/** * 获取最新增加的文件 * * @return Array */ public function getRecently() { $userid = Session::get(USER_AUTH_KEY); if (!$userid) { return false; } $listDao = null; $whereStr = ""; if (Session::is_setLocal('administrator')) { $listDao = new View_objectsDao(); $whereStr = "object_type = 2"; } else { $groups = Session::get('_USER_GROUPS'); if ($groups) { $groupStr = implode(',', $groups); } else { $groupStr = 0; } $roles = Session::get('_USER_ROLES'); if ($roles) { $roleStr = implode(',', $roles); } else { $roleStr = 0; } $listDao = new View_objects_permDao(); $whereStr = "( (object_owner={$userid} or other_bitset >=1 or (owner_group in({$groupStr}) and group_bitset >= 1)) or "; $whereStr .= " ((userid = {$userid} or roleid in({$roleStr}) or groupid in({$groupStr})) and bitset >=1) ) and object_type =2"; } $vol = $listDao->findAllDistinct($whereStr, '', 'id,name,create_date,status', 'id DESC', '0,10'); if ($vol->isEmpty()) { return false; } $arr = $vol->toResultSet(); return $arr; }
/** * 检查用户是否可以读取Swf模块 * * @param string $modular ep:Email.inbox * @return bool */ public function checkSwfPermission($modular) { if ($this->checkNotAuthSwf($modular) && !$this->checkRequireAuthSwf($modular)) { return true; } if (!($uid = Session::get(USER_AUTH_KEY))) { return false; } if (Session::is_setLocal('administrator')) { return true; } if ("MDI.Desktop" == $modular) { return true; } $accessList = Session::get('_ACCESS_LIST'); if (!$accessList) { $accessList = UserPermissions::getGUIPermissions($uid); } if (array_key_exists($modular, $accessList)) { return true; } return false; }
static function AccessDecision() { //检查是否需要认证 if (RBAC::checkAccess()) { //检查认证识别号 if (!Session::is_set(C('USER_AUTH_KEY'))) { //跳转到认证网关 redirect(PHP_FILE . C('USER_AUTH_GATEWAY')); } //存在认证识别号,则进行进一步的访问决策 $accessGuid = md5(APP_NAME . MODULE_NAME . ACTION_NAME); if (!Session::is_setLocal('administrator')) { //管理员无需认证 if (C('USER_AUTH_TYPE') == 2) { //加强验证和即时验证模式 更加安全 后台权限修改可以即时生效 //通过数据库进行访问检查 $accessList = RBAC::getAccessList(); } else { // 如果是管理员或者当前操作已经认证过,无需再次认证 if (Session::is_set($accessGuid)) { return; } //登录验证模式,比较登录后保存的权限访问列表 $accessList = Session::get('_ACCESS_LIST'); } if (!isset($accessList[strtoupper(APP_NAME)][strtoupper(MODULE_NAME)][strtoupper(ACTION_NAME)])) { throw_exception(L('_VALID_ACCESS_')); } else { Session::set($accessGuid, true); } } } return true; }
/** * 获取查看目录的成员 * * @param int $parentid * @return Array * @return Boolean */ public function getViewObjects($parentid) { if (!Session::is_set(USER_AUTH_KEY)) { return false; } $listDao = null; $userid = Session::get(USER_AUTH_KEY); $whereStr = ""; if (Session::is_setLocal('administrator')) { $listDao = new View_objectsDao(); $whereStr = "parentid = {$parentid}"; } else { $groups = Session::get('_USER_GROUPS'); if ($groups) { $groupStr = implode(',', $groups); } else { $groupStr = 0; } $roles = Session::get('_USER_ROLES'); if ($roles) { $roleStr = implode(',', $roles); } else { $roleStr = 0; } $listDao = new View_objects_permDao(); $whereStr = "( (object_owner={$userid} or other_bitset >=1 or (owner_group in({$groupStr}) and group_bitset >= 1)) or "; $whereStr .= " ((userid = {$userid} or roleid in({$roleStr}) or groupid in({$groupStr})) and bitset >=1) ) and parentid = {$parentid}"; } $vol = $listDao->findAll($whereStr, '', '*', 'object_type,status_date'); if (!$vol->isEmpty()) { $result = $vol->toResultSet(); return $result; } else { return false; } }