/**
+----------------------------------------------------------
* 取得当前认证号的所有权限列表
+----------------------------------------------------------
* @param integer $authId 用户ID
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
*/
public static function getAccessList($authId)
{
//获取当前用户所有组
$myallroles = RBAC::getAuthorRole($authId);
$db = Db::getInstance(C('RBAC_DB_DSN'));
$table = array('role' => C('RBAC_ROLE_TABLE'), 'user' => C('RBAC_USER_TABLE'), 'access' => C('RBAC_ACCESS_TABLE'), 'node' => C('RBAC_NODE_TABLE'));
/*$sql = "select DISTINCT(node.id),node.name from ".
$table['role']." as role,".
$table['user']." as user,".
$table['access']." as access ,".
$table['node']." as node ".
"where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=1 and node.status=1";*/
//获取用户所在项目
$sql2 = "select node.id ,node.name,node.group_id from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=1 and node.status=1 group by node.id";
$apps = $db->query($sql2);
$access = array();
$modules = array();
$already_app = array();
foreach ($apps as $key => $app) {
if ($already_app[$app['id']]) {
continue;
} else {
$already_app[$app['id']] = $app['id'];
}
$appId = $app['id'];
$appName = $app['name'];
$access[strtoupper($appName)] = array();
// 读取项目的面板权限
/*$sql="select DISTINCT(node.id),node.name from ".
$table['role']." as role,".
$table['user']." as user,".
$table['access']." as access ,".
$table['node']." as node ".
"where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=2 and node.pid={$appId} and node.status=1";*/
//获取用户所在项目的面板
$sql2 = "select node.id ,node.name,node.group_id from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=2 and node.pid=" . $appId . " and node.status=1";
$mianban = $db->query($sql2);
// 读取项目的模块权限
$already_mianban = array();
foreach ($mianban as $k => $v) {
if ($already_mianban[$v['id']]) {
continue;
} else {
$already_mianban[$v['id']] = 1;
}
/*$sql = "select DISTINCT(node.id),node.type,node.name from ".
$table['role']." as role,".
$table['user']." as user,".
$table['access']." as access ,".
$table['node']." as node ".
"where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=3 and node.pid={$v['id']} and node.status=1";*/
$sql2 = "select node.id ,node.type,node.name,node.group_id from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=3 and node.pid=" . $v['id'] . " and node.status=1";
$m = $db->query($sql2);
if ($m) {
$modules = array_merge($modules, $m);
foreach ($m as $k2 => $v2) {
if ($v2['type'] == 2) {
/*$sql2 = "select DISTINCT(node.id),node.type,node.name from ".
$table['role']." as role,".
$table['user']." as user,".
$table['access']." as access ,".
$table['node']." as node ".
"where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=3 and node.pid={$v2['id']} and node.status=1";*/
$sql2 = "select node.id ,node.type,node.name from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=3 and node.pid=" . $v2['id'] . " and node.status=1";
$m2 = $db->query($sql2);
if ($m2) {
$modules = array_merge($modules, $m2);
}
}
}
}
}
// 判断是否存在公共模块的权限
$publicAction = array();
foreach ($modules as $k3 => $v3) {
$moduleId = $v3['id'];
$moduleName = $v3['name'];
if ('PUBLIC' == strtoupper($moduleName)) {
/*$sql = "select DISTINCT(node.id),node.name,access.plevels from ".
$table['role']." as role,".
$table['user']." as user,".
$table['access']." as access ,".
$table['node']." as node ".
"where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=4 and node.pid={$moduleId} and node.status=1";*/
$sql2 = "select node.id ,node.name,node.group_id,access.plevels from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=4 and node.pid=" . $moduleId . " and node.status=1";
$rs = $db->query($sql2);
foreach ($rs as $a) {
$publicAction[$a['name']] = $a['id'] . "-" . $a['plevels'];
}
unset($modules[$k3]);
break;
}
}
// 依次读取模块的操作权限
$already_action = array();
foreach ($modules as $k4 => $v4) {
if ($already_action[$v4['id']]) {
continue;
} else {
$already_action[$v4['id']] = 1;
}
if ($v4['type'] == 2) {
continue;
}
$moduleId = $v4['id'];
$moduleName = $v4['name'];
/*$sql = "select DISTINCT(node.id),node.name,access.plevels from ".
$table['role']." as role,".
$table['user']." as user,".
$table['access']." as access ,".
$table['node']." as node ".
"where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=4 and node.pid={$moduleId} and node.status=1";*/
$sql2 = "select node.id ,node.name,node.group_id,access.plevels from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=4 and node.pid=" . $moduleId . " and node.status=1";
$rs = $db->query($sql2);
$action = array();
foreach ($rs as $a) {
$action['GROUPID'] = $a['group_id'];
if (isset($action[$a['name']])) {
$ex = explode("-", $action[$a['name']]);
if ($ex[1] > $a['plevels']) {
$action[$a['name']] = $a['id'] . "-" . $a['plevels'];
}
} else {
$action[$a['name']] = $a['id'] . "-" . $a['plevels'];
}
}
foreach ($publicAction as $b => $c) {
if (!isset($action[$b])) {
$action[$b] = $c;
}
}
// 和公共模块的操作权限合并
//$action += $publicAction;
$access[strtoupper($appName)][strtoupper($moduleName)] = array_change_key_case($action, CASE_UPPER);
}
}
//获取我的权限
$access2 = RBAC::getAccessListSelf($authId);
if ($access2) {
//过滤相关权限
foreach ($access2 as $k => $v) {
foreach ($v as $k2 => $v2) {
foreach ($v2 as $k3 => $v3) {
$ex = explode("-", $v3);
if ($ex[1] == 5) {
unset($access[$k][$k2][$k3]);
} else {
$access[$k][$k2][$k3] = $v3;
}
}
if (count($access[$k][$k2]) == 0) {
unset($access[$k][$k2]);
}
}
}
}
return $access;
}
