/** * 判断当前用户是否有某个权限 * * @param string $needPrivilege * * @return bool */ protected function hasPrivilege($needPrivilege) { $authAdminUser = AuthHelper::getAuthUser(); if (empty($authAdminUser)) { goto out_fail; } // 检查权限 if (!AdminUserService::verifyPrivilege($needPrivilege, $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) { goto out_fail; } return true; out_fail: return false; }
/** * 判断用户是否有某种权限 * * @param $params * @param $content * @param Smarty_Internal_Template $template * @param $repeat */ function smarty_helper_block_verify_privilege($params, $content, Smarty_Internal_Template $template, &$repeat) { if ($repeat) { return ''; } if (array_key_exists('privilege', $params) && !empty($params['privilege'])) { $authAdminUser = AuthHelper::getAuthUser(); if (empty($authAdminUser)) { return ''; } // 检查权限 if (!AdminUserService::verifyPrivilege($params['privilege'], $authAdminUser['action_list'] . ',' . $authAdminUser['role_action_list'])) { return ''; } return $content; // 成功从这里返回 } }
/** * 管理员权限管理 * * @param $f3 */ public function Privilege($f3) { // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_get'); global $smarty; // 参数验证 $validator = new Validator($f3->get('GET')); $user_id = $validator->required()->digits()->min(1)->validate('user_id'); if (!$this->validate($validator)) { goto out_fail; } // 查询管理员信息 $adminUserService = new AdminUserService(); $adminUser = $adminUserService->loadAdminById($user_id); if ($adminUser->isEmpty()) { // 不存在的管理员 $this->addFlashMessage('管理员不存在'); goto out_fail; } else { if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) { // 拥有最高权限的管理员只有他自己能编辑自己 $authAdminUser = AuthHelper::getAuthUser(); if ($authAdminUser['user_id'] != $adminUser['user_id']) { $this->addFlashMessage('超级管理员只有他自己能操作自己的信息'); RouteHelper::reRoute($this, '/Account/Admin/ListUser'); } } } if (!Request::isRequestPost()) { // 没有 post ,只是普通的显示 goto out_display; } // 权限检查 $this->requirePrivilege('manage_account_admin_privilege_post'); $action_list_str = ''; $actionCodeArray = $f3->get('POST[action_code]'); if (empty($actionCodeArray)) { // 清空了所有权限 $action_list_str = ''; goto update_privilege; } if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) { // 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll $this->requirePrivilege(AdminUserService::privilegeAll); // 用户有所有的权限 $action_list_str = AdminUserService::privilegeAll; goto update_privilege; } // 生成权限字符串 $action_list_str = implode(',', $actionCodeArray); update_privilege: $adminUser->role_id = $f3->get('POST[role_id]'); $adminUser->action_list = $action_list_str; $adminUser->save(); $this->addFlashMessage('管理员权限保存成功'); out_display: $smarty->assign($adminUser->toArray()); // 取得权限显示列表 $metaPrivilegeService = new MetaPrivilegeService(); $smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray()); $smarty->display('account_admin_privilege.tpl'); return; // 正常从这里返回 out_fail: // 失败,返回管理员列表 RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true)); }