/** * 角色权限管理 * * @param $f3 */ public function Privilege($f3) { // 权限检查 $this->requirePrivilege('manage_account_role_privilege_get'); global $smarty; // 参数验证 $validator = new Validator($f3->get('GET')); $meta_id = $validator->required()->digits()->min(1)->validate('meta_id'); if (!$this->validate($validator)) { goto out_fail; } // 查询角色信息 $metaRoleService = new MetaRoleService(); $role = $metaRoleService->loadRoleById($meta_id); if ($role->isEmpty()) { // 不存在的角色 $this->addFlashMessage('角色不存在'); goto out_fail; } if (!Request::isRequestPost()) { // 没有 post ,只是普通的显示 goto out_display; } // 权限检查 $this->requirePrivilege('manage_account_role_privilege_post'); $action_list_str = ''; $actionCodeArray = $f3->get('POST[action_code]'); if (empty($actionCodeArray)) { // 清空了所有权限 $action_list_str = ''; goto update_privilege; } // 清除掉 privilegeAll,角色不能设置最高权限 while ($actionCodeArrayIndex = array_search(AdminUserService::privilegeAll, $actionCodeArray)) { unset($actionCodeArray[$actionCodeArrayIndex]); } // 生成权限字符串 $action_list_str = implode(',', $actionCodeArray); update_privilege: $role->meta_data = $action_list_str; $role->save(); $this->addFlashMessage('角色权限保存成功'); out_display: $smarty->assign($role->toArray()); // 取得权限显示列表 $metaPrivilegeService = new MetaPrivilegeService(); $smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray()); $smarty->display('account_role_privilege.tpl'); return; // 正常从这里返回 out_fail: // 失败,返回角色列表 RouteHelper::reRoute($this, '/Account/Role/ListRole'); }
/** * 管理员权限管理 * * @param $f3 */ public function Privilege($f3) { // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_get'); global $smarty; // 参数验证 $validator = new Validator($f3->get('GET')); $user_id = $validator->required()->digits()->min(1)->validate('user_id'); if (!$this->validate($validator)) { goto out_fail; } // 查询管理员信息 $adminUserService = new AdminUserService(); $adminUser = $adminUserService->loadAdminById($user_id); if ($adminUser->isEmpty()) { // 不存在的管理员 $this->addFlashMessage('管理员不存在'); goto out_fail; } else { if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) { // 拥有最高权限的管理员只有他自己能编辑自己 $authAdminUser = AuthHelper::getAuthUser(); if ($authAdminUser['user_id'] != $adminUser['user_id']) { $this->addFlashMessage('超级管理员只有他自己能操作自己的信息'); RouteHelper::reRoute($this, '/Account/Admin/ListUser'); } } } if (!Request::isRequestPost()) { // 没有 post ,只是普通的显示 goto out_display; } // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_post'); $action_list_str = ''; $actionCodeArray = $f3->get('POST[action_code]'); if (empty($actionCodeArray)) { // 清空了所有权限 $action_list_str = ''; goto update_privilege; } if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) { // 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll $this->requirePrivilege(AdminUserService::privilegeAll); // 用户有所有的权限 $action_list_str = AdminUserService::privilegeAll; goto update_privilege; } // 生成权限字符串 $action_list_str = implode(',', $actionCodeArray); update_privilege: $adminUser->role_id = $f3->get('POST[role_id]'); $adminUser->action_list = $action_list_str; $adminUser->save(); $this->addFlashMessage('管理员权限保存成功'); out_display: $smarty->assign($adminUser->toArray()); // 取得权限显示列表 $metaPrivilegeService = new MetaPrivilegeService(); $smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray()); $smarty->display('account_admin_privilege.tpl'); return; // 正常从这里返回 out_fail: // 失败,返回管理员列表 RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true)); }