<?php
namespace Cas\Module;
use KIF\Verify;
use KIF\Core\Config;
use Cas\Dao\KifResourceManage;
use Cas\Dao\BackUser;
/**
* Permission 权限管理系统
* @author li.shuming@kimiss.com
*/
class Permission {
/**
* 新版 获取 Permission 资源树数据
* @param Boolean $open 资源树是否打开,默认 true 打开,false 关闭
* @return array(
* 'resource' = array(//所有资源树
* 'id' => '', //资源id
* 'pId' => '', //资源父级id
* 'name' => '', //资源描述
* 'isParent' => '', //是否目录,既控制器
* 'open' => '', //目录是否打开
* ),
* 'disableNodes' => array(), //当前用户没有权限的资源id集
* );
*/
public function getResourceTreeNew($open = true) {
$objKifResourceManage = new KifResourceManage();
$resource = $disableTreeIds = array();
$resources = $objKifResourceManage->getsAll('create_time asc');
foreach ($resources as $tmpResource) {
$tree_id = $tmpResource['id'];
$parent_id = $tmpResource['parent_id'];
$isParent = $tmpResource['is_end'] ? false : true;
//$open = $parent_id ? false : true;
$chkDisabled = $parent_id ? false : true;
$resource[] = array( //app节点
'id' => $tree_id,
'pId' => $parent_id,
'name' => $tmpResource['name'],
'isParent' => $isParent,
'open' => $open,
'chkDisabled' => $chkDisabled,
);
if (!$this->checkLoginUserCpt($tmpResource['app_name'], $tmpResource['control_name'], $tmpResource['action_name'])) {
$disableTreeIds[] = $tree_id;
}
}
return array(
'resource' => $resource, //资源树
'disableTreeIds' => $disableTreeIds, //当前用户没有权限操作的节点
);
}
/**
* 检查当前登陆对指定资源是否有权限
* @param string $app_name
* @param string $control_name
* @param string $action_name
* @return boolean
*/
public function checkLoginUserCpt($app_name, $control_name, $action_name) {
# 超级管理员啥权限都有
if (self::isSuperadmin()) {
return true;
}
# 获取当前用户所有权限
$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$objKifUsergroupPermission = new \Cas\Dao\KifUsergroupPermission();
$groupids = $objKifUsergroupRelation->getsGroupids(\KIf\Core\BKController::getUid());
$groupCompetences = $objKifUsergroupPermission->getsCompetencesByGroupids($groupids);
foreach ($groupCompetences as $tmpCpt) {
$tmpAppName = $tmpCpt['app_name'];
$tmpControlName = $tmpCpt['control_name'];
$tmpActionName = $tmpCpt['action_name'];
# 对action拥有权限
if ($tmpAppName && $tmpControlName && $tmpActionName) {
if ($tmpAppName == $app_name && $tmpControlName == $control_name && $tmpActionName == $action_name) {
return true;
}
}
# 对control拥有权限
if ($tmpAppName && $tmpControlName && $tmpActionName == '') {
if ($tmpAppName == $app_name && $tmpControlName == $control_name) {
return true;
}
}
# 对app拥有权限
if ($tmpAppName && $tmpControlName == '' && $tmpActionName == '') {
if ($tmpAppName == $app_name) {
return true;
}
}
}
return false;
}
/**
* 通过用户名查询用户信息
* @param string $username
* @return array
*/
public function getUserByUsername($username) {
if (!$username) {
return array();
}
$member = array();
$objBackUser = new BackUser();
$member = $objBackUser->fetchOne(array('name' => $username));
if ($member) {
$member['username'] = $member['name'];
}
return $member;
}
/**
* 通过用户id获取用户信息
* @param int $uid
* @return array
*/
public function getUserByUid($uid) {
$members = $this->getsUserByUids(array($uid));
if (!$members) {
return array();
}
return array_pop($members);
}
/**
* 批量获取用户信息
* @param array $uids
* @return multitype:|array
*/
public function getsUserByUids($uids) {
if (!$uids) {
return array();
}
$members = array();
$objBackUser = new BackUser();
$members = $objBackUser->findBy(array('uid' => $uids), 'uid');
foreach ($members as $tmpkey => $tmpval) {
$members[$tmpkey]['username'] = $tmpval['name'];
}
return $members;
}
/**
* 当前用户是否超级管理员
* @return boolean
*/
static public function isSuperadmin() {
$objBackUser = new BackUser();
$user = $objBackUser->get(\KIF\Core\BKController::getUid());
if ($user['permission'] == 'admin') {
return true;
}
return false;
}
/**
* 获取超级管理员uid集
* @return array
*/
static public function getSuperadminUids() {
$config = Config::getInstance()->current();
return isset($config['superadmin']) ? $config['superadmin'] : array();
}
/**
* 获取指定用户所属组
* @param $uid
*/
public function getsGroupidsByUid($uid) {
if (!Verify::unsignedInt($uid)) {
return array();
}
$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$result = $objKifUsergroupRelation->findBy(array('uid' => $uid), null, null, 'groupid', 'id asc');
if (!$result) {
return array();
}
$groupids = array();
foreach ($result as $tmpval) {
$groupids[] = $tmpval['groupid'];
}
return array_unique($groupids);
}
/**
* 获取指定用户可管理的用户组
* @param int $uid
*/
public function allowsMangeGroupids($uid) {
# 如果是登陆用户是超管,返回所有用户组
if (in_array($uid, self::getSuperadminUids())) {
$objKifUsergroup = new \Cas\Dao\KifUsergroup();
return $objKifUsergroup->getsIdsAll('id asc');
}
$groupids = $this->getsGroupidsByUid($uid);
# 可管理的组
$manageGroupids = array();
$objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage();
$usergroupManages = $objKifUsergroupManage->findBy(array('groupid' => $groupids));
foreach ($usergroupManages as $tmpManage) {
$manageGroupids[] = $tmpManage['rid'];
}
return array_unique(array_merge($groupids, $manageGroupids));
}
}