/**
* 判断当前用户是否有某个权限
*
* @param string $needPrivilege
*
* @return bool
*/
protected function hasPrivilege($needPrivilege)
{
$authAdminUser = AuthHelper::getAuthUser();
if (empty($authAdminUser)) {
goto out_fail;
}
// 检查权限
if (!AdminUserService::verifyPrivilege($needPrivilege, $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) {
goto out_fail;
}
return true;
out_fail:
return false;
}
/**
* 判断用户是否有某种权限
*
* @param $params
* @param $content
* @param Smarty_Internal_Template $template
* @param $repeat
*/
function smarty_helper_block_verify_privilege($params, $content, Smarty_Internal_Template $template, &$repeat)
{
if ($repeat) {
return '';
}
if (array_key_exists('privilege', $params) && !empty($params['privilege'])) {
$authAdminUser = AuthHelper::getAuthUser();
if (empty($authAdminUser)) {
return '';
}
// 检查权限
if (!AdminUserService::verifyPrivilege($params['privilege'], $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) {
return '';
}
return $content;
// 成功从这里返回
}
}
/**
* 管理员权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$user_id = $validator->required()->digits()->min(1)->validate('user_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询管理员信息
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($user_id);
if ($adminUser->isEmpty()) {
// 不存在的管理员
$this->addFlashMessage('管理员不存在');
goto out_fail;
} else {
if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) {
// 拥有最高权限的管理员只有他自己能编辑自己
$authAdminUser = AuthHelper::getAuthUser();
if ($authAdminUser['user_id'] != $adminUser['user_id']) {
$this->addFlashMessage('超级管理员只有他自己能操作自己的信息');
RouteHelper::reRoute($this, '/Account/Admin/ListUser');
}
}
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) {
// 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll
$this->requirePrivilege(AdminUserService::privilegeAll);
// 用户有所有的权限
$action_list_str = AdminUserService::privilegeAll;
goto update_privilege;
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$adminUser->role_id = $f3->get('POST[role_id]');
$adminUser->action_list = $action_list_str;
$adminUser->save();
$this->addFlashMessage('管理员权限保存成功');
out_display:
$smarty->assign($adminUser->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_admin_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回管理员列表
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true));
}
