/** * Construct the menus From the Controllers in the Application. This is an expensive * Process Timewise and is cached. */ public function extract($user) { $cacheKey = 'user_' . $user['id']; $menu = Cache::read($cacheKey, $this->cacheConfig); if ($menu === false) { set_time_limit(120); ini_set('memory_limit', '64M'); $start = microtime(true); App::uses('PackageScanner', 'Lib'); $menu = PackageScanner::read(); $aro = array('model' => 'User', 'foreign_key' => $user['id']); // 注意这里的ACO路径中的Controller名称格式需要根据acos表中的格式相同 // 否则会出现无法找到ACO节点的错误, 请根据实际需要修改 foreach ($menu as $i => $package) { foreach ($package['children'] as $j => $subpackage) { if (empty($subpackage['menu'])) { unset($menu[$i]['children'][$j]); continue; } foreach ($subpackage['children'] as $k => $action) { if (empty($action['menu'])) { unset($menu[$i]['children'][$j]['children'][$k]); continue; } if ($this->Acl->check($aro, $action['aco']) === false) { unset($menu[$i]['children'][$j]['children'][$k]); } } if (empty($menu[$i]['children'][$j]['children'])) { unset($menu[$i]['children'][$j]); } } if (empty($menu[$i]['children'])) { unset($menu[$i]); } } Cache::write($cacheKey, $menu, $this->cacheConfig); $end = microtime(true); $this->log(sprintf('It takes %d seconds to built menu for %s', $end - $start, $cacheKey)); } $this->menu = $menu; }
/** * 分配角色权限 * * @access public * @return void */ public function admin_permission($id = null) { // 处理单个的Ajax权限变更请求 if ($this->request->is('ajax')) { $response = new stdClass(); $response->status = false; $response->code = null; $user_aro = array('model' => 'User', 'foreign_key' => $this->user('id')); $group_aro = $this->Session->read('Groups.active'); $actionMaps = array('allow' => 'allow', 'deny' => 'deny', __('Allow') => 'allow', __('Deny') => 'deny'); if (isset($group_aro, $this->request->data['aco'], $this->request->data['action'])) { // 对于当前用户没有的权限, 是不能分配给其他人的 if ($this->Acl->check($user_aro, $this->request->data['aco']) === false) { $response->code = __('You cannot change permissions that you donot have access to'); } else { $aco = $this->request->data['aco']; $action = $actionMaps[strtolower($this->request->data['action'])]; if (in_array($action, array('allow', 'deny'))) { $response->status = $this->Acl->{$action}($group_aro, $aco); if ($response->status) { $this->log(sprintf('更新角色权限: %s=>%s', $aco, $action), $group_aro['foreign_key']); $response->code = __('Group permissions saved'); $this->_clear_user_menu_cache($group_aro['foreign_key']); } else { $response->code = __('Group permissions cannot be saved, please try again'); } } else { $response->code = __('Invalid permission action'); } } } else { $response->code = __('Invalid request'); } $this->json($response); // 处理比较漫长的权限抽取 } else { set_time_limit(120); ini_set('memory_limit', '256M'); $this->Group->id = $id; if (!$this->Group->exists()) { throw new NotFoundException(__('Invalid group')); } $start = microtime(true); App::uses('PackageScanner', 'Lib'); $packages = PackageScanner::read(); $hidden_modules = array('Tenants'); $group_aro = array('model' => 'Group', 'foreign_key' => $id); foreach ($packages as $i => $package) { foreach ($package['children'] as $j => $subpackage) { if (in_array($subpackage['alias'], $hidden_modules)) { unset($packages[$i]['children'][$j]); continue; } foreach ($subpackage['children'] as $k => $action) { $packages[$i]['children'][$j]['children'][$k]['allow'] = $this->Acl->check($group_aro, $action['aco']); } } } $end = microtime(true); $this->log(sprintf('It takes %d seconds to extract permissions for Group#%s', $end - $start, $id)); $this->Session->write('Groups.active', $group_aro); $this->set('packages', $packages); } }