/**
  * 修改权限
  *
  * @param \ORM_Admin_Member_Data $member
  * @throws Exception
  */
 protected function change_member_perm(\ORM_Admin_Member_Data $member)
 {
     if ($member->id > 0 && $member->id == $this->session()->member()) {
         throw new \Exception('系统不允许管理员操作自己的权限', -1);
     }
     # 不是自定义的权限,全部清理掉
     if ($_POST['zdy_perm'] != 1) {
         unset($_POST['perm_setting']);
     }
     if ($this->session()->member()->perm()->is_super_perm()) {
         # 超管
         if ($member->is_super_admin != $_POST['is_super_admin']) {
             $member->is_super_admin = $_POST['is_super_admin'] ? 1 : 0;
             if ($member->is_super_admin) {
                 # 标记为设置为超级管理员
                 $this->change_to_super_admin = true;
             }
         }
         $perm_setting = $_POST['perm_setting'];
         if (isset($member->setting['_group_admin'])) {
             unset($member->setting['_group_admin']);
         }
         if ($_POST['manage_groups']) {
             foreach ($_POST['manage_groups'] as $g => $setting) {
                 $gid = \substr($g, 1);
                 if ($setting['edit_group']) {
                     $member->setting['_group_admin']['can_edit_group'] = 1;
                 }
                 foreach ($setting as $k => $s) {
                     if ($s) {
                         $member->setting['_group_admin']['is_group_manager'] = 1;
                         break;
                     }
                 }
             }
         }
     } else {
         # 非超管处理
         if ($member->is_super_admin) {
             throw new \Exception('您不具备操作此管理员的权限', -1);
         }
         if ($_POST['is_super_admin']) {
             throw new \Exception('您不具备提升管理员为超管的权限', -1);
         }
         if ($member > 0) {
             # 旧组
             $old_groups = $member->groups()->ids();
             \asort($old_groups);
         } else {
             $old_groups = array();
         }
         # 新组
         $new_groups = $_POST['group_ids'] ? (array) $_POST['group_ids'] : array();
         \asort($new_groups);
         # 添加的权限
         $new_diff_group = \array_diff($new_groups, $old_groups);
         # 删除掉的权限
         $del_diff_group = \array_diff($old_groups, $new_groups);
         # 差别的权限
         $diff_group = \array_merge($new_diff_group, $del_diff_group);
         # 当前用户的组权限设置
         $my_groups_setting = $this->session()->member()->groups_setting();
         $my_groups = $this->session()->member()->groups()->ids();
         \asort($my_groups);
         if (\array_diff($old_groups, $my_groups)) {
             throw new \Exception('您不在此用户某个权限组中,所以您不能对此用户进行操作', -1);
         }
         if (\array_diff($new_groups, $my_groups)) {
             throw new \Exception('您为此用户设定的新权限组不在您的权限范围内', -1);
         }
         if (!$this->check_auth_for_perm($member)) {
             if (!$new_groups) {
                 if ($old_groups) {
                     foreach ($old_groups as $gid) {
                         if (!($my_groups_setting[$gid]['del_user'] == 1 || $my_groups_setting[$gid]['remove_user'] == 1)) {
                             throw new \Exception('您不具备当前组相应权限', -1);
                         }
                     }
                 } else {
                     throw new \Exception($member->id > 0 ? '您不具备相应权限' : '创建新成员时必须选择一个组', -1);
                 }
             } else {
                 foreach ($new_groups as $gid) {
                     if ($member->id) {
                         if ($my_groups_setting[$gid]['edit_users'] != 1) {
                             throw new \Exception('您不具备当前组相应权限', -1);
                         }
                     } else {
                         if ($my_groups_setting[$gid]['add_user'] != 1) {
                             throw new \Exception('您不具备当前组相应权限', -1);
                         }
                     }
                 }
             }
         }
         if ($new_diff_group) {
             foreach ($new_diff_group as $gourp_id) {
                 # 将用户添加相应的组
                 if ($my_groups_setting[$gourp_id]['add_user'] != 1) {
                     throw new \Exception('您不具备添加当前组成员的权限', -1);
                 }
             }
         }
         if ($del_diff_group) {
             foreach ($del_diff_group as $gourp_id) {
                 # 将用户从此组移除/删除
                 if (!($my_groups_setting[$gourp_id]['del_user'] == 1 || $my_groups_setting[$gourp_id]['remove_user'] == 1)) {
                     throw new \Exception('您不具备移除当前组成员的权限', -1);
                 }
             }
         }
         if ($diff_group) {
             # 标志为修改组
             $this->is_change_group = true;
             # 新旧管理组不一样
             $orm_group = new \ORM_Admin_MemberGroup_Finder();
             $groups = $orm_group->in('id', $new_groups)->find(null, true);
             $new_group_perm_setting = array();
             foreach ($groups as $item) {
                 # 合并权限
                 $new_group_perm_setting = \Arr::merge($new_group_perm_setting, $item->perm_setting);
             }
             # 修改权限组需要验证一下新权限
             \Controller_Administrator::check_perm_data($new_group_perm_setting);
         }
         if ($_POST['perm_setting'] && \is_array($_POST['perm_setting'])) {
             # 检查提交的额外权限
             $perm_setting = \Controller_Administrator::check_perm_data($_POST['perm_setting']);
         }
         if (isset($member->setting['_group_admin'])) {
             unset($member->setting['_group_admin']);
         }
         if ($_POST['manage_groups']) {
             foreach ($_POST['manage_groups'] as $g => $setting) {
                 /*
                     $_POST['manage_groups'] = array(
                         'g1' => array(...),
                         'g2' => array(...),
                     );
                 */
                 # 需要截取掉g
                 $gid = \substr($g, 1);
                 if ($setting['edit_group'] == 1) {
                     $member->setting['_group_admin']['can_edit_group'] = 1;
                 }
                 foreach ($setting as $k => $s) {
                     if ($s) {
                         $member->setting['_group_admin']['is_group_manager'] = 1;
                         if ($my_groups_setting[$gid][$k] != 1) {
                             throw new \Exception('设定的组权限超出您的组权限', -1);
                         }
                     }
                 }
             }
         }
     }
     # 设置数据
     $member->perm_setting = $perm_setting ? $perm_setting : null;
 }
Esempio n. 2
0
 /**
  * 保存数据
  *
  * @param \ORM_Admin_MemberGroup_Data $group
  */
 protected function save(\ORM_Admin_MemberGroup_Data $group)
 {
     if (isset($_POST['group_name']) && $this->check_auth_for_info($group)) {
         if (empty($_POST['group_name'])) {
             $this->show_message('权限组名称不能空', 0);
         }
         if (\strlen($_POST['group_desc']) > 1000) {
             $this->show_message('权限组说明太长了,限定1000个字符', 0);
         }
         $group->group_name = $_POST['group_name'];
         $group->group_desc = $_POST['group_desc'];
         $group->sort = (int) $_POST['sort'];
         # 群设置
         if (isset($_POST['setting']['menu_config']) && !$this->session()->member()->perm()->is_own('administrator.edit_menu_config')) {
             # 若不具备菜单管理权限,则清除此配置
             unset($_POST['setting']['menu_config']);
         }
         $data = (array) $group->setting;
         if (\is_array($_POST['setting'])) {
             foreach ($_POST['setting'] as $k => $v) {
                 $data[$k] = $v;
             }
         }
         $group->setting = $data;
     }
     # 处理权限
     if (isset($_POST['perm_setting']) && \is_array($_POST['perm_setting']) && $this->check_auth_for_perm($group)) {
         try {
             $perm_setting = \Controller_Administrator::check_perm_data($_POST['perm_setting']);
         } catch (\Exception $e) {
             $this->show_message($e->getMessage(), $e->getCode());
         }
         # 设置数据
         $group->perm_setting = $perm_setting;
     }
     try {
         if ($group->id) {
             $s = $group->update();
         } else {
             # 指定项目
             $group->project = \Core::$project;
             $s = $group->insert();
         }
         if ($s) {
             $this->show_message('保存成功', 1);
         } else {
             $this->show_message('未保存任何数据');
         }
     } catch (\Exception $e) {
         \Core::debug()->error($e->getMessage());
         $this->show_message('保存失败,请重试', -1);
     }
 }