/** * 管理员权限管理 * * @param $f3 */ public function Privilege($f3) { // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_get'); global $smarty; // 参数验证 $validator = new Validator($f3->get('GET')); $user_id = $validator->required()->digits()->min(1)->validate('user_id'); if (!$this->validate($validator)) { goto out_fail; } // 查询管理员信息 $adminUserService = new AdminUserService(); $adminUser = $adminUserService->loadAdminById($user_id); if ($adminUser->isEmpty()) { // 不存在的管理员 $this->addFlashMessage('管理员不存在'); goto out_fail; } else { if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) { // 拥有最高权限的管理员只有他自己能编辑自己 $authAdminUser = AuthHelper::getAuthUser(); if ($authAdminUser['user_id'] != $adminUser['user_id']) { $this->addFlashMessage('超级管理员只有他自己能操作自己的信息'); RouteHelper::reRoute($this, '/Account/Admin/ListUser'); } } } if (!Request::isRequestPost()) { // 没有 post ,只是普通的显示 goto out_display; } // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_post'); $action_list_str = ''; $actionCodeArray = $f3->get('POST[action_code]'); if (empty($actionCodeArray)) { // 清空了所有权限 $action_list_str = ''; goto update_privilege; } if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) { // 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll $this->requirePrivilege(AdminUserService::privilegeAll); // 用户有所有的权限 $action_list_str = AdminUserService::privilegeAll; goto update_privilege; } // 生成权限字符串 $action_list_str = implode(',', $actionCodeArray); update_privilege: $adminUser->role_id = $f3->get('POST[role_id]'); $adminUser->action_list = $action_list_str; $adminUser->save(); $this->addFlashMessage('管理员权限保存成功'); out_display: $smarty->assign($adminUser->toArray()); // 取得权限显示列表 $metaPrivilegeService = new MetaPrivilegeService(); $smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray()); $smarty->display('account_admin_privilege.tpl'); return; // 正常从这里返回 out_fail: // 失败,返回管理员列表 RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true)); }
/** * 角色权限管理 * * @param $f3 */ public function Privilege($f3) { // 权限检查 $this->requirePrivilege('manage_account_role_privilege_get'); global $smarty; // 参数验证 $validator = new Validator($f3->get('GET')); $meta_id = $validator->required()->digits()->min(1)->validate('meta_id'); if (!$this->validate($validator)) { goto out_fail; } // 查询角色信息 $metaRoleService = new MetaRoleService(); $role = $metaRoleService->loadRoleById($meta_id); if ($role->isEmpty()) { // 不存在的角色 $this->addFlashMessage('角色不存在'); goto out_fail; } if (!Request::isRequestPost()) { // 没有 post ,只是普通的显示 goto out_display; } // 权限检查 $this->requirePrivilege('manage_account_role_privilege_post'); $action_list_str = ''; $actionCodeArray = $f3->get('POST[action_code]'); if (empty($actionCodeArray)) { // 清空了所有权限 $action_list_str = ''; goto update_privilege; } // 清除掉 privilegeAll,角色不能设置最高权限 while ($actionCodeArrayIndex = array_search(AdminUserService::privilegeAll, $actionCodeArray)) { unset($actionCodeArray[$actionCodeArrayIndex]); } // 生成权限字符串 $action_list_str = implode(',', $actionCodeArray); update_privilege: $role->meta_data = $action_list_str; $role->save(); $this->addFlashMessage('角色权限保存成功'); out_display: $smarty->assign($role->toArray()); // 取得权限显示列表 $metaPrivilegeService = new MetaPrivilegeService(); $smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray()); $smarty->display('account_role_privilege.tpl'); return; // 正常从这里返回 out_fail: // 失败,返回角色列表 RouteHelper::reRoute($this, '/Account/Role/ListRole'); }
/** * 订单商品评价 * * @param $f3 */ public function GoodsComment($f3) { global $smarty; $errorMessage = ''; // 参数验证 $validator = new Validator($f3->get('GET')); $rec_id = $validator->required()->digits()->min(1)->validate('rec_id'); if (!$this->validate($validator)) { $errorMessage = '订单ID非法'; goto out_fail; } $orderBasicService = new OrderBasicService(); // 查询 order_goods $orderGoods = $orderBasicService->loadOrderGoodsById($rec_id, 10); // 缓存 10 秒钟 if ($orderGoods->isEmpty()) { $errorMessage = '订单ID非法'; goto out_fail; } // 查询 order_info $orderInfo = $orderBasicService->loadOrderInfoById($orderGoods['order_id'], 10); // 缓存 10 秒钟 // 权限检查,用户只能查看自己的订单 $userInfo = AuthHelper::getAuthUser(); if ($orderInfo->isEmpty() || $userInfo['user_id'] != $orderInfo['user_id'] || !$this->verifyOrderSystem($orderInfo)) { $errorMessage = '订单ID非法'; goto out_fail; } // 加载订单评论 $goodsCommentService = new GoodsCommentService(); $goodsComment = $goodsCommentService->loadGoodsCommentByOrderGoodsRecId($rec_id, 1); // 缓存1秒 if ($goodsComment->isEmpty() || $goodsComment['user_id'] != $userInfo['user_id']) { $errorMessage = '无法评论此订单'; goto out_fail; } // post 请求 if (Request::isRequestPost()) { goto do_post; } // 赋值评论信息 $smarty->assign('goodsComment', $goodsComment->toArray()); out_fail: // GET 从这里退出 $smarty->assign('errorMessage', $errorMessage); $smarty->display('my_order_goodscomment.tpl'); return; do_post: // 这里处理 post 请求 // 用户评论缺省不显示,需要等管理员审核通过才能显示 $goodsComment->is_show = 0; $goodsComment->comment_time = Time::gmTime(); // 过滤用户提交的数据 unset($validator); $validator = new Validator($f3->get('POST')); $goodsComment->comment_rate = $validator->filter('ValidatorIntValue')->validate('comment_rate'); $goodsComment->comment = $validator->validate('comment'); $goodsComment->save(); $this->addFlashMessage('评论发表成功,请等待管理员审核通过才能显示'); // 回到前面的页面 RouteHelper::reRoute($this, RouteHelper::getRefer(), false); }