requireCompetence()方法，要求有操作权限 * @var Boolean */ static private $useCompetence = KIF_CREATE; /** * 用户访问权限 * @param Boolean $isHalt 没有权限访问时，是否要停机。默认停机，跳转到错误提示页 * @return Boolean */ public function requireCompetence($isHalt = true) { if (!self::$useCompetence) { return true; } if (is_null($isHalt)) { $isHalt = true; } # 先登录 parent::requireLogin(); if (!self::isCompetence()) { if ($isHalt) { #TODO self::no_permission_exit(); } return false; } return true; } /** * 当前用户是否有权访问 * @return Boolean */ private function isCompetence() { if (!self::isLogin()) { return false; } # 超级管理员啥权限都有 if (self::isSuperadmin()) { return true; } # 以下普通帐号权限 $c = Request::getInstance()->param('c'); $arr_class_path = array_map(function ($tmpV) { return lcfirst($tmpV); }, explode('_', $c)); $c = implode('_', $arr_class_path); $a = Request::getInstance()->param('a'); $requestParams = array( //当前请求参数名称 'app_name' => lcfirst(Config::getInstance()->get('Namespace')), 'control_name' => $c, 'action_name' => $a ? lcfirst($a) : 'default', ); $is_cpt = true; //普通帐号没有的权限 $notCompetences = array( array('control_name' => 'admin_platform_index'), //平台列表管理 array('control_name' => 'admin_backUser', 'action_name' => 'userList'), //帐号管理 列表 array('control_name' => 'admin_backUser', 'action_name' => 'CreateUser'),//帐号管理 创建帐号 array('control_name' => 'admin_backUser', 'action_name' => 'setPermission'), array('control_name' => 'admin_backUser', 'action_name' => 'MP'), array('control_name' => 'admin_platform_bulletin', 'action_name' => 'ReqCreate'), //添加公告 array('control_name' => 'admin_platform_bulletin', 'action_name' => 'PageUp'), //编辑公告 ); foreach ($notCompetences as $tmpCompetence) { if (lcfirst($tmpCompetence['control_name']) != $requestParams['control_name']) { continue; } if (!$tmpCompetence['action_name']) { //对控制器下的所有行为拥有权限 $is_cpt = false; break; } if (lcfirst($tmpCompetence['action_name']) == $requestParams['action_name']) { $is_cpt = false; break; } } return $is_cpt; } /** * 通过用户id获取用户所属的组id集合 * @param int $uid * @return array */ public function getsGroupidsByUid($uid) { if (!Verify::unsignedInt($uid)) { return array(); } $groupids = array(); $objDKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation(); $groupids = $objDKifUsergroupRelation->getsGroupids($uid); return $groupids; } /** * 获取用户组所有的权限设置 * @param array $groupids * @return array */ public function getsCompetencesByGroupids($groupids) { if (!$groupids) { return array(); } $competences = array(); $objDKifUsergroupPermission = new \Cas\Dao\KifUsergroupPermission(); $competences = $objDKifUsergroupPermission->getsCompetencesByGroupids($groupids); return $competences; } /** * 是否超级管理员 * @return boolean */ static public function isSuperadmin() { if (!self::$useCompetence) { return true; } $result = \Cas\Module\Permission::isSuperadmin(); return $result; } /** * 输出错误消息 * @param string $msg */ public function fail_exit_cpt($msg = null) { $permission_template_dir = Config::getInstance()->get('App_Path') . DS . 'template_dir'; $this->tpl = $permission_template_dir . '/admin/permission/prompt_message'; $this->setOutputs(array( 'type' => 'fail', 'msg' => $msg, 'referer' => Request::referer(), 'header_tpl'=> $permission_template_dir . '/header.html', 'bottom_tpl'=> $permission_template_dir . '/bottom.html', )); $this->render(); exit; } /** * 输出成功消息 * @param string $msg */ public function success_exit_cpt($msg = null) { $permission_template_dir = Config::getInstance()->get('App_Path') . DS . 'template_dir'; $this->tpl = $permission_template_dir . '/admin/permission/prompt_message'; $this->setOutputs(array( 'type' => 'success', 'msg' => $msg, 'referer' => Request::referer(), 'header_tpl'=> $permission_template_dir . '/header.html', 'bottom_tpl'=> $permission_template_dir . '/bottom.html', )); $this->render(); exit; } public function no_permission_exit() { $permission_template_dir = Config::getInstance()->get('App_Path') . DS . 'template_dir'; $this->tpl = $permission_template_dir . '/admin/permission/prompt_message'; $this->setOutputs(array( 'type' => 'no_permission', )); $this->render(); exit; } public function run() { if (isset(self::$useCompetence) && self::$useCompetence) { $this->requireCompetence(); } # 登陆用户 $this->setOutput('backuser', $this->getUser()); # 是否管理员 $IS_ADMIN = false; if (self::isSuperadmin()) { $IS_ADMIN = true; } $this->setOutput('IS_ADMIN', $IS_ADMIN); $action = $this->action; $this->$action(); } }