tableArr[0] != $name && !in_array($tableArr[0], $alias) && !empty($this->modelClass)) {

  295.                         //修复关联模型下时间无法搜索的BUG

  296.                         $relation                                          = parse_name($tableArr[0], 1, false);

  297.                         $alias[$this->modelClass->$relation()->getTable()] = $tableArr[0];

  298.                     }

  299.                     $where[] = [$k, str_replace('RANGE', 'BETWEEN', $sym) . ' TIME', $arr];

  300.                     break;

  301.                 case 'NULL':

  302.                 case 'IS NULL':

  303.                 case 'NOT NULL':

  304.                 case 'IS NOT NULL':

  305.                     $where[] = [$k, strtolower(str_replace('IS ', '', $sym))];

  306.                     break;

  307.                 default:

  308.                     break;

  309.             }

  310.             $index++;

  311.         }

  312.         if (!empty($this->modelClass)) {

  313.             $this->modelClass->alias($alias);

  314.         }

  315.         $model = $this->modelClass;

  316.         $where = function ($query) use ($where, $alias, $bind, &$model) {

  317.             if (!empty($model)) {

  318.                 $model->alias($alias);

  319.                 //$model->bind($bind);

  320.             }

  321.             foreach ($where as $k => $v) {

  322.                 if (is_array($v)) {

  323.                     call_user_func_array([$query, 'where'], $v);

  324.                 } else {

  325.                     $query->where($v);

  326.                 }

  327.             }

  328.         };

  329.         return [$page, $limit, $where, $sort, $order, $offset, $alias, $bind];

  330.     }

  331. 

  332.     /**

  333.      * 获取数据限制的管理员ID

  334.      * 禁用数据限制时返回的是null

  335.      * @return mixed

  336.      */

  337.     protected function getDataLimitAdminIds()

  338.     {

  339.         if (!$this->dataLimit) {

  340.             return null;

  341.         }

  342.         if ($this->auth->isAdministrator()) {

  343.             return null;

  344.         }

  345.         $adminIds = [];

  346.         if (in_array($this->dataLimit, ['auth', 'personal'])) {

  347.             $adminIds = $this->dataLimit == 'auth' ? $this->auth->getChildrenAdminIds(true) : [$this->auth->id];

  348.         }

  349.         return $adminIds;

  350.     }

  351. 

  352.     /**

  353.      *

  354.      * 当前方法只是一个比较通用的搜索匹配,请按需重载此方法来编写自己的搜索逻辑,$where按自己的需求写即可

  355.      * 这里示例了所有的参数,所以比较复杂,实现上自己实现只需简单的几行即可

  356.      *

  357.      */

  358.     protected function selectpage()

  359.     {

  360.         //设置过滤方法

  361.         $this->request->filter(['trim', 'strip_tags', 'htmlspecialchars']);

  362. 

  363.         //搜索关键词,客户端输入以空格分开,这里接收为数组

  364.         $word = (array) $this->request->request("q_word/a");

  365.         //当前页

  366.         $page = $this->request->request("pageNumber");

  367.         //分页大小

  368.         $pagesize = $this->request->request("pageSize");

  369.         //搜索条件

  370.         $andor = $this->request->request("andOr", "and", "strtoupper");

  371.         //排序方式

  372.         $orderby = (array) $this->request->request("orderBy/a");

  373.         //显示的字段

  374.         $field = $this->request->request("showField");

  375.         //主键

  376.         $primarykey = $this->request->request("keyField");

  377.         //主键值

  378.         $primaryvalue = $this->request->request("keyValue");

  379.         //搜索字段

  380.         $searchfield = (array) $this->request->request("searchField/a");

  381.         //自定义搜索条件

  382.         $custom = (array) $this->request->request("custom/a");

  383.         //是否返回树形结构

  384.         $istree = $this->request->request("isTree", 0);

  385.         $ishtml = $this->request->request("isHtml", 0);

  386.         if ($istree) {

  387.             $word     = [];

  388.             $pagesize = 99999;

  389.         }

  390.         $order = [];

  391.         foreach ($orderby as $k => $v) {

  392.             $order[$v[0]] = $v[1];

  393.         }

  394.         $field = $field ? $field : 'name';

  395. 

  396.         //如果有primaryvalue,说明当前是初始化传值

  397.         if ($primaryvalue !== null) {

  398.             //$where = [$primarykey => ['in', $primaryvalue]];

  399.             $where    = [$primarykey => explode(',', $primaryvalue)];

  400.             $pagesize = 99999;

  401.         } else {

  402.             $where = function ($query) use ($word, $andor, $field, $searchfield, $custom) {

  403.                 $logic       = $andor == 'AND' ? '&' : '|';

  404.                 $searchfield = is_array($searchfield) ? implode($logic, $searchfield) : $searchfield;

  405.                 $searchfield = str_replace(',', $logic, $searchfield);

  406.                 $word        = array_filter(array_unique($word));

  407.                 if (count($word) == 1) {

  408.                     $query->where($searchfield, "like", "%" . reset($word) . "%");

  409.                 } else {

  410.                     $query->where(function ($query) use ($word, $searchfield) {

  411.                         foreach ($word as $index => $item) {

  412.                             $query->whereOr(function ($query) use ($item, $searchfield) {

  413.                                 $query->where($searchfield, "like", "%{$item}%");

  414.                             });

  415.                         }

  416.                     });

  417.                 }

  418.                 if ($custom && is_array($custom)) {

  419.                     foreach ($custom as $k => $v) {

  420.                         if (is_array($v) && 2 == count($v)) {

  421.                             $query->where($k, trim($v[0]), $v[1]);

  422.                         } else {

  423.                             $query->where($k, '=', $v);

  424.                         }

  425.                     }

  426.                 }

  427.             };

  428.         }

  429.         $adminIds = $this->getDataLimitAdminIds();

  430.         if (is_array($adminIds)) {

  431.             $this->modelClass = $this->modelClass->where($this->dataLimitField, 'in', $adminIds);

  432.         }

  433.         $list  = [];

  434.         $total = $this->modelClass->where($where)->count();

  435.         if ($total > 0) {

  436.             $fields = is_array($this->selectpageFields) ? $this->selectpageFields : ($this->selectpageFields && $this->selectpageFields != '*' ? explode(',', $this->selectpageFields) : []);

  437.             //如果有primaryvalue,说明当前是初始化传值,按照选择顺序排序

  438.             if ($primaryvalue !== null && preg_match("/^[a-z0-9_\-]+$/i", $primarykey)) {

  439.                 $primaryvalue = array_unique(is_array($primaryvalue) ? $primaryvalue : explode(',', $primaryvalue));

  440.                 //修复自定义data-primary-key为字符串内容时,给排序字段添加上引号

  441.                 $primaryvalue = array_map(function ($value) {

  442.                     return '\'' . $value . '\'';

  443.                 }, $primaryvalue);

  444. 

  445.                 $primaryvalue = implode(',', $primaryvalue);

  446. 

  447.                 $this->modelClass->orderRaw("FIELD(`{$primarykey}`, {$primaryvalue})");

  448.             } else {

  449.                 $this->modelClass->order($order);

  450.             }

  451. 

  452.             $this->modelClass->removeOption('where');

  453. 

  454.             if (is_array($adminIds)) {

  455.                 $this->modelClass->where($this->dataLimitField, 'in', $adminIds);

  456.             }

  457. 

  458.             $datalist = $this->modelClass->where($where)

  459.                 ->page($page, $pagesize)

  460.                 ->select();

  461. 

  462.             foreach ($datalist as $index => $item) {

  463.                 unset($item['password'], $item['salt']);

  464.                 if ($this->selectpageFields == '*') {

  465.                     $result = [

  466.                         $primarykey => isset($item[$primarykey]) ? $item[$primarykey] : '',

  467.                         $field      => isset($item[$field]) ? $item[$field] : '',

  468.                     ];

  469.                 } else {

  470.                     $result = array_intersect_key(($item instanceof Model ? $item->toArray() : (array) $item), array_flip($fields));

  471.                 }

  472.                 $result['pid'] = isset($item['pid']) ? $item['pid'] : (isset($item['parent_id']) ? $item['parent_id'] : 0);

  473.                 $list[]        = $result;

  474.             }

  475.             if ($istree && !$primaryvalue) {

  476.                 $tree = \util\Tree::instance();

  477.                 $tree->init(collection($list)->toArray(), 'pid');

  478.                 $list = $tree->getTreeList($tree->getTreeArray(0), $field);

  479.                 if (!$ishtml) {

  480.                     foreach ($list as &$item) {

  481.                         $item = str_replace('&nbsp;', ' ', $item);

  482.                     }

  483.                     unset($item);

  484.                 }

  485.             }

  486.         }

  487.         //这里一定要返回有list这个字段,total是可选的,如果total<=list的数量,则会隐藏分页按钮

  488.         return json(['data' => $list, 'count' => $total]);

  489.     }

  490. 

  491.     //刷新Token

  492.     protected function token()

  493.     {

  494.         $token = $this->request->param('__token__');

  495.         //验证Token

  496.         if (!Validate::make()->check(['__token__' => $token], ['__token__' => 'require|token'])) {

  497.             $this->error('令牌错误!', '', ['__token__' => $this->request->token()]);

  498.         }

  499.         //刷新Token

  500.         $this->request->token();

  501.     }

  502. }