onepage_mrhi/tm/lib/Module/Permission.class.php

<?php
namespace Cas\Module;

use KIF\Verify;
use KIF\Core\Config;
use Cas\Dao\KifResourceManage;
use Cas\Dao\BackUser;
/**
 * Permission 权限管理系统
 * @author li.shuming@kimiss.com
 */

class Permission {
	
	/**
	 * 新版 获取 Permission 资源树数据
	 * @param Boolean $open 资源树是否打开，默认 true 打开，false 关闭
	 * @return array(
	 * 		'resource' = array(//所有资源树
	 * 			'id'	=> '', //资源id
	 * 			'pId'	=> '', //资源父级id
	 * 			'name'	=> '', //资源描述
	 * 			'isParent'	=> '', //是否目录，既控制器
	 * 			'open'	=> '', //目录是否打开
	 * 		), 
	 * 		'disableNodes'	=> array(), //当前用户没有权限的资源id集
	 * );
	 */
	public function getResourceTreeNew($open = true) {
		$objKifResourceManage = new KifResourceManage();
		
		$resource = $disableTreeIds = array();
		
		$resources = $objKifResourceManage->getsAll('create_time asc');
		foreach ($resources as $tmpResource) {
			$tree_id = $tmpResource['id'];
			$parent_id = $tmpResource['parent_id'];
			$isParent = $tmpResource['is_end'] ? false : true;
			//$open = $parent_id ? false : true;
			$chkDisabled = $parent_id ? false : true;
			
			$resource[] = array( //app节点
				'id'	=> $tree_id,
				'pId'	=> $parent_id,
				'name'	=> $tmpResource['name'],
				'isParent'	=> $isParent,
				'open'	=> $open,
				'chkDisabled'	=> $chkDisabled,
			);
			
			if (!$this->checkLoginUserCpt($tmpResource['app_name'], $tmpResource['control_name'], $tmpResource['action_name'])) {
				$disableTreeIds[] = $tree_id;
			}
		}
		
		return array(
			'resource' => $resource, //资源树
			'disableTreeIds' => $disableTreeIds, //当前用户没有权限操作的节点
		);
	}
	
	/**
	 * 检查当前登陆对指定资源是否有权限
	 * @param string $app_name
	 * @param string $control_name
	 * @param string $action_name
	 * @return boolean
	 */
	public function checkLoginUserCpt($app_name, $control_name, $action_name) {
		# 超级管理员啥权限都有
		if (self::isSuperadmin()) {
			return true;
		}
		
		# 获取当前用户所有权限
		$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
		$objKifUsergroupPermission = new \Cas\Dao\KifUsergroupPermission();
		
		$groupids = $objKifUsergroupRelation->getsGroupids(\KIf\Core\BKController::getUid());
		$groupCompetences = $objKifUsergroupPermission->getsCompetencesByGroupids($groupids);
		
		foreach ($groupCompetences as $tmpCpt) {
			$tmpAppName = $tmpCpt['app_name'];
			$tmpControlName = $tmpCpt['control_name'];
			$tmpActionName = $tmpCpt['action_name'];
			
			# 对action拥有权限
			if ($tmpAppName && $tmpControlName && $tmpActionName) {
				if ($tmpAppName == $app_name && $tmpControlName == $control_name && $tmpActionName == $action_name) {
					return true;
				}
			}
			
			# 对control拥有权限
			if ($tmpAppName && $tmpControlName && $tmpActionName == '') {
				if ($tmpAppName == $app_name && $tmpControlName == $control_name) {
					return true;
				}
			}
			
			# 对app拥有权限
			if ($tmpAppName && $tmpControlName == '' && $tmpActionName == '') {
				if ($tmpAppName == $app_name) {
					return true;
				}
			}
		}
		
		return false;
	}
	
	/** 
     * 通过用户名查询用户信息
     * @param string $username
     * @return array
     */
    public function getUserByUsername($username) {
        if (!$username) {
            return array();
        }   
    
        $member = array();
    
		$objBackUser = new BackUser();
		$member = $objBackUser->fetchOne(array('name' => $username));
		if ($member) {
			$member['username'] = $member['name'];
		}  
    
        return $member;
    }
	
	/**
	 * 通过用户id获取用户信息
	 * @param int $uid
	 * @return array
	 */
	public function getUserByUid($uid) {
		$members = $this->getsUserByUids(array($uid));
		if (!$members) {
			return array();
		}
		
		return array_pop($members);
	}
	
	/**
     * 批量获取用户信息
     * @param array $uids
     * @return multitype:|array
     */
    public function getsUserByUids($uids) {
        if (!$uids) {
            return array();
        }

        $members = array();

            $objBackUser = new BackUser();
            $members = $objBackUser->findBy(array('uid' => $uids), 'uid');
            foreach ($members as $tmpkey => $tmpval) {
                $members[$tmpkey]['username'] = $tmpval['name'];
            }

        return $members;
    }
	
	/**
	 * 当前用户是否超级管理员
	 * @return boolean
	 */
	static public function isSuperadmin() {
		
		$objBackUser = new BackUser();
		$user = $objBackUser->get(\KIF\Core\BKController::getUid());
		if ($user['permission'] == 'admin') {
			return true;
		}
		
		return false;
	}
	
	/**
	 * 获取超级管理员uid集
	 * @return array
	 */
	static public function getSuperadminUids() {
		$config = Config::getInstance()->current();
		return isset($config['superadmin']) ? $config['superadmin'] : array();
	}
	
	/**
	 * 获取指定用户所属组
	 * @param  $uid
	 */
	public function getsGroupidsByUid($uid) {
		if (!Verify::unsignedInt($uid)) {
			return array();
		}
		
		$objKifUsergroupRelation = new \Cas\Dao\KifUsergroupRelation();
		$result = $objKifUsergroupRelation->findBy(array('uid' => $uid), null, null, 'groupid', 'id asc');
		if (!$result) {
			return array();
		}
		
		$groupids = array();
		foreach ($result as $tmpval) {
			$groupids[] = $tmpval['groupid'];
		}
		
		return array_unique($groupids);
	}
	
	/**
	 * 获取指定用户可管理的用户组
	 * @param int $uid
	 */
	public function allowsMangeGroupids($uid) {
		# 如果是登陆用户是超管，返回所有用户组
		if (in_array($uid, self::getSuperadminUids())) {
			$objKifUsergroup = new \Cas\Dao\KifUsergroup();
			return $objKifUsergroup->getsIdsAll('id asc');
		}
		
		$groupids = $this->getsGroupidsByUid($uid);
		
		# 可管理的组
		$manageGroupids = array();
		$objKifUsergroupManage = new \Cas\Dao\KifUsergroupManage();
		$usergroupManages = $objKifUsergroupManage->findBy(array('groupid' => $groupids));
		foreach ($usergroupManages as $tmpManage) {
			$manageGroupids[] = $tmpManage['rid'];
		}
		
		return array_unique(array_merge($groupids, $manageGroupids));
	}
}