protected function _initialize()
{
C(array("USER_AUTH_ON" => true, "USER_AUTH_TYPE" => 1, "REQUIRE_AUTH_MODULE" => "", "NOT_AUTH_MODULE" => "Public,Login", "USER_AUTH_GATEWAY" => U("/Admins/Login")));
if (false == RBAC::AccessDecision(MODULE_NAME)) {
//检查是否登录
if (false === RBAC::checkLogin()) {
//跳转到登录界面
redirect(C('USER_AUTH_GATEWAY'));
}
//没有操作权限
$this->error('您没有操作此项的权限!');
}
parent::_initialize();
//验证登录
$this->competence();
}
public static function AccessDecision($appName = MODULE_NAME)
{
//检查是否需要认证
if (RBAC::checkAccess()) {
//存在认证识别号,则进行进一步的访问决策
$accessGuid = md5($appName . CONTROLLER_NAME . ACTION_NAME);
//判断是否超级管理员,是无需进行权限认证
if (Admin::getInstance()->isAdministrator() !== true) {
//认证类型 1 登录认证 2 实时认证
if (C('USER_AUTH_TYPE') == 2) {
//加强验证和即时验证模式 更加安全 后台权限修改可以即时生效
//通过数据库进行访问检查
$accessList = RBAC::getAccessList(Admin::getInstance()->id);
} else {
// 如果是管理员或者当前操作已经认证过,无需再次认证
if (session($accessGuid)) {
return true;
}
//登录验证模式,登录后保存的可访问权限列表
$accessList = session("_ACCESS_LIST");
}
//判断是否为组件化模式,如果是,验证其全模块名
$controller = defined('P_CONTROLLER_NAME') ? P_CONTROLLER_NAME : CONTROLLER_NAME;
if (!isset($accessList[strtoupper($appName)][strtoupper($controller)][strtoupper(ACTION_NAME)])) {
//验证登录
if (self::checkLogin() == true) {
//做例外处理,只要有管理员帐号,都有该项权限
if ($appName == "Admins" && in_array(CONTROLLER_NAME, array("Index", "Main")) && in_array(ACTION_NAME, array("index"))) {
session($accessGuid, true);
return true;
}
//如果是public_开头的验证通过。
if (substr(ACTION_NAME, 0, 7) == 'public_') {
session($accessGuid, true);
return true;
}
//内容模块特殊处理
if ($appName == 'Home' && CONTROLLER_NAME == 'Home') {
session($accessGuid, true);
return true;
}
}
session($accessGuid, false);
return false;
} else {
session($accessGuid, true);
}
} else {
//超级管理员直接验证通过,且检查是否登录
if (self::checkLogin()) {
return true;
}
return false;
}
}
return true;
}
<?php
if (!defined('SHUIPF_VERSION')) {
exit;
}
?>
<Admintemplate file="Common/Head"/>
<body class="J_scroll_fixed">
<div class="wrap J_check_wrap">
<div class="nav">
<ul class="cc">
<li><a href="{:U('Style/index')}">模板管理</a></li>
<?php
if (\Libs\System\RBAC::authenticate('add')) {
?>
<li><a href="{:U("Template/Style/add",array("dir"=>urlencode(str_replace('/','-',$dir)) ))}">在此目录下添加模板</a></li>
<?php
}
?>
</ul>
</div>
<div class="h_a">模板编辑</div>
<form name="myform" id="myform" action="{:U("Template/Style/edit")}" method="post">
<input type="hidden" name="dir" value="{$dir}"/>
<input type="hidden" name="file" value="{$file}"/>
<div class="table_full">
<table cellpadding="0" cellspacing="0" class="table_form" width="100%">
<tbody>
<tr>
<th width="120">文件名称</th>
<td><input type="text" class="input" validate="required:true, minlength:2, maxlength:30" value="{$file}" readonly></td>
<font color="#FF0000">无限制</font>
<else />
多模型
</if>
</td>
<td align="center">
<?php
$op = array();
if (\Libs\System\RBAC::authenticate('item')) {
$op[] = '<a href="' . U('Position/item', array('posid' => $vo['posid'])) . '">信息管理</a>';
}
if (\Libs\System\RBAC::authenticate('rebuilding')) {
$op[] = '<a href="' . U('Position/rebuilding', array('posid' => $vo['posid'])) . '">数据重建</a>';
}
if (\Libs\System\RBAC::authenticate('edit')) {
$op[] = '<a href="' . U('Position/edit', array('posid' => $vo['posid'])) . '">修改</a>';
}
if (\Libs\System\RBAC::authenticate('delete')) {
$op[] = '<a class="J_ajax_del" href="' . U('Position/delete', array('posid' => $vo['posid'])) . '">删除</a>';
}
echo implode(" | ", $op);
?>
</tr>
</volist>
</tbody>
</table>
</div>
</div>
<script src="{$config_siteurl}statics/js/common.js?v"></script>
</body>
</html>
public function public_delthumbs()
{
//检查是否有删除附件权限
if (\Libs\System\RBAC::authenticate('Attachment/Atadmin/delete') == false) {
exit('您没有附件删除权限!');
}
$filepath = urldecode(I('get.filepath', '', ''));
$reslut = @unlink($filepath);
if ($reslut) {
exit('1');
}
exit('附件删除失败!');
}
</table>
</div>
<script type="text/javascript">
//全局变量
var GV = {
DIMAUB: "__ROOT__/",
JS_ROOT: "__JS__/"
};
</script>
<script src="__JS__/wind.js"></script>
<script src="__JS__/jquery.min.js"></script>
<script src="__JS__/common.js"></script>
<literal>
<script>
<?php
if (\Libs\System\RBAC::authenticate('Admins/Index/cache')) {
?>
$("#deletecache").on('click',function(e){
e.preventDefault();
e.stopPropagation();
iframeJudge({
elem: $(this),
href: "<?php
echo U('Index/cache');
?>
",
id: "deletecache"
});
});
<?php
}
</tr>
</thead>
<tbody>
<volist name="data" id="vo">
<tr>
<td align="left"><input type="checkbox" name="items[]" value="{$vo.id}-{$vo.modelid}" class="J_check" data-yid="J_check_y" data-xid="J_check_x"></td>
<td align="left"><input name='listorders[{$vo.catid}-{$vo.id}]' type='text' size='3' value='{$vo.listorder}' class="input"></td>
<td align="left">{$vo.id}</td>
<td align="left">{$vo.data.title} </td>
<td align="center">{:getCategory($vo['catid'],'catname')}</td>
<td align="center">{$vo.data.inputtime|date="Y-m-d H:i:s",###}</td>
<td align="center">
<a href="{$vo.data.url}" target="_blank">原文</a> |
<a onClick="javascript:openwinx('{:U("Content/edit",array("catid"=>$vo['catid'],"id"=>$vo['id'] ))}','')" href="javascript:;">原文编辑</a>
<?php
if (\Libs\System\RBAC::authenticate('item_manage')) {
?>
| <a href="javascript:item_manage({$vo.id},{$vo.posid}, {$vo.modelid},'{$vo.data.title}')">信息管理</a>
<?php
}
?>
</td>
</tr>
</volist>
</tbody>
</table>
<div class="p10">
<div class="pages"> {$Page} </div>
</div>
</div>
<div class="">
if (\Libs\System\RBAC::authenticate('createhtml')) {
$op[] = '<a href="' . U("Custompage/createhtml", array('tempid' => $vo['tempid'])) . '">更新</a>';
}
echo implode(' | ', $op);
?>
</td>
</tr>
</volist>
</tbody>
</table>
<div class="p10">
<div class="pages"> {$Page} </div>
</div>
</div>
<div class="btn_wrap">
<div class="btn_wrap_pd">
<label class="mr20"><input type="checkbox" class="J_check_all" data-direction="y" data-checklist="J_check_y">全选</label>
<?php
if (\Libs\System\RBAC::authenticate('createhtml')) {
?>
<button class="btn btn_submit mr10 J_ajax_submit_btn" type="submit">生成自定义页面</button>
<?php
}
?>
</div>
</div>
</form>
</div>
<script src="{$config_siteurl}statics/js/common.js"></script>
</body>
</html>
if (\Libs\System\RBAC::authenticate('generate')) {
$op[] = '<a href="' . U("Customlist/generate", array('id' => $vo['id'])) . '">更新</a>';
}
echo implode(' | ', $op);
?>
</td>
</tr>
</volist>
</tbody>
</table>
<div class="p10">
<div class="pages"> {$Page} </div>
</div>
</div>
<div class="btn_wrap">
<div class="btn_wrap_pd">
<label class="mr20"><input type="checkbox" class="J_check_all" data-direction="y" data-checklist="J_check_y">全选</label>
<?php
if (\Libs\System\RBAC::authenticate('generate')) {
?>
<button class="btn btn_submit mr10 J_ajax_submit_btn" type="submit">生成列表</button>
<?php
}
?>
</div>
</div>
</form>
</div>
<script src="{$config_siteurl}statics/js/common.js"></script>
</body>
</html>
public function public_step_3()
{
if (\Libs\System\RBAC::authenticate('install') !== true) {
$this->errors('您没有该项权限!');
}
$module = I('get.module');
S('Cloud', NULL);
if ($this->Module->install($module)) {
ShuipFCMS()->Dir->delDir(APP_PATH . "{$module}/Install/");
$this->success('模块安装成功!');
} else {
$error = $this->Module->error;
//删除目录
ShuipFCMS()->Dir->delDir(APP_PATH . $module);
$this->error($error ? $error : '模块安装失败!');
}
}
/**
* 注册用户登录状态
* @param array $userInfo 用户信息
*/
private function registerLogin(array $userInfo)
{
//写入session
session(self::userUidKey, \Libs\Util\Encrypt::authcode((int) $userInfo['id'], ''));
//更新状态
D('Admin/User')->loginStatus((int) $userInfo['id']);
//注册权限
\Libs\System\RBAC::saveAccessList((int) $userInfo['id']);
}
$operate[] = '<a href="' . U("edit", array("modelid" => $vo['modelid'])) . '">修改</a>';
}
if (\Libs\System\RBAC::authenticate('Field/index')) {
$operate[] = '<a href="' . U("Field/index", array("modelid" => $vo['modelid'])) . '">字段管理</a>';
}
if (\Libs\System\RBAC::authenticate('disabled')) {
if ($vo['disabled'] == 0) {
$operate[] = '<a href="' . U("disabled", array("modelid" => $vo['modelid'], "disabled" => 0)) . '">禁用</a>';
} else {
$operate[] = '<a href="' . U("disabled", array("modelid" => $vo['modelid'], "disabled" => 1)) . '"><font color="#FF0000">启用</font></a>';
}
}
if (\Libs\System\RBAC::authenticate('delete')) {
$operate[] = '<a class="J_ajax_del" href="' . U("delete", array("modelid" => $vo['modelid'])) . '">删除</a>';
}
if (\Libs\System\RBAC::authenticate('export')) {
$operate[] = '<a href="' . U("export", array("modelid" => $vo['modelid'])) . '">导出模型</a>';
}
echo implode(' | ', $operate);
?>
</td>
</tr>
</volist>
</tbody>
</table>
</div>
</div>
<script src="{$config_siteurl}statics/js/common.js?v"></script>
<script type="text/javascript">
</script>
public function public_upgrade_3()
{
if (\Libs\System\RBAC::authenticate('upgrade') !== true) {
$this->errors('您没有该项权限!');
}
$name = I('get.name');
S('Cloud', NULL);
if (D('Addons/Addons')->upgradeAddon($name)) {
ShuipFCMS()->Dir->delDir(PROJECT_PATH . "Addon/{$name}/Upgrade/");
$this->success('插件升级成功!');
} else {
$error = $this->Module->error;
$this->error($error ? $error : '插件升级失败!');
}
}
