zhengxifeng
/
zc10000
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
4 Branches
Branch: update
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'update'
${ noResults }
zc10000/extend/libs/Auth.php

Auth.php 9.3KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 
  1. <?php

  2. // +----------------------------------------------------------------------

  3. // | Yzncms [ 御宅男工作室 ]

  4. // +----------------------------------------------------------------------

  5. // | Copyright (c) 2018 http://yzncms.com All rights reserved.

  6. // +----------------------------------------------------------------------

  7. // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )

  8. // +----------------------------------------------------------------------

  9. // | Author: 御宅男 <530765310@qq.com>

  10. // +----------------------------------------------------------------------

  11. 

  12. // +----------------------------------------------------------------------

  13. // | AUTH类

  14. // +----------------------------------------------------------------------

  15. namespace libs;

  16. 

  17. use think\Db;

  18. use think\facade\Config;

  19. use think\facade\Request;

  20. use think\facade\Session;

  21. 

  22. /**

  23.  * 权限认证类

  24.  * 功能特性:

  25.  * 1,是对规则进行认证,不是对节点进行认证。用户可以把节点当作规则名称实现对节点进行认证。

  26.  *      $auth=new Auth();  $auth->check('规则名称','用户id')

  27.  * 2,可以同时对多条规则进行认证,并设置多条规则的关系(or或者and)

  28.  *      $auth=new Auth();  $auth->check('规则1,规则2','用户id','and')

  29.  *      第三个参数为and时表示,用户需要同时具有规则1和规则2的权限。 当第三个参数为or时,表示用户值需要具备其中一个条件即可。默认为or

  30.  * 3,一个用户可以属于多个用户组(think_auth_group_access表 定义了用户所属用户组)。我们需要设置每个用户组拥有哪些规则(think_auth_group 定义了用户组权限)

  31.  *

  32.  * 4,支持规则表达式。

  33.  *      在think_auth_rule 表中定义一条规则时,如果type为1, condition字段就可以定义规则表达式。 如定义{score}>5  and {score}<100  表示用户的分数在5-100之间时这条规则才会通过。

  34.  */

  35. class Auth

  36. {

  37.     protected static $instance;

  38.     /**

  39.      * 当前请求实例

  40.      * @var Request

  41.      */

  42.     protected $request;

  43.     //默认配置

  44.     protected $_config = [

  45.         'AUTH_ON'    => true, // 认证开关

  46.         'AUTH_TYPE'  => 1, // 认证方式,1为实时认证;2为登录认证。

  47.         'AUTH_GROUP' => 'auth_group', // 用户组数据表名

  48.         'AUTH_RULE'  => 'auth_rule', // 权限规则表

  49.         'AUTH_USER'  => 'admin', // 用户信息表

  50.     ];

  51. 

  52.     /**

  53.      * 类架构函数

  54.      * Auth constructor.

  55.      */

  56.     public function __construct()

  57.     {

  58.         //可设置配置项 auth, 此配置项为数组。

  59.         if ($auth = Config::get('auth')) {

  60.             $this->config = array_merge($this->_config, $auth);

  61.         }

  62.         // 初始化request

  63.         $this->request = Request::instance();

  64.     }

  65. 

  66.     /**

  67.      * 初始化

  68.      * @access public

  69.      * @param array $options 参数

  70.      * @return Auth

  71.      */

  72.     public static function instance($options = [])

  73.     {

  74.         if (is_null(self::$instance)) {

  75.             self::$instance = new static($options);

  76.         }

  77. 

  78.         return self::$instance;

  79.     }

  80. 

  81.     /**

  82.      * 检查权限

  83.      * @param name string|array  需要验证的规则列表,支持逗号分隔的权限规则或索引数组

  84.      * @param uid  int           认证用户的id

  85.      * @param string mode        执行check的模式

  86.      * @param relation string    如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证

  87.      * @return boolean           通过验证返回true;失败返回false

  88.      */

  89.     public function check($name, $uid, $mode = 'url', $relation = 'or')

  90.     {

  91.         if (!$this->_config['AUTH_ON']) {

  92.             return true;

  93.         }

  94.         $authList = $this->getAuthList($uid); //获取用户需要验证的所有有效规则列表

  95.         if (in_array('*', $authList)) {

  96.             return true;

  97.         }

  98.         if (is_string($name)) {

  99.             $name = strtolower($name);

  100.             if (strpos($name, ',') !== false) {

  101.                 $name = explode(',', $name);

  102.             } else {

  103.                 $name = [$name];

  104.             }

  105.         }

  106.         $list = []; //保存验证通过的规则名

  107.         if ('url' == $mode) {

  108.             $REQUEST = unserialize(strtolower(serialize($this->request->param())));

  109.         }

  110.         foreach ($authList as $auth) {

  111.             $query = preg_replace('/^.+\?/U', '', $auth);

  112.             if ($mode == 'url' && $query != $auth) {

  113.                 parse_str($query, $param); //解析规则中的param

  114.                 $intersect = array_intersect_assoc($REQUEST, $param);

  115.                 $auth      = preg_replace('/\?.*$/U', '', $auth);

  116.                 if (in_array($auth, $name) && $intersect == $param) {

  117.                     //如果节点相符且url参数满足

  118.                     $list[] = $auth;

  119.                 }

  120.             } elseif (in_array($auth, $name)) {

  121.                 $list[] = $auth;

  122.             }

  123.         }

  124.         if ($relation == 'or' and !empty($list)) {

  125.             return true;

  126.         }

  127.         $diff = array_diff($name, $list);

  128.         if ($relation == 'and' and empty($diff)) {

  129.             return true;

  130.         }

  131.         return false;

  132.     }

  133. 

  134.     /**

  135.      * 根据用户id获取用户组,返回值为数组

  136.      * @param  uid int     用户id

  137.      * @return array       用户所属的用户组 array(

  138.      *                                         array('uid'=>'用户id','group_id'=>'用户组id','title'=>'用户组名称','rules'=>'用户组拥有的规则id,多个,号隔开'),

  139.      *                                         ...)

  140.      */

  141.     public function getGroups($uid)

  142.     {

  143.         static $groups = [];

  144.         if (isset($groups[$uid])) {

  145.             return $groups[$uid];

  146.         }

  147.         $user_groups = Db::name($this->_config['AUTH_USER'])

  148.             ->alias('a')

  149.             ->where('a.id', $uid)

  150.             ->where('g.status', 1)

  151.             ->join($this->_config['AUTH_GROUP'] . ' g', "g.id = a.roleid")

  152.             ->field('a.id as uid,g.id,g.parentid,roleid,title,rules')

  153.             ->select();

  154.         $groups[$uid] = $user_groups ?: [];

  155.         return $groups[$uid];

  156.     }

  157. 

  158.     /**

  159.      * 获得权限列表

  160.      * @param integer $uid  用户id

  161.      */

  162.     protected function getAuthList($uid)

  163.     {

  164.         static $_rulelist = []; //保存用户验证通过的权限列表

  165.         if (isset($_rulelist[$uid])) {

  166.             return $_rulelist[$uid];

  167.         }

  168.         if (2 == $this->_config['AUTH_TYPE'] && Session::has('_AUTH_LIST_' . $uid)) {

  169.             return Session::get('_AUTH_LIST_' . $uid);

  170.         }

  171.         // 读取用户规则节点

  172.         $ids = $this->getRuleIds($uid);

  173.         if (empty($ids)) {

  174.             $_rulelist[$uid] = [];

  175.             return [];

  176.         }

  177.         $where = [

  178.             ['status', '=', 1],

  179.         ];

  180.         if (!in_array('*', $ids)) {

  181.             $where[] = ['id', 'in', $ids];

  182.         }

  183.         //读取用户组所有权限规则

  184.         $rules = Db::name($this->_config['AUTH_RULE'])->where($where)->field('id,parentid,condition,icon,name,title,ismenu')->select();

  185.         //循环规则,判断结果。

  186.         $rulelist = [];

  187.         if (in_array('*', $ids)) {

  188.             $rulelist[] = "*";

  189.         }

  190.         foreach ($rules as $rule) {

  191.             //超级管理员无需验证condition

  192.             if (!empty($rule['condition']) && !in_array('*', $ids)) {

  193.                 //根据condition进行验证

  194.                 $user    = $this->getUserInfo($uid); //获取用户信息,一维数组

  195.                 $nums = 0;

  196.                 $condition = str_replace(['&&', '||'], "\r\n", $rule['condition']);

  197.                 $condition = preg_replace('/\{(\w*?)\}/', '\\1', $condition);

  198.                 $conditionArr = explode("\r\n", $condition);

  199.                 foreach ($conditionArr as $index => $item) {

  200.                     preg_match("/^(\w+)\s?([\>\<\=]+)\s?(.*)$/", trim($item), $matches);

  201.                     if ($matches && isset($user[$matches[1]]) && version_compare($user[$matches[1]], $matches[3], $matches[2])) {

  202.                         $nums++;

  203.                     }

  204.                 }

  205.                 if ($conditionArr && ((stripos($rule['condition'], "||") !== false && $nums > 0) || count($conditionArr) == $nums)) {

  206.                     $rulelist[$rule['id']] = strtolower($rule['name']);

  207.                 }

  208. 

  209.             } else {

  210.                 //只要存在就记录

  211.                 $rulelist[$rule['id']] = strtolower($rule['name']);

  212.             }

  213.         }

  214.         $_rulelist[$uid] = $rulelist;

  215.         //登录验证则需要保存规则列表

  216.         if (2 == $this->_config['AUTH_TYPE']) {

  217.             //规则列表结果保存到session

  218.             Session::set('_AUTH_LIST_' . $uid, $rulelist);

  219.         }

  220.         return array_unique($rulelist);

  221.     }

  222. 

  223.     public function getRuleIds($uid)

  224.     {

  225.         //读取用户所属用户组

  226.         $groups = $this->getGroups($uid);

  227.         $ids    = []; //保存用户所属用户组设置的所有权限规则id

  228.         foreach ($groups as $g) {

  229.             $ids = array_merge($ids, explode(',', trim($g['rules'], ',')));

  230.         }

  231.         $ids = array_unique($ids);

  232.         return $ids;

  233.     }

  234. 

  235.     /**

  236.      * 获得用户资料,根据自己的情况读取数据库

  237.      */

  238.     protected function getUserInfo($uid)

  239.     {

  240.         static $userinfo = [];

  241.         if (!isset($userinfo[$uid])) {

  242.             $userinfo[$uid] = Db::name($this->_config['auth_user'])->where(['id' => $uid])->find();

  243.         }

  244.         return $userinfo[$uid];

  245.     }

  246. 

  247. }