objMPermission = new \Cas\Module\Permission(); } public function doDefault() { echo 'xxx';exit; } /** * 用户组管理 */ public function doUsergroup() { $this->tpl = 'admin/permission/usergroup'; $page = Request::varGetInt('page', 1); $size = 20; $offset = ($page - 1) * $size; $objKifUsergroup = new \Cas\Dao\KifUsergroup(); $objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation(); $objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage(); $order = 'id asc'; # 获取当前登陆用户所属主 $groupids = $this->objMPermission->getsGroupidsByUid(\KIF\Core\BKController::getUid()); $groups = $objKifUsergroup->gets($groupids); # 当前登陆用户可以管理的组 $manageGroupids = $this->objMPermission->allowsMangeGroupids(\KIF\Core\BKController::getUid()); $manageGroups = $objKifUsergroup->gets($manageGroupids); $title = '用户组管理'; $this->setOutput('title', $title); $this->setOutput('groups', $groups); $this->setOutput('manageGroups', $manageGroups); $this->addNavMenu('KIF权限管理'); $this->addNavMenu('用户组管理', Request::url(), '_self'); } /** * 添加用户组 */ public function doAddUsergroup() { $group_name = Request::g('description'); if (!$group_name) { $this->fail_exit_cpt('请填写要添加的组名'); } $objDKifUsergroup = new \Cas\Dao\KifUsergroup(); $info = array( 'description' => $group_name, ); $rid = $objDKifUsergroup->add($info); if (!$rid) { $this->ajax_fail_exit('添加新用户组失败'); } $objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage(); $parent_groupids = $_GET['parent_groupids'] ? explode(',', $_GET['parent_groupids']) : ''; if ($parent_groupids) { foreach ($parent_groupids as $tmpGroupid) { $addResult = $objKifUsergroupManage->add(array( 'groupid' => $tmpGroupid, 'rid' => $rid )); if (!$addResult) { $this->ajax_fail_exit('分配管理用户组失败'); } } } $this->ajax_success_exit('添加成功'); } /** * 获取当前登陆用户有权分配的组 */ public function doUsergroupsOfAllowAssign() { $this->tpl = 'admin/permission/usergroupsOfAllowAssign'; # 所在组 $groupids = $this->objMPermission->allowsMangeGroupids(\KIF\Core\BKController::getUid()); $objKifUsergroup = new \Cas\Dao\KifUsergroup(); $groups = $objKifUsergroup->gets($groupids); $this->setOutput('groups', $groups); $this->ajax_success_exit($this->render(true)); } /** * 编辑用户组 、基础设置 */ public function doEditUsergroup() { $this->tpl = 'admin/permission/edit_usergroup'; $groupid = Request::r('groupid'); if (!Verify::unsignedInt($groupid)) { $this->fail_exit_cpt('无效的请求参数'); } $objDKifUsergroup = new \Cas\Dao\KifUsergroup(); if (!Request::isPost()) { $group = $objDKifUsergroup->get($groupid); $this->setOutput('group', $group); $this->addNavMenu('KIF权限管理'); $this->addNavMenu('用户组管理', Request::schemeDomain() . '?c=permission&a=usergroup', '_self'); $this->addNavMenu('基础设置', Request::url(), '_self'); } else { $tableInfo = array( 'id' => $groupid, 'description' => Request::p('description'), ); $cas_token = Request::p('cas_token'); $modifyResult = $objDKifUsergroup->modify($tableInfo, null, $cas_token); if (!$modifyResult->isSuccess()) { $this->fail_exit_cpt($modifyResult->getData()); } $this->success_exit_cpt(); } } /** * 删除用户组 * 同时会把想用用户组权限和关联的用户删除掉 */ public function doDelUsergroup() { $groupid = Request::g('groupid'); if (!Verify::unsignedInt($groupid)) { $this->fail_exit_cpt('无效的请求参数'); } $objKifUsergroup = new \Cas\Dao\KifUsergroup(); $objKifUsergroupCompetence = new \Cas\Dao\KifUsergroupCompetence(); $objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation(); $objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage(); $delUsergroupResult = $objKifUsergroup->delete(array('id' => $groupid)); if (!$delUsergroupResult) { $this->fail_exit_cpt('删除用户组失败'); } $delUsergroupCptResult = $objKifUsergroupCompetence->delete(array('groupid' => $groupid)); if (!$delUsergroupCptResult) { $this->fail_exit_cpt('删除用户组权限失败'); } $delUsergroupRelation = $objKifUsergroupRelation->delete(array('groupid' => $groupid)); if (!$delUsergroupRelation) { $this->fail_exit_cpt('删除用户、用户组关联表失败'); } $delUsergroupManage = $objKifUsergroupManage->delete(array('groupid' => $groupid)); if (!$delUsergroupManage) { $this->fail_exit_cpt('删除用户组管理表失败'); } $delUsergroupManage = $objKifUsergroupManage->delete(array('rid' => $groupid)); if (!$delUsergroupManage) { $this->fail_exit_cpt('删除用户组管理表失败'); } $this->success_exit_cpt(); } /** * 用户管理 */ public function doUser() { $this->tpl = 'admin/permission/user'; $objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation(); $relation = $objKifUsergroupRelation->getsAll(); $uids = $groupids = array(); foreach ($relation as $tmpval) { $uids[] = $tmpval['uid']; $groupids[] = $tmpval['groupid']; } $uids = array_unique($uids); $groupids = array_unique($groupids); $members = $this->objMPermission->getsUserByUids($uids); $objKifUsergroup = new \Cas\Dao\KifUsergroup(); $groups = $objKifUsergroup->gets($groupids); $data = array(); foreach ($uids as $tmpUid) { $tmpGroupids = array(); foreach ($relation as $tmpval) { if ($tmpval['uid'] == $tmpUid) { $tmpGroupids[] = $tmpval['groupid']; } } $data[$tmpUid] = array( 'uid' => $tmpUid, 'groupids' => $tmpGroupids, ); } $this->setOutput('data', $data); $this->setOutput('relation', $relation); $this->setOutput('members', $members); $this->setOutput('groups', $groups); $this->addNavMenu('KIF权限管理'); $this->addNavMenu('用户管理', Request::url(), '_self'); } /** * 查询用户权限信息 */ public function doSearchUser() { $this->tpl = 'admin/permission/search_user'; $username = Request::g('username'); $uid = Request::g('uid'); if ($username) { $member = $this->objMPermission->getUserByUsername($username); } elseif ($uid) { $member = $this->objMPermission->getUserByUid($uid); } if (!$member) { $this->fail_exit_cpt('没有搜索到符合条件的用户'); } $uid = $member['uid']; $groupids = array(); $objDKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation(); $groupids = $objDKifUsergroupRelation->getsGroupids($uid); # 用户所在组集合 $objDKifUsergroup = new \Cas\Dao\KifUsergroup(); $hasGroups = $objDKifUsergroup->gets($groupids); # 获取当前登陆用户可管理的组 $allowsMangeGroupIds = $this->objMPermission->allowsMangeGroupids(\KIF\Core\BKController::getUid()); $groupsAll = $objDKifUsergroup->gets($allowsMangeGroupIds); # 在当前登陆用户可管理用户组中已有的权限 $has_groupids = array_intersect($groupids, $allowsMangeGroupIds); $this->setOutput('member', $member); $this->setOutput('hasGroups', $hasGroups); $this->setOutput('groupsAll', $groupsAll); $this->setOutput('has_groupids', implode(',', $has_groupids)); $this->addNavMenu('KIF权限管理'); $this->addNavMenu('用户管理', Request::schemeDomain() . '?c=permission&a=user', '_self'); $this->addNavMenu('编辑 ' . $member['username'] . ' 用户组', Request::url(), '_self'); } /** * 添加用户到用户组 */ public function doAddUserToGroup() { $groupids = $_POST['groupids'] ? $_POST['groupids'] : array(); $uid = $_POST['uid']; $hasGroupids = $_POST['hasGroupids'] ? explode(',', $_POST['hasGroupids']) : array(); $objDKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation(); $intersectGroupids = array_intersect($groupids, $hasGroupids); # 添加权限 $addGroupids = array_diff($groupids, $intersectGroupids); if ($addGroupids) { foreach ($addGroupids as $tmpGroupid) { $addResult = $objDKifUsergroupRelation->add(array( 'uid' => $uid, 'groupid' => $tmpGroupid )); if (!$addResult) { $this->fail_exit_cpt('添加权限操作失败'); } } } # 删除权限 $delGroupids = array_diff($hasGroupids, $intersectGroupids); if ($delGroupids) { $delResult = $objDKifUsergroupRelation->delete(array( 'uid' => $uid, 'groupid' => $delGroupids, )); if (!$delResult) { $this->fail_exit_cpt('删除权限操作失败'); } } $this->success_exit_cpt('修改权限操作成功'); } /** * 新版资源管理 */ public function doResourceNew() { $result = $this->objMPermission->getResourceTreeNew(true); $resource = $result['resource']; $this->tpl = 'admin/permission/new_resource'; $this->addNavMenu('KIF权限管理'); $this->addNavMenu('资源管理', Request::url(), '_self'); $this->setOutput('resource', json_encode($resource)); } /** * 新版资源管理 - 创建资源 */ public function doAddResourceNew() { $objKifResourceManage = new KifResourceManage(); $parent_id = Request::g('parent_id'); $type = Request::g('type'); $is_end = 0; $parent_resource = array(); if ($type == 'dir') { $alias = '目录'; } else { $alias = '资源'; $parent_resource = $objKifResourceManage->get($parent_id); if (!$parent_resource) { $this->fail_exit_cpt("parent_id对于的数据不存在"); } if ($parent_resource['parent_id']) { $is_end = 1; } } if (!Request::isPost()) { $this->tpl = 'admin/permission/new_resource_add_edit'; $title = "创建{$alias}"; $this->addNavMenu('KIF权限管理'); $this->addNavMenu('资源管理', request::schemeDomain() . '/?c=permission&a=resourceNew', '_self'); $this->addNavMenu($title, Request::url(), '_self'); $this->setOutput('type', $type); $this->setOutput('alias', $alias); $this->setOutput('parent_resource', $parent_resource); $this->setOutput('is_end', $is_end); } else { $tableInfo = Filter::arrayfilter($_POST); if (!$tableInfo['name']) { $this->fail_exit_cpt("请填写{$alias}名称"); } $tableInfo['app_name'] = lcfirst($tableInfo['app_name']); $tableInfo['control_name'] = lcfirst($tableInfo['control_name']); $tableInfo['action_name'] = lcfirst($tableInfo['action_name']); $tmpResult = $objKifResourceManage->add($tableInfo); if (!$tmpResult) { $this->fail_exit_cpt("创建{$alias}失败"); } $this->success_exit_cpt("创建{$alias}成功"); } } /** * 新版资源管理 - 修改资源 */ public function doEditResourceNew() { $id = Request::g('id'); $objKifResourceManage = new KifResourceManage(); $resource = $objKifResourceManage->get($id); $is_end = 0; $parent_resource = array(); if (!$resource['parent_id']) { $type = 'dir'; $alias = '目录'; } else { $type = ''; $alias = '资源'; $parent_resource = $objKifResourceManage->get($resource['parent_id']); if (!$parent_resource) { $this->fail_exit_cpt("parent_id对于的数据不存在"); } if ($parent_resource['parent_id']) { $is_end = 1; } } if (!Request::isPost()) { $this->tpl = 'admin/permission/new_resource_add_edit'; $title = "编辑{$alias}"; $this->addNavMenu('KIF权限管理'); $this->addNavMenu('资源管理', request::schemeDomain() . '/?c=permission&a=resourceNew', '_self'); $this->addNavMenu($title, Request::url(), '_self'); $this->setOutput('resource', $resource); $this->setOutput('parent_resource', $parent_resource); $this->setOutput('type', $type); $this->setOutput('alias', $alias); $this->setOutput('is_end', $is_end); } else { $tableInfo = Filter::arrayfilter($_POST); if (!$tableInfo['name']) { $this->fail_exit_cpt("请填写{$alias}名称"); } $tableInfo['app_name'] = lcfirst($tableInfo['app_name']); $tableInfo['control_name'] = lcfirst($tableInfo['control_name']); $tableInfo['action_name'] = lcfirst($tableInfo['action_name']); $cas_token = $tableInfo['cas_token']; unset($tableInfo['cas_token']); $tableInfo['id'] = $id; $tmpModifyResult = $objKifResourceManage->modify($tableInfo, null, $cas_token); if (!$tmpModifyResult->isSuccess()) { $this->fail_exit_cpt("修改失败，原因：" . $tmpModifyResult->getData()); } $this->success_exit_cpt("修改成功"); } } /** * 新版资源管理 - 删除资源 */ public function doDelResourceNew() { $id = Request::g('id'); if (!Verify::unsignedInt($id)) { $this->ajax_fail_exit("无效的id"); } $objKifResourceManage = new KifResourceManage(); $result = $objKifResourceManage->delete(array('id' => $id)); if (!$result) { $this->ajax_fail_exit("删除失败"); } $this->ajax_success_exit("删除成功"); } public function doGetResource() { $this->ajax_success_exit(); } /** * 用户组权限管理 */ public function doUsergroupCpt() { $this->tpl = 'admin/permission/new_usergroupCpt'; $groupid = Request::g('groupid'); if (!$groupid) { $this->fail_exit_cpt('无效参数'); } $objKifUsergroup = new \Cas\Dao\KifUsergroup(); $usergroup = $objKifUsergroup->get($groupid); if (!$usergroup) { $this->fail_exit_cpt('获取用户组信息失败'); } # 获取用户组的权限 $objKifUsergroupPermission = new \Cas\Dao\KifUsergroupPermission(); $usergroupCpt = $objKifUsergroupPermission->getsCompetencesByGroupids(array($groupid)); $result = $this->objMPermission->getResourceTreeNew(true); # 所有资源 $resource = $result['resource']; # 当前登陆用户没有权限的resourceid（资源数的id） $disableTreeIds = $result['disableTreeIds']; $this->setOutput('groupid', $groupid); $this->setOutput('resource', json_encode($resource)); $this->setOutput('disableTreeIds', json_encode($disableTreeIds)); $this->setOutput('usergroupCpt', json_encode(array_values($usergroupCpt))); $title = '权限管理'; $this->setOutput('title', $title); $this->setOutput('menu_active', array('name' => 'userslist', 'item' => '')); //激活菜单 $this->addNavMenu('帐号管理'); $this->addNavMenu($title); $this->setOutput('pagePublicData', $this->getPagePublicData()); // 后台管理相关数据 } /** * 新版编辑用户组权限 */ public function doEditUsergroupCpt() { $resourceids = $_POST['resourceids']; $groupid = Request::p('groupid'); if (!Verify::unsignedInt($groupid)) { $this->ajax_fail_exit('无效用户组id'); } $objKifUsergroupPermission = new KifUsergroupPermission(); # 先把用户组以前的所有权限删除 if (!$objKifUsergroupPermission->delete(array('groupid' => $groupid))) { $this->ajax_fail_exit("删除原权限失败"); } foreach ($resourceids as $tmpResourceId) { $result = $objKifUsergroupPermission->add(array( 'groupid' => $groupid, 'resourceid' => $tmpResourceId, )); if (!$result) { $this->ajax_fail_exit("数据库操作失败"); } } $this->ajax_success_exit(); } /** * 渲览页面 */ public function display() { $this->render(); } }