function hg_check_prms($user = array())
{
$complex = array();
if (!$user['slave_group']) {
return $complex;
}
$user_role_ids = explode(',', $user['slave_group']);
foreach ($user_role_ids as $role_id) {
if ($ret = read_role_prms_form_redis($role_id)) {
$complex[$role_id] = json_decode($ret, 1);
} else {
$role_prms_file = get_prms_cache_dir($role_id);
if (!file_exists($role_prms_file)) {
break;
}
$complex[$role_id] = (include $role_prms_file);
}
}
if (count($complex) == count($user_role_ids) && !DEBUG_MODE) {
return $complex;
}
return hg_update_role_prms($user['slave_group']);
}
public function update2()
{
//$data = json_decode(html_entity_decode($this->input['data']));
//$data = array();
//
$this->verify_content_prms(array('_action' => 'auth_user'));
$extend_prms = $this->input['extend'];
$extend_prms['set_weight_limit'] = intval($extend_prms['set_weight_limit']);
if ($extend_prms['set_weight_limit'] > 100) {
$extend_prms['set_weight_limit'] = 100;
}
if ($extend_prms['set_weight_limit'] < 0) {
$extend_prms['set_weight_limit'] = 0;
}
//$extend_prms['show_other_data'] = $extend_prms['show_other_data'] ? $extend_prms['show_other_data_org'] : 0;
//$extend_prms['manage_other_data'] = $extend_prms['manage_other_data'] ? $extend_prms['manage_other_data_org'] : 0;
//$extend_prms['create_data_limit'] = abs(intval($extend_prms['create_data_limit']));
$extend_prms['set_weight_limit'] = abs(intval($extend_prms['set_weight_limit']));
$data = array('name' => trim($this->input['name']), 'brief' => trim($this->input['brief']), 'index_page' => addslashes(trim($this->input['index_page'])), 'open_way' => intval($this->input['open_way']), 'domain' => trim($this->input['domain']), 'extend_prms' => addslashes(serialize($extend_prms)), 'publish_prms' => $this->input['column_id'], 'site_prms' => $this->input['siteid']);
if ($this->user['group_type'] > MAX_ADMIN_TYPE) {
$publish_prms = $data['publish_prms'] ? explode(',', $data['publish_prms']) : array();
$site_prms = $data['site_prms'] ? explode(',', $data['site_prms']) : array();
if (@array_diff($site_prms, $this->user['prms']['site_prms'])) {
$this->errorOutput("非整站授权站点,授权失败");
}
if (!class_exists('publishconfig')) {
include_once ROOT_PATH . 'lib/class/publishconfig.class.php';
}
$this->publish_column = new publishconfig();
if ($publish_prms) {
//排除全站授权栏目
$column_site = $this->publish_column->get_column_site(array('column_id' => implode(',', $publish_prms)));
if (is_array($column_site) && $column_site) {
foreach ($column_site as $site_id => $col) {
if (in_array($site_id, $this->user['prms']['site_prms'])) {
//$this->errorOutput(var_export($col,1));
$publish_prms = array_diff($publish_prms, $col);
}
}
}
if (@array_diff($publish_prms, $this->user['prms']['publish_prms'])) {
$this->errorOutput("非授权栏目,授权失败");
}
}
}
$role_id = intval($this->input['id']);
//if role_id -1 create data
if ($role_id == -1) {
$role_id = 0;
}
$admin_role = array();
if ($role_id) {
$sql = 'SELECT id,name,user_id,extend_prms FROM ' . DB_PREFIX . 'admin_role WHERE id = "' . $role_id . '"';
$admin_role = $this->db->query_first($sql);
if ($this->user['group_type'] > MAX_ADMIN_TYPE) {
if ($admin_role['user_id'] != $this->user['user_id']) {
$this->errorOutput("没有权限管理此角色");
}
$sql = 'SELECT admin_role_id FROM ' . DB_PREFIX . 'admin WHERE id = ' . $this->user['user_id'];
$user_roles = $this->db->query_first($sql);
$user_roles = explode(',', $user_roles['admin_role_id']);
if (in_array($role_id, $user_roles)) {
$this->errorOutput('无法修改当前用户所在的角色');
}
}
}
if ($this->user['group_type'] > MAX_ADMIN_TYPE) {
//完全继承扩展权限 无论更新创建角色
$data['extend_prms'] = addslashes(serialize($this->user['prms']['default_setting']));
}
if (!$admin_role) {
//create
$data['user_id'] = $this->user['user_id'];
$data['user_name'] = $this->user['user_name'];
$data['org_id'] = $this->user['org_id'];
if ($this->check_name_unique($data['name'])) {
$this->errorOutput(ROLE_NAME_EXISTS);
}
$data['create_time'] = TIMENOW;
$sql = 'INSERT INTO ' . DB_PREFIX . 'admin_role SET ';
foreach ($data as $filed => $value) {
$sql .= ' `' . $filed . '`="' . $value . '",';
}
$sql = trim($sql, ',');
$op = '创建角色';
} else {
//update
$sql = 'UPDATE ' . DB_PREFIX . 'admin_role SET ';
foreach ($data as $filed => $value) {
$sql .= '`' . $filed . '`="' . $value . '",';
}
$sql = trim($sql, ',') . ' WHERE id=' . $admin_role['id'];
//查出原来权限
$sql1 = 'SELECT * FROM ' . DB_PREFIX . 'role_prms WHERE admin_role_id = ' . $admin_role['id'] . ' ORDER BY order_id';
$query = $this->db->query($sql1);
while ($row = $this->db->fetch_array($query)) {
$return['prms'][$row['app_uniqueid'] . '-' . $row['mod_uniqueid']] = $row;
}
$op = '修改角色';
}
$this->db->query($sql);
if ($admin_role) {
$data['id'] = $admin_role['id'];
$this->db->affected_rows() ? $this->db->query("UPDATE " . DB_PREFIX . 'admin_role SET update_user_id=' . $this->user['user_id'] . ', update_user_name="' . $this->user['user_name'] . '", update_time=' . TIMENOW . ' WHERE id = ' . $admin_role['id']) : '';
} else {
$data['id'] = $this->db->insert_id();
}
//if update then delete authorized data
if ($admin_role) {
$this->db->query('DELETE FROM ' . DB_PREFIX . 'role_prms WHERE admin_role_id = ' . intval($admin_role['id']));
}
$prms = json_decode(html_entity_decode($this->input['prms']), 1);
if ($prms) {
$order_id = 0;
$sql = 'INSERT INTO ' . DB_PREFIX . 'role_prms VALUES ';
foreach ($prms as $app_mod => $v) {
$app_mod = explode('-', $app_mod);
if ($this->user['group_type'] > MAX_ADMIN_TYPE) {
if (!$this->user['prms']['app_prms'][$app_mod[0]]['is_complete']) {
$this->errorOutput('存在非多级授权应用!');
}
}
$sql .= '(' . $data['id'] . ',"' . $app_mod['0'] . '", "' . $app_mod['1'] . '", "' . addslashes($v['op']) . '", "' . $v['node'] . '","' . $v['setting'] . '", "' . $v['is_all'] . '",' . $order_id . '),';
$order_id++;
}
$sql = trim($sql, ',');
$this->db->query($sql);
}
hg_update_role_prms($role_id);
//日志
$pre_data = array_merge(unserialize($admin_role['extend_prms']), $return);
$up_data = array_merge($this->input['extend'], json_decode(htmlspecialchars_decode($this->input['prms']), 1));
$this->addLogs($op, $pre_data, $up_data, $data['name']);
$this->addItem($data);
$this->output();
}
public function get_user_prms()
{
$role_id = urldecode($this->input['role_id']);
if (!$role_id) {
return;
}
$prms = hg_update_role_prms($role_id);
$prms = merge_user_prms($prms);
$apps = @array_keys($prms['app_prms']);
if ($apps) {
$apps = implode('","', $apps);
$sql = 'SELECT bundle,name FROM ' . DB_PREFIX . 'apps WHERE bundle IN("' . $apps . '")';
$query = $this->db->query($sql);
$apps = array();
while ($row = $this->db->fetch_array($query)) {
$apps[$row['bundle']] = $row['name'];
}
}
require_once ROOT_PATH . 'lib/class/publishconfig.class.php';
$publishconfig = new publishconfig();
$publish_sites = $publish_columns = array();
if ($prms['site_prms']) {
$publish_sites = $publishconfig->get_sites();
$prms['site_prms'] = array_intersect_key($publish_sites, array_flip($prms['site_prms']));
}
if ($prms['publish_prms']) {
$column_ids = implode(',', $prms['publish_prms']);
$publish_columns = $publishconfig->get_columnname_by_ids('*', $column_ids);
$prms['publish_prms'] = $publish_columns;
}
if ($prms['app_prms']) {
foreach ($prms['app_prms'] as $k => $v) {
if ($prms['app_prms'][$k]['action']) {
$prms['app_prms'][$k]['action'] = array_intersect_key($this->settings['auth_op'], array_flip($prms['app_prms'][$k]['action']));
}
$prms['app_prms'][$k]['app_name'] = $apps[$k];
}
}
$this->addItem($prms);
$this->output();
}
