/**
* Construct the menus From the Controllers in the Application. This is an expensive
* Process Timewise and is cached.
*/
public function extract($user)
{
$cacheKey = 'user_' . $user['id'];
$menu = Cache::read($cacheKey, $this->cacheConfig);
if ($menu === false) {
set_time_limit(120);
ini_set('memory_limit', '64M');
$start = microtime(true);
App::uses('PackageScanner', 'Lib');
$menu = PackageScanner::read();
$aro = array('model' => 'User', 'foreign_key' => $user['id']);
// 注意这里的ACO路径中的Controller名称格式需要根据acos表中的格式相同
// 否则会出现无法找到ACO节点的错误, 请根据实际需要修改
foreach ($menu as $i => $package) {
foreach ($package['children'] as $j => $subpackage) {
if (empty($subpackage['menu'])) {
unset($menu[$i]['children'][$j]);
continue;
}
foreach ($subpackage['children'] as $k => $action) {
if (empty($action['menu'])) {
unset($menu[$i]['children'][$j]['children'][$k]);
continue;
}
if ($this->Acl->check($aro, $action['aco']) === false) {
unset($menu[$i]['children'][$j]['children'][$k]);
}
}
if (empty($menu[$i]['children'][$j]['children'])) {
unset($menu[$i]['children'][$j]);
}
}
if (empty($menu[$i]['children'])) {
unset($menu[$i]);
}
}
Cache::write($cacheKey, $menu, $this->cacheConfig);
$end = microtime(true);
$this->log(sprintf('It takes %d seconds to built menu for %s', $end - $start, $cacheKey));
}
$this->menu = $menu;
}
/**
* 分配角色权限
*
* @access public
* @return void
*/
public function admin_permission($id = null)
{
// 处理单个的Ajax权限变更请求
if ($this->request->is('ajax')) {
$response = new stdClass();
$response->status = false;
$response->code = null;
$user_aro = array('model' => 'User', 'foreign_key' => $this->user('id'));
$group_aro = $this->Session->read('Groups.active');
$actionMaps = array('allow' => 'allow', 'deny' => 'deny', __('Allow') => 'allow', __('Deny') => 'deny');
if (isset($group_aro, $this->request->data['aco'], $this->request->data['action'])) {
// 对于当前用户没有的权限, 是不能分配给其他人的
if ($this->Acl->check($user_aro, $this->request->data['aco']) === false) {
$response->code = __('You cannot change permissions that you donot have access to');
} else {
$aco = $this->request->data['aco'];
$action = $actionMaps[strtolower($this->request->data['action'])];
if (in_array($action, array('allow', 'deny'))) {
$response->status = $this->Acl->{$action}($group_aro, $aco);
if ($response->status) {
$this->log(sprintf('更新角色权限: %s=>%s', $aco, $action), $group_aro['foreign_key']);
$response->code = __('Group permissions saved');
$this->_clear_user_menu_cache($group_aro['foreign_key']);
} else {
$response->code = __('Group permissions cannot be saved, please try again');
}
} else {
$response->code = __('Invalid permission action');
}
}
} else {
$response->code = __('Invalid request');
}
$this->json($response);
// 处理比较漫长的权限抽取
} else {
set_time_limit(120);
ini_set('memory_limit', '256M');
$this->Group->id = $id;
if (!$this->Group->exists()) {
throw new NotFoundException(__('Invalid group'));
}
$start = microtime(true);
App::uses('PackageScanner', 'Lib');
$packages = PackageScanner::read();
$hidden_modules = array('Tenants');
$group_aro = array('model' => 'Group', 'foreign_key' => $id);
foreach ($packages as $i => $package) {
foreach ($package['children'] as $j => $subpackage) {
if (in_array($subpackage['alias'], $hidden_modules)) {
unset($packages[$i]['children'][$j]);
continue;
}
foreach ($subpackage['children'] as $k => $action) {
$packages[$i]['children'][$j]['children'][$k]['allow'] = $this->Acl->check($group_aro, $action['aco']);
}
}
}
$end = microtime(true);
$this->log(sprintf('It takes %d seconds to extract permissions for Group#%s', $end - $start, $id));
$this->Session->write('Groups.active', $group_aro);
$this->set('packages', $packages);
}
}
