<?php
namespace Cas\Controller;
/**
* Permission 权限管理系统
* @author lishumingoo@gmail.com
*/
use KIF\Verify;
use KIF\Core\Request;
use Cas\Dao\KifResourceManage;
use KIF\String\Filter;
use Cas\Dao\KifUsergroupPermission;
class Permission extends \Cas\Controller\Admin\Controller {
private $objMPermission;
public function __construct() {
$this->objMPermission = new \Cas\Module\Permission();
}
public function doDefault() {
echo 'xxx';exit;
}
/**
* 用户组管理
*/
public function doUsergroup() {
$this->tpl = 'admin/permission/usergroup';
$page = Request::varGetInt('page', 1);
$size = 20;
$offset = ($page - 1) * $size;
$objKifUsergroup = new \Cas\Dao\KifUsergroup();
$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage();
$order = 'id asc';
# 获取当前登陆用户所属主
$groupids = $this->objMPermission->getsGroupidsByUid(\KIF\Core\BKController::getUid());
$groups = $objKifUsergroup->gets($groupids);
# 当前登陆用户可以管理的组
$manageGroupids = $this->objMPermission->allowsMangeGroupids(\KIF\Core\BKController::getUid());
$manageGroups = $objKifUsergroup->gets($manageGroupids);
$title = '用户组管理';
$this->setOutput('title', $title);
$this->setOutput('groups', $groups);
$this->setOutput('manageGroups', $manageGroups);
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('用户组管理', Request::url(), '_self');
}
/**
* 添加用户组
*/
public function doAddUsergroup() {
$group_name = Request::g('description');
if (!$group_name) {
$this->fail_exit_cpt('请填写要添加的组名');
}
$objDKifUsergroup = new \Cas\Dao\KifUsergroup();
$info = array(
'description' => $group_name,
);
$rid = $objDKifUsergroup->add($info);
if (!$rid) {
$this->ajax_fail_exit('添加新用户组失败');
}
$objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage();
$parent_groupids = $_GET['parent_groupids'] ? explode(',', $_GET['parent_groupids']) : '';
if ($parent_groupids) {
foreach ($parent_groupids as $tmpGroupid) {
$addResult = $objKifUsergroupManage->add(array(
'groupid' => $tmpGroupid,
'rid' => $rid
));
if (!$addResult) {
$this->ajax_fail_exit('分配管理用户组失败');
}
}
}
$this->ajax_success_exit('添加成功');
}
/**
* 获取当前登陆用户有权分配的组
*/
public function doUsergroupsOfAllowAssign() {
$this->tpl = 'admin/permission/usergroupsOfAllowAssign';
# 所在组
$groupids = $this->objMPermission->allowsMangeGroupids(\KIF\Core\BKController::getUid());
$objKifUsergroup = new \Cas\Dao\KifUsergroup();
$groups = $objKifUsergroup->gets($groupids);
$this->setOutput('groups', $groups);
$this->ajax_success_exit($this->render(true));
}
/**
* 编辑用户组 、基础设置
*/
public function doEditUsergroup() {
$this->tpl = 'admin/permission/edit_usergroup';
$groupid = Request::r('groupid');
if (!Verify::unsignedInt($groupid)) {
$this->fail_exit_cpt('无效的请求参数');
}
$objDKifUsergroup = new \Cas\Dao\KifUsergroup();
if (!Request::isPost()) {
$group = $objDKifUsergroup->get($groupid);
$this->setOutput('group', $group);
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('用户组管理', Request::schemeDomain() . '?c=permission&a=usergroup', '_self');
$this->addNavMenu('基础设置', Request::url(), '_self');
} else {
$tableInfo = array(
'id' => $groupid,
'description' => Request::p('description'),
);
$cas_token = Request::p('cas_token');
$modifyResult = $objDKifUsergroup->modify($tableInfo, null, $cas_token);
if (!$modifyResult->isSuccess()) {
$this->fail_exit_cpt($modifyResult->getData());
}
$this->success_exit_cpt();
}
}
/**
* 删除用户组
* 同时会把想用用户组权限和关联的用户删除掉
*/
public function doDelUsergroup() {
$groupid = Request::g('groupid');
if (!Verify::unsignedInt($groupid)) {
$this->fail_exit_cpt('无效的请求参数');
}
$objKifUsergroup = new \Cas\Dao\KifUsergroup();
$objKifUsergroupCompetence = new \Cas\Dao\KifUsergroupCompetence();
$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage();
$delUsergroupResult = $objKifUsergroup->delete(array('id' => $groupid));
if (!$delUsergroupResult) {
$this->fail_exit_cpt('删除用户组失败');
}
$delUsergroupCptResult = $objKifUsergroupCompetence->delete(array('groupid' => $groupid));
if (!$delUsergroupCptResult) {
$this->fail_exit_cpt('删除用户组权限失败');
}
$delUsergroupRelation = $objKifUsergroupRelation->delete(array('groupid' => $groupid));
if (!$delUsergroupRelation) {
$this->fail_exit_cpt('删除用户、用户组关联表失败');
}
$delUsergroupManage = $objKifUsergroupManage->delete(array('groupid' => $groupid));
if (!$delUsergroupManage) {
$this->fail_exit_cpt('删除用户组管理表失败');
}
$delUsergroupManage = $objKifUsergroupManage->delete(array('rid' => $groupid));
if (!$delUsergroupManage) {
$this->fail_exit_cpt('删除用户组管理表失败');
}
$this->success_exit_cpt();
}
/**
* 用户管理
*/
public function doUser() {
$this->tpl = 'admin/permission/user';
$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$relation = $objKifUsergroupRelation->getsAll();
$uids = $groupids = array();
foreach ($relation as $tmpval) {
$uids[] = $tmpval['uid'];
$groupids[] = $tmpval['groupid'];
}
$uids = array_unique($uids);
$groupids = array_unique($groupids);
$members = $this->objMPermission->getsUserByUids($uids);
$objKifUsergroup = new \Cas\Dao\KifUsergroup();
$groups = $objKifUsergroup->gets($groupids);
$data = array();
foreach ($uids as $tmpUid) {
$tmpGroupids = array();
foreach ($relation as $tmpval) {
if ($tmpval['uid'] == $tmpUid) {
$tmpGroupids[] = $tmpval['groupid'];
}
}
$data[$tmpUid] = array(
'uid' => $tmpUid,
'groupids' => $tmpGroupids,
);
}
$this->setOutput('data', $data);
$this->setOutput('relation', $relation);
$this->setOutput('members', $members);
$this->setOutput('groups', $groups);
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('用户管理', Request::url(), '_self');
}
/**
* 查询用户权限信息
*/
public function doSearchUser() {
$this->tpl = 'admin/permission/search_user';
$username = Request::g('username');
$uid = Request::g('uid');
if ($username) {
$member = $this->objMPermission->getUserByUsername($username);
} elseif ($uid) {
$member = $this->objMPermission->getUserByUid($uid);
}
if (!$member) {
$this->fail_exit_cpt('没有搜索到符合条件的用户');
}
$uid = $member['uid'];
$groupids = array();
$objDKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$groupids = $objDKifUsergroupRelation->getsGroupids($uid);
# 用户所在组集合
$objDKifUsergroup = new \Cas\Dao\KifUsergroup();
$hasGroups = $objDKifUsergroup->gets($groupids);
# 获取当前登陆用户可管理的组
$allowsMangeGroupIds = $this->objMPermission->allowsMangeGroupids(\KIF\Core\BKController::getUid());
$groupsAll = $objDKifUsergroup->gets($allowsMangeGroupIds);
# 在当前登陆用户可管理用户组中已有的权限
$has_groupids = array_intersect($groupids, $allowsMangeGroupIds);
$this->setOutput('member', $member);
$this->setOutput('hasGroups', $hasGroups);
$this->setOutput('groupsAll', $groupsAll);
$this->setOutput('has_groupids', implode(',', $has_groupids));
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('用户管理', Request::schemeDomain() . '?c=permission&a=user', '_self');
$this->addNavMenu('编辑 ' . $member['username'] . ' 用户组', Request::url(), '_self');
}
/**
* 添加用户到用户组
*/
public function doAddUserToGroup() {
$groupids = $_POST['groupids'] ? $_POST['groupids'] : array();
$uid = $_POST['uid'];
$hasGroupids = $_POST['hasGroupids'] ? explode(',', $_POST['hasGroupids']) : array();
$objDKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
$intersectGroupids = array_intersect($groupids, $hasGroupids);
# 添加权限
$addGroupids = array_diff($groupids, $intersectGroupids);
if ($addGroupids) {
foreach ($addGroupids as $tmpGroupid) {
$addResult = $objDKifUsergroupRelation->add(array(
'uid' => $uid,
'groupid' => $tmpGroupid
));
if (!$addResult) {
$this->fail_exit_cpt('添加权限操作失败');
}
}
}
# 删除权限
$delGroupids = array_diff($hasGroupids, $intersectGroupids);
if ($delGroupids) {
$delResult = $objDKifUsergroupRelation->delete(array(
'uid' => $uid,
'groupid' => $delGroupids,
));
if (!$delResult) {
$this->fail_exit_cpt('删除权限操作失败');
}
}
$this->success_exit_cpt('修改权限操作成功');
}
/**
* 新版资源管理
*/
public function doResourceNew() {
$result = $this->objMPermission->getResourceTreeNew(true);
$resource = $result['resource'];
$this->tpl = 'admin/permission/new_resource';
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('资源管理', Request::url(), '_self');
$this->setOutput('resource', json_encode($resource));
}
/**
* 新版资源管理 - 创建资源
*/
public function doAddResourceNew() {
$objKifResourceManage = new KifResourceManage();
$parent_id = Request::g('parent_id');
$type = Request::g('type');
$is_end = 0;
$parent_resource = array();
if ($type == 'dir') {
$alias = '目录';
} else {
$alias = '资源';
$parent_resource = $objKifResourceManage->get($parent_id);
if (!$parent_resource) {
$this->fail_exit_cpt("parent_id对于的数据不存在");
}
if ($parent_resource['parent_id']) {
$is_end = 1;
}
}
if (!Request::isPost()) {
$this->tpl = 'admin/permission/new_resource_add_edit';
$title = "创建{$alias}";
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('资源管理', request::schemeDomain() . '/?c=permission&a=resourceNew', '_self');
$this->addNavMenu($title, Request::url(), '_self');
$this->setOutput('type', $type);
$this->setOutput('alias', $alias);
$this->setOutput('parent_resource', $parent_resource);
$this->setOutput('is_end', $is_end);
} else {
$tableInfo = Filter::arrayfilter($_POST);
if (!$tableInfo['name']) {
$this->fail_exit_cpt("请填写{$alias}名称");
}
$tableInfo['app_name'] = lcfirst($tableInfo['app_name']);
$tableInfo['control_name'] = lcfirst($tableInfo['control_name']);
$tableInfo['action_name'] = lcfirst($tableInfo['action_name']);
$tmpResult = $objKifResourceManage->add($tableInfo);
if (!$tmpResult) {
$this->fail_exit_cpt("创建{$alias}失败");
}
$this->success_exit_cpt("创建{$alias}成功");
}
}
/**
* 新版资源管理 - 修改资源
*/
public function doEditResourceNew() {
$id = Request::g('id');
$objKifResourceManage = new KifResourceManage();
$resource = $objKifResourceManage->get($id);
$is_end = 0;
$parent_resource = array();
if (!$resource['parent_id']) {
$type = 'dir';
$alias = '目录';
} else {
$type = '';
$alias = '资源';
$parent_resource = $objKifResourceManage->get($resource['parent_id']);
if (!$parent_resource) {
$this->fail_exit_cpt("parent_id对于的数据不存在");
}
if ($parent_resource['parent_id']) {
$is_end = 1;
}
}
if (!Request::isPost()) {
$this->tpl = 'admin/permission/new_resource_add_edit';
$title = "编辑{$alias}";
$this->addNavMenu('KIF权限管理');
$this->addNavMenu('资源管理', request::schemeDomain() . '/?c=permission&a=resourceNew', '_self');
$this->addNavMenu($title, Request::url(), '_self');
$this->setOutput('resource', $resource);
$this->setOutput('parent_resource', $parent_resource);
$this->setOutput('type', $type);
$this->setOutput('alias', $alias);
$this->setOutput('is_end', $is_end);
} else {
$tableInfo = Filter::arrayfilter($_POST);
if (!$tableInfo['name']) {
$this->fail_exit_cpt("请填写{$alias}名称");
}
$tableInfo['app_name'] = lcfirst($tableInfo['app_name']);
$tableInfo['control_name'] = lcfirst($tableInfo['control_name']);
$tableInfo['action_name'] = lcfirst($tableInfo['action_name']);
$cas_token = $tableInfo['cas_token'];
unset($tableInfo['cas_token']);
$tableInfo['id'] = $id;
$tmpModifyResult = $objKifResourceManage->modify($tableInfo, null, $cas_token);
if (!$tmpModifyResult->isSuccess()) {
$this->fail_exit_cpt("修改失败,原因:" . $tmpModifyResult->getData());
}
$this->success_exit_cpt("修改成功");
}
}
/**
* 新版资源管理 - 删除资源
*/
public function doDelResourceNew() {
$id = Request::g('id');
if (!Verify::unsignedInt($id)) {
$this->ajax_fail_exit("无效的id");
}
$objKifResourceManage = new KifResourceManage();
$result = $objKifResourceManage->delete(array('id' => $id));
if (!$result) {
$this->ajax_fail_exit("删除失败");
}
$this->ajax_success_exit("删除成功");
}
public function doGetResource() {
$this->ajax_success_exit();
}
/**
* 用户组权限管理
*/
public function doUsergroupCpt() {
$this->tpl = 'admin/permission/new_usergroupCpt';
$groupid = Request::g('groupid');
if (!$groupid) {
$this->fail_exit_cpt('无效参数');
}
$objKifUsergroup = new \Cas\Dao\KifUsergroup();
$usergroup = $objKifUsergroup->get($groupid);
if (!$usergroup) {
$this->fail_exit_cpt('获取用户组信息失败');
}
# 获取用户组的权限
$objKifUsergroupPermission = new \Cas\Dao\KifUsergroupPermission();
$usergroupCpt = $objKifUsergroupPermission->getsCompetencesByGroupids(array($groupid));
$result = $this->objMPermission->getResourceTreeNew(true);
# 所有资源
$resource = $result['resource'];
# 当前登陆用户没有权限的resourceid(资源数的id)
$disableTreeIds = $result['disableTreeIds'];
$this->setOutput('groupid', $groupid);
$this->setOutput('resource', json_encode($resource));
$this->setOutput('disableTreeIds', json_encode($disableTreeIds));
$this->setOutput('usergroupCpt', json_encode(array_values($usergroupCpt)));
$title = '权限管理';
$this->setOutput('title', $title);
$this->setOutput('menu_active', array('name' => 'userslist', 'item' => '')); //激活菜单
$this->addNavMenu('帐号管理');
$this->addNavMenu($title);
$this->setOutput('pagePublicData', $this->getPagePublicData()); // 后台管理相关数据
}
/**
* 新版编辑用户组权限
*/
public function doEditUsergroupCpt() {
$resourceids = $_POST['resourceids'];
$groupid = Request::p('groupid');
if (!Verify::unsignedInt($groupid)) {
$this->ajax_fail_exit('无效用户组id');
}
$objKifUsergroupPermission = new KifUsergroupPermission();
# 先把用户组以前的所有权限删除
if (!$objKifUsergroupPermission->delete(array('groupid' => $groupid))) {
$this->ajax_fail_exit("删除原权限失败");
}
foreach ($resourceids as $tmpResourceId) {
$result = $objKifUsergroupPermission->add(array(
'groupid' => $groupid,
'resourceid' => $tmpResourceId,
));
if (!$result) {
$this->ajax_fail_exit("数据库操作失败");
}
}
$this->ajax_success_exit();
}
/**
* 渲览页面
*/
public function display() {
$this->render();
}
}