/**
* 管理员权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$user_id = $validator->required()->digits()->min(1)->validate('user_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询管理员信息
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($user_id);
if ($adminUser->isEmpty()) {
// 不存在的管理员
$this->addFlashMessage('管理员不存在');
goto out_fail;
} else {
if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) {
// 拥有最高权限的管理员只有他自己能编辑自己
$authAdminUser = AuthHelper::getAuthUser();
if ($authAdminUser['user_id'] != $adminUser['user_id']) {
$this->addFlashMessage('超级管理员只有他自己能操作自己的信息');
RouteHelper::reRoute($this, '/Account/Admin/ListUser');
}
}
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) {
// 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll
$this->requirePrivilege(AdminUserService::privilegeAll);
// 用户有所有的权限
$action_list_str = AdminUserService::privilegeAll;
goto update_privilege;
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$adminUser->role_id = $f3->get('POST[role_id]');
$adminUser->action_list = $action_list_str;
$adminUser->save();
$this->addFlashMessage('管理员权限保存成功');
out_display:
$smarty->assign($adminUser->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_admin_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回管理员列表
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true));
}
/**
* 角色权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_role_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$meta_id = $validator->required()->digits()->min(1)->validate('meta_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询角色信息
$metaRoleService = new MetaRoleService();
$role = $metaRoleService->loadRoleById($meta_id);
if ($role->isEmpty()) {
// 不存在的角色
$this->addFlashMessage('角色不存在');
goto out_fail;
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_role_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
// 清除掉 privilegeAll,角色不能设置最高权限
while ($actionCodeArrayIndex = array_search(AdminUserService::privilegeAll, $actionCodeArray)) {
unset($actionCodeArray[$actionCodeArrayIndex]);
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$role->meta_data = $action_list_str;
$role->save();
$this->addFlashMessage('角色权限保存成功');
out_display:
$smarty->assign($role->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_role_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回角色列表
RouteHelper::reRoute($this, '/Account/Role/ListRole');
}
/**
* 订单商品评价
*
* @param $f3
*/
public function GoodsComment($f3)
{
global $smarty;
$errorMessage = '';
// 参数验证
$validator = new Validator($f3->get('GET'));
$rec_id = $validator->required()->digits()->min(1)->validate('rec_id');
if (!$this->validate($validator)) {
$errorMessage = '订单ID非法';
goto out_fail;
}
$orderBasicService = new OrderBasicService();
// 查询 order_goods
$orderGoods = $orderBasicService->loadOrderGoodsById($rec_id, 10);
// 缓存 10 秒钟
if ($orderGoods->isEmpty()) {
$errorMessage = '订单ID非法';
goto out_fail;
}
// 查询 order_info
$orderInfo = $orderBasicService->loadOrderInfoById($orderGoods['order_id'], 10);
// 缓存 10 秒钟
// 权限检查,用户只能查看自己的订单
$userInfo = AuthHelper::getAuthUser();
if ($orderInfo->isEmpty() || $userInfo['user_id'] != $orderInfo['user_id'] || !$this->verifyOrderSystem($orderInfo)) {
$errorMessage = '订单ID非法';
goto out_fail;
}
// 加载订单评论
$goodsCommentService = new GoodsCommentService();
$goodsComment = $goodsCommentService->loadGoodsCommentByOrderGoodsRecId($rec_id, 1);
// 缓存1秒
if ($goodsComment->isEmpty() || $goodsComment['user_id'] != $userInfo['user_id']) {
$errorMessage = '无法评论此订单';
goto out_fail;
}
// post 请求
if (Request::isRequestPost()) {
goto do_post;
}
// 赋值评论信息
$smarty->assign('goodsComment', $goodsComment->toArray());
out_fail:
// GET 从这里退出
$smarty->assign('errorMessage', $errorMessage);
$smarty->display('my_order_goodscomment.tpl');
return;
do_post:
// 这里处理 post 请求
// 用户评论缺省不显示,需要等管理员审核通过才能显示
$goodsComment->is_show = 0;
$goodsComment->comment_time = Time::gmTime();
// 过滤用户提交的数据
unset($validator);
$validator = new Validator($f3->get('POST'));
$goodsComment->comment_rate = $validator->filter('ValidatorIntValue')->validate('comment_rate');
$goodsComment->comment = $validator->validate('comment');
$goodsComment->save();
$this->addFlashMessage('评论发表成功,请等待管理员审核通过才能显示');
// 回到前面的页面
RouteHelper::reRoute($this, RouteHelper::getRefer(), false);
}
