/**
* 角色权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_role_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$meta_id = $validator->required()->digits()->min(1)->validate('meta_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询角色信息
$metaRoleService = new MetaRoleService();
$role = $metaRoleService->loadRoleById($meta_id);
if ($role->isEmpty()) {
// 不存在的角色
$this->addFlashMessage('角色不存在');
goto out_fail;
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_role_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
// 清除掉 privilegeAll,角色不能设置最高权限
while ($actionCodeArrayIndex = array_search(AdminUserService::privilegeAll, $actionCodeArray)) {
unset($actionCodeArray[$actionCodeArrayIndex]);
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$role->meta_data = $action_list_str;
$role->save();
$this->addFlashMessage('角色权限保存成功');
out_display:
$smarty->assign($role->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_role_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回角色列表
RouteHelper::reRoute($this, '/Account/Role/ListRole');
}
/**
* 管理员权限管理
*
* @param $f3
*/
public function Privilege($f3)
{
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_get');
global $smarty;
// 参数验证
$validator = new Validator($f3->get('GET'));
$user_id = $validator->required()->digits()->min(1)->validate('user_id');
if (!$this->validate($validator)) {
goto out_fail;
}
// 查询管理员信息
$adminUserService = new AdminUserService();
$adminUser = $adminUserService->loadAdminById($user_id);
if ($adminUser->isEmpty()) {
// 不存在的管理员
$this->addFlashMessage('管理员不存在');
goto out_fail;
} else {
if (AdminUserService::verifyPrivilege(AdminUserService::privilegeAll, $adminUser['action_list'])) {
// 拥有最高权限的管理员只有他自己能编辑自己
$authAdminUser = AuthHelper::getAuthUser();
if ($authAdminUser['user_id'] != $adminUser['user_id']) {
$this->addFlashMessage('超级管理员只有他自己能操作自己的信息');
RouteHelper::reRoute($this, '/Account/Admin/ListUser');
}
}
}
if (!Request::isRequestPost()) {
// 没有 post ,只是普通的显示
goto out_display;
}
// 权限检查
$this->requirePrivilege('manage_account_admin_privilege_post');
$action_list_str = '';
$actionCodeArray = $f3->get('POST[action_code]');
if (empty($actionCodeArray)) {
// 清空了所有权限
$action_list_str = '';
goto update_privilege;
}
if (in_array(AdminUserService::privilegeAll, $actionCodeArray)) {
// 权限检查,只有自身拥有 privilegeAll 权限的人才能给别人授权 privilegeAll
$this->requirePrivilege(AdminUserService::privilegeAll);
// 用户有所有的权限
$action_list_str = AdminUserService::privilegeAll;
goto update_privilege;
}
// 生成权限字符串
$action_list_str = implode(',', $actionCodeArray);
update_privilege:
$adminUser->role_id = $f3->get('POST[role_id]');
$adminUser->action_list = $action_list_str;
$adminUser->save();
$this->addFlashMessage('管理员权限保存成功');
out_display:
$smarty->assign($adminUser->toArray());
// 取得权限显示列表
$metaPrivilegeService = new MetaPrivilegeService();
$smarty->assign('privilegeArray', $metaPrivilegeService->fetchPrivilegeArray());
$smarty->display('account_admin_privilege.tpl');
return;
// 正常从这里返回
out_fail:
// 失败,返回管理员列表
RouteHelper::reRoute($this, RouteHelper::makeUrl('/Account/Admin/ListUser', array('user_id' => $user_id), true));
}