zhengxifeng
/
zc10000
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
説明なし
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
1 コミット
4 ブランチ
ツリー: 2e7a963364
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'2e7a963364' から
${ noResults }
zc10000/application/admin/controller/auth/Group.php

Group.php 11KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 
  1. <?php

  2. // +----------------------------------------------------------------------

  3. // | Yzncms [ 御宅男工作室 ]

  4. // +----------------------------------------------------------------------

  5. // | Copyright (c) 2007 http://yzncms.com All rights reserved.

  6. // +----------------------------------------------------------------------

  7. // | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )

  8. // +----------------------------------------------------------------------

  9. // | Author: fastadmin: https://www.fastadmin.net/

  10. // +----------------------------------------------------------------------

  11. namespace app\admin\Controller\auth;

  12. 

  13. use app\admin\model\AuthGroup as AuthGroupModel;

  14. use app\common\controller\Adminbase;

  15. use think\Db;

  16. use util\Tree;

  17. 

  18. /**

  19.  * 权限管理控制器

  20.  */

  21. class Group extends Adminbase

  22. {

  23.     //当前登录管理员所有子组别

  24.     protected $childrenGroupIds = [];

  25.     //当前组别列表数据

  26.     protected $grouplist   = [];

  27.     protected $groupdata   = [];

  28.     protected $noNeedRight = [];

  29. 

  30.     protected function initialize()

  31.     {

  32.         parent::initialize();

  33.         $this->modelClass = new AuthGroupModel;

  34. 

  35.         $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true);

  36. 

  37.         $groupList = AuthGroupModel::where('id', 'in', $this->childrenGroupIds)->select()->toArray();

  38. 

  39.         Tree::instance()->init($groupList);

  40.         $groupList = [];

  41.         if ($this->auth->isAdministrator()) {

  42.             $groupList = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0), 'title');

  43.         } else {

  44.             $groups   = $this->auth->getGroups();

  45.             $groupIds = [];

  46.             foreach ($groups as $m => $n) {

  47.                 if (in_array($n['id'], $groupIds) || in_array($n['parentid'], $groupIds)) {

  48.                     continue;

  49.                 }

  50.                 $groupList = array_merge($groupList, Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['parentid']), 'title'));

  51.                 foreach ($groupList as $index => $item) {

  52.                     $groupIds[] = $item['id'];

  53.                 }

  54.             }

  55.         }

  56. 

  57.         $groupName = [];

  58.         foreach ($groupList as $k => $v) {

  59.             $groupName[$v['id']] = $v['title'];

  60.         }

  61.         $this->grouplist = $groupList;

  62.         $this->groupdata = $groupName;

  63.         $this->assign('groupdata', $this->groupdata);

  64.     }

  65. 

  66.     //权限管理首页

  67.     public function index()

  68.     {

  69.         if ($this->request->isAjax()) {

  70.             $list   = $this->grouplist;

  71.             $total  = count($list);

  72.             $result = ["code" => 0, "count" => $total, "data" => $list];

  73.             return json($result);

  74.         } else {

  75.             return $this->fetch();

  76.         }

  77.     }

  78. 

  79.     //创建管理员用户组

  80.     public function add()

  81.     {

  82.         if ($this->request->isPost()) {

  83.             $this->token();

  84.             $params = $this->request->post("row/a", [], 'strip_tags');

  85.             $result = $this->validate($params, 'app\admin\validate\AuthGroup');

  86.             if (true !== $result) {

  87.                 return $this->error($result);

  88.             }

  89.             if (!in_array($params['parentid'], $this->childrenGroupIds)) {

  90.                 $this->error('父组别超出权限范围');

  91.             }

  92.             $parentmodel = AuthGroupModel::get($params['parentid']);

  93.             if (!$parentmodel) {

  94.                 $this->error('父组别未找到');

  95.             }

  96.             if ($params) {

  97.                 $this->modelClass->create($params);

  98.                 $this->success('新增成功');

  99.             }

  100.             $this->error('参数不能为空');

  101.         }

  102.         return $this->fetch();

  103. 

  104.     }

  105. 

  106.     //编辑管理员用户组

  107.     public function edit()

  108.     {

  109.         $id = $this->request->param('id/d');

  110.         if (!in_array($id, $this->childrenGroupIds)) {

  111.             $this->error('你没有权限访问!');

  112.         }

  113.         $row = $this->modelClass->get($id);

  114.         if (!$row) {

  115.             $this->error('记录未找到');

  116.         }

  117.         if ($this->request->isPost()) {

  118.             $this->token();

  119.             $params = $this->request->post("row/a", [], 'strip_tags');

  120.             //父节点不能是非权限内节点

  121.             if (!in_array($params['parentid'], $this->childrenGroupIds)) {

  122.                 $this->error('父组别超出权限范围');

  123.             }

  124.             // 父节点不能是它自身的子节点或自己本身

  125.             if (in_array($params['parentid'], Tree::instance()->getChildrenIds($row->id, true))) {

  126.                 $this->error('父角色不能是自身!');

  127.             }

  128.             $params['rules'] = explode(',', $params['rules']);

  129. 

  130.             $parentmodel = AuthGroupModel::get($params['parentid']);

  131.             if (!$parentmodel) {

  132.                 $this->error('父组别未找到');

  133.             }

  134. 

  135.             // 父级别的规则节点

  136.             $parentrules = explode(',', $parentmodel->rules);

  137.             // 当前组别的规则节点

  138.             $currentrules = $this->auth->getRuleIds();

  139.             $rules        = $params['rules'];

  140.             // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限

  141.             $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules);

  142.             // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限

  143.             $rules           = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules);

  144.             $params['rules'] = implode(',', $rules);

  145.             if ($params) {

  146.                 Db::startTrans();

  147.                 try {

  148.                     $row->save($params);

  149.                     $children_auth_groups = model("AuthGroup")->all(['id' => ['in', implode(',', (Tree::instance()->getChildrenIds($row->id)))]]);

  150.                     $childparams          = [];

  151.                     foreach ($children_auth_groups as $key => $children_auth_group) {

  152.                         $childparams[$key]['id']    = $children_auth_group->id;

  153.                         $childparams[$key]['rules'] = implode(',', array_intersect(explode(',', $children_auth_group->rules), $rules));

  154.                     }

  155.                     model("AuthGroup")->saveAll($childparams);

  156.                     Db::commit();

  157.                 } catch (Exception $e) {

  158.                     Db::rollback();

  159.                     $this->error($e->getMessage());

  160.                 }

  161.                 $this->success('编辑成功');

  162.             }

  163.             $this->error('参数不能为空');

  164.         }

  165.         $this->assign("data", $row);

  166.         return $this->fetch();

  167.     }

  168. 

  169.     //访问授权页面

  170.     public function access()

  171.     {

  172.         $id  = $this->request->param('id/d');

  173.         $pid = $this->request->param('pid/d');

  174.         if (!in_array($id, $this->childrenGroupIds)) {

  175.             $this->error('你没有权限访问!');

  176.         }

  177.         $row = $this->modelClass->get($id);

  178.         if (!$row) {

  179.             $this->error('记录未找到');

  180.         }

  181.         if ($this->request->isPost()) {

  182.             $this->token();

  183.             $params          = $this->request->post("row/a", [], 'strip_tags');

  184.             $params['rules'] = explode(',', $params['rules']);

  185. 

  186.             $parentmodel = $this->modelClass->get($params['parentid']);

  187.             if (!$parentmodel) {

  188.                 $this->error('父组别未找到');

  189.             }

  190.             // 父级别的规则节点

  191.             $parentrules = explode(',', $parentmodel->rules);

  192.             // 当前组别的规则节点

  193.             $currentrules = $this->auth->getRuleIds();

  194.             $rules        = $params['rules'];

  195.             // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限

  196.             $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules);

  197.             // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限

  198.             $rules = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules);

  199.             Db::startTrans();

  200.             try {

  201.                 $row->rules = implode(',', $rules);

  202.                 $row->save();

  203.                 $children_auth_groups = model("AuthGroup")->all(['id' => ['in', implode(',', (Tree::instance()->getChildrenIds($row->id)))]]);

  204.                 $childparams          = [];

  205.                 foreach ($children_auth_groups as $key => $children_auth_group) {

  206.                     $childparams[$key]['id']    = $children_auth_group->id;

  207.                     $childparams[$key]['rules'] = implode(',', array_intersect(explode(',', $children_auth_group->rules), $rules));

  208.                 }

  209.                 model("AuthGroup")->saveAll($childparams);

  210.                 Db::commit();

  211.             } catch (Exception $e) {

  212.                 Db::rollback();

  213.                 $this->error($e->getMessage());

  214.             }

  215.             $this->success('编辑成功');

  216.         }

  217.         $parentGroupModel = $this->modelClass->get($pid);

  218. 

  219.         $ruleList = model('AuthRule')->order('listorder', 'desc')->order('id', 'asc')->select()->toArray();

  220.         //读取父类角色所有节点列表

  221.         $parentRuleList = [];

  222.         if (in_array('*', explode(',', $parentGroupModel->rules))) {

  223.             $parentRuleList = $ruleList;

  224.         } else {

  225.             $parentRuleIds = explode(',', $parentGroupModel->rules);

  226.             foreach ($ruleList as $k => $v) {

  227.                 if (in_array($v['id'], $parentRuleIds)) {

  228.                     $parentRuleList[] = $v;

  229.                 }

  230.             }

  231.         }

  232. 

  233.         $ruleTree  = new Tree();

  234.         $groupTree = new Tree();

  235.         //当前所有正常规则列表

  236.         $ruleTree->init($parentRuleList);

  237.         //角色组列表

  238.         $groupTree->init(model('AuthGroup')->where('id', 'in', $this->childrenGroupIds)->select()->toArray());

  239. 

  240.         //读取当前角色下规则ID集合

  241.         $adminRuleIds = $this->auth->getRuleIds();

  242.         //是否是超级管理员

  243.         $superadmin = $this->auth->isAdministrator();

  244.         //当前拥有的规则ID集合

  245.         $currentRuleIds = explode(',', $row->rules);

  246.         $parentRuleList = $ruleTree->getTreeList($ruleTree->getTreeArray(0), 'name');

  247.         /*$hasChildrens = [];

  248.         foreach ($parentRuleList as $k => $v) {

  249.         if ($v['haschild']) {

  250.         $hasChildrens[] = $v['id'];

  251.         }

  252.         }*/

  253.         $parentRuleIds = array_map(function ($item) {

  254.             return $item['id'];

  255.         }, $parentRuleList);

  256.         $nodeList = [];

  257.         foreach ($parentRuleList as $k => $v) {

  258.             if (!$superadmin && !in_array($v['id'], $adminRuleIds)) {

  259.                 continue;

  260.             }

  261.             if ($v['parentid'] && !in_array($v['parentid'], $parentRuleIds)) {

  262.                 continue;

  263.             }

  264.             //$ischeck = in_array($v['id'], $currentRuleIds) && !in_array($v['id'], $hasChildrens);

  265.             $ischeck    = in_array($v['id'], $currentRuleIds);

  266.             $nodeList[] = ['id' => $v['id'], 'parentid' => $v['parentid'], 'name' => $v['title'], 'checked' => $ischeck];

  267.         }

  268.         //dump($nodeList);

  269.         $this->assign('nodeList', json_encode($nodeList));

  270.         $this->assign("data", $row);

  271.         return $this->fetch();

  272.     }

  273. 

  274.     //批量更新

  275.     public function multi()

  276.     {

  277.         // 管理员禁止批量操作

  278.         $this->error();

  279.     }

  280. 

  281. }