/** * 检查用户权限 * @param Request_Abstract * @param Response_Abstract * @return [type] */ public function checkMemberPermission(Request_Abstract $request, Response_Abstract $response) { $config = Application::app()->getConfig()->get("roles")->toArray(); // 是否开启权限检查 if ($config and $config['permission'] == false) { return; } $rest = RegisterRest::initRegister(); // 获取当前路由 $this->current_key = $this->getSystemAction($request->getControllerName(), $request->getActionName(), $rest); // 如果路由不存在,跳转到默认路由位置。 // 必须在 RegisterRest 注册 route 才能获取访问权限 if (!$this->current_key) { $request->setControllerName('Index'); $request->setActionName('index'); return; } $check = explode(',', $config['check']); $member = explode(',', $config['member']); if ($this->current_key) { $members = MembersManage::instance(); $user = $members->getCurrentSession(); $controlName = explode('_', $this->current_key); $userpermission = isset($user['permission']) ? explode(',', $user['permission']) : array(); // 如果是超级管理员,不检查权限。 if ($user && $user['role_id'] == 1) { return; } if ($user) { // 检查普通用户的权限 if ($user and $user['role_id'] > 1 and !in_array($this->current_key, $userpermission)) { $request->setControllerName('Index'); $request->setActionName('index'); } } else { //获取匿名用户禁止路由权限 if (in_array($controlName[0], $check)) { $request->setControllerName('Index'); $request->setActionName('index'); } } } }
public function collectionCategoryPostAction($ccid = false) { $views = $this->getView(); $data = $this->getRequest(); $members = MembersManage::instance(); $app = $members->getCurrentSession(); if (!$app) { exit; } $collectionControl = new AdminCollectionManage(); $type = 'create'; $category = false; if ($ccid > 0) { $type = 'edit'; $category = $collectionControl->getCollectionCategoryForID($ccid); } $views->assign('title', '采集分类编辑'); $views->assign('category', $category); $views->assign('type', $type); $views->display('admin/collectioncategory/post-modal.html.twig'); }
public function lessonArticleImageAction($cid, $ccid, $action = 'upload') { $data = $this->getRequest(); $rest = Restful::instance(); $members = MembersManage::instance(); $app = $members->getCurrentSession(); if (!$app) { exit; } $image = new ImagesManage(); if ($action == 'upload' and $data->isPost()) { if ($filepath = $image->saveImagesCourseArticle($data->getFiles('file'), $cid, $ccid, $app['uid'], true, 1, true)) { $rest->assign('filelink', ImagesManage::getRelativeImage($filepath)); $rest->response(); } } elseif ($action == 'list') { $list = $image->getImagesCourseArticleForID($cid); if ($list) { $images = array(); foreach ($list as $key => $value) { $thumb = $value['thumb'] > 0 ? $image->getRealCoverSize($value['path'], 'small', 'jpg') : ''; $images[] = array('thumb' => $thumb, 'image' => ImagesManage::getRelativeImage($value['path']), 'title' => $value['filename'], 'folder' => $ccid); } echo stripslashes(json_encode($images)); exit; } } exit; }
public function logoutAction() { $views = $this->getView(); $data = $this->getRequest(); $members = MembersManage::instance(); if ($members->logout()) { header('Location: /'); } exit; }
public function linkAddAction($cid) { $views = $this->getView(); $rest = Restful::instance(); $data = $this->getRequest(); $members = MembersManage::instance(); $app = $members->getCurrentSession(); $courseControl = AdminCourseManage::instance(); $message = array('error' => '无法收集该链接内容', 'content' => ''); $success = 0; if (!$app) { $message['error'] = '没有权限'; } if ($data->isPost()) { $contents = $courseControl->addLinkToArticle($cid, $data->getPost('_link'), $data->getPost('_summary')); $owner = false; if (isset($app['uid']) and $app['uid']) { $course = $courseControl->getCourseRow(array('course.cid' => $contents['cid'], "course.verified" => 3, "course.published" => 4)); if ($course and $app['uid'] == $course['uid']) { $owner = true; } } $views->assign('owner', $owner); $views->assign('menu', $contents); $views->display("index/course/article-menu-li-modal.html.twig"); } $rest->assign('success', $success); $rest->assign('message', $message); $rest->response(); }