/** * (false|int) actionDelete : 根据unitcode删除单位或部门 * @return false|int * @throws NotFoundHttpException * @throws \Exception */ public function actionDelete() { try { $user_id = Yii::$app->user->identity->id; $unitcode = Yii::$app->request->post('unitcode'); $unit = $this->findModel($unitcode); if (MapUnit::getUserPower($user_id, $unitcode) != MapUnit::USER_POWER_ALLOW) { return '权限不足'; } return $unit->delete(); } catch (\Exception $e) { return 'StaleObject'; } }
/** * (void) validateAttribute : 校验当前用户是否取得单位编码的完全访问权限 * @param \yii\base\Model $model * @param string $attribute */ public function validateAttribute($model, $attribute) { /** @var integer $user_id 当前用户ID */ $user_id = Yii::$app->user->identity->id; /** @var string $unitcode 校验单位编码 */ $unitcode = $model->{$attribute}; switch ($attribute) { case 'unitcode': //修改 if (Unit::findOne(['unitcode' => $unitcode]) && MapUnit::getUserPower($user_id, $unitcode) != MapUnit::USER_POWER_ALLOW) { $this->addError($model, $attribute, '你没有单位(部门)『' . $unitcode . '』的『完全访问』权限.'); } break; case 'upunitcode': //新增 if (!Unit::findOne(['upunitcode' => $unitcode]) && MapUnit::getUserPower($user_id, $unitcode) < MapUnit::USER_POWER_VIEW_DEPT) { $this->addError($model, $attribute, '你没有单位(部门)『' . $unitcode . '』的『完全访问』权限.'); } break; } }
/** * (返回更新的记录数) userPowerUpdate : * @param $currentUID integer 当前登录的用户ID * @param $setUID integer 需要设置单位权限的用户ID * @param $permission integer 单位权限级别 * @param $unitcode string 单位编码 * @param int $type 更新类型 * @return 返回更新的记录数 * @throws \yii\db\Exception */ private function userPowerUpdate($currentUID, $setUID, $permission, $unitcode, $type = self::UPDATE_SELF) { /** @var $result 返回更新的记录数*/ $result = 0; /** @var $adminRole string 在Preferences中配置,classmark:sSystem */ $adminRole = Preferences::get('sSystem', 'adminRole'); //超级管理员 /** @var $role \yii\rbac\Role[] 当前用户角色数组*/ $role = Yii::$app->authManager->getRolesByUser(Yii::$app->user->identity->id); /** @var $is_admin boolean 是否为超级管理员*/ $is_admin = array_key_exists($adminRole, $role); $unitlist = $unitcode; switch ($type) { case self::UPDATE_CHILDLIST: $unitlist = Unit::getChildList($unitcode); break; case self::UPDATE_PARENTLIST: $unitlist = Unit::getParentList($unitcode); break; } $SQL = "REPLACE INTO `map_unit`(`user_id`, `unitcode`, `user_power`) " . " SELECT {$setUID}, cur_mu.unitcode, CASE WHEN cur_mu.user_power >= :user_power THEN :user_power ELSE cur_mu.user_power END FROM " . " (SELECT unitcode, user_power FROM `map_unit` WHERE `user_id` = :currentUID AND FIND_IN_SET(unitcode,:unitlist)) cur_mu " . " LEFT JOIN (SELECT unitcode, user_power FROM `map_unit` WHERE `user_id` = :setUID ) set_mu ON (cur_mu.unitcode = set_mu.unitcode) " . " WHERE (set_mu.user_power <= cur_mu.user_power and set_mu.user_power <> :user_power or set_mu.user_power IS NULL)"; //超级管理员 if ($is_admin) { $SQL = "REPLACE INTO `map_unit`(`user_id`, `unitcode`, `user_power`) " . " SELECT {$setUID}, u.unitcode, {$permission} FROM " . " (SELECT unitcode FROM `unit` WHERE FIND_IN_SET(unitcode,:unitlist)) u " . " LEFT JOIN (SELECT unitcode, user_power FROM `map_unit` WHERE `user_id` = :setUID ) set_mu ON (u.unitcode = set_mu.unitcode) " . " WHERE :currentUID > 0 and (set_mu.user_power <> :user_power or set_mu.user_power IS NULL)"; } $result = Yii::$app->db->createCommand($SQL)->bindValues([':currentUID' => $currentUID, ':user_power' => $permission, ':unitlist' => $unitlist, ':setUID' => $setUID])->execute(); if ($permission == MapUnit::USER_POWER_DENY) { //清除禁止访问的 MapUnit::deleteAll(['user_power' => MapUnit::USER_POWER_DENY]); } return $result; }
/** * @return \yii\db\ActiveQuery */ public function getMapUnits() { return $this->hasMany(MapUnit::className(), ['unitcode' => 'unitcode']); }