/** +---------------------------------------------------------- * 取得当前认证号的所有权限列表 +---------------------------------------------------------- * @param integer $authId 用户ID +---------------------------------------------------------- * @access public +---------------------------------------------------------- */ public static function getAccessList($authId) { //获取当前用户所有组 $myallroles = RBAC::getAuthorRole($authId); $db = Db::getInstance(C('RBAC_DB_DSN')); $table = array('role' => C('RBAC_ROLE_TABLE'), 'user' => C('RBAC_USER_TABLE'), 'access' => C('RBAC_ACCESS_TABLE'), 'node' => C('RBAC_NODE_TABLE')); /*$sql = "select DISTINCT(node.id),node.name from ". $table['role']." as role,". $table['user']." as user,". $table['access']." as access ,". $table['node']." as node ". "where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=1 and node.status=1";*/ //获取用户所在项目 $sql2 = "select node.id ,node.name,node.group_id from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=1 and node.status=1 group by node.id"; $apps = $db->query($sql2); $access = array(); $modules = array(); $already_app = array(); foreach ($apps as $key => $app) { if ($already_app[$app['id']]) { continue; } else { $already_app[$app['id']] = $app['id']; } $appId = $app['id']; $appName = $app['name']; $access[strtoupper($appName)] = array(); // 读取项目的面板权限 /*$sql="select DISTINCT(node.id),node.name from ". $table['role']." as role,". $table['user']." as user,". $table['access']." as access ,". $table['node']." as node ". "where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=2 and node.pid={$appId} and node.status=1";*/ //获取用户所在项目的面板 $sql2 = "select node.id ,node.name,node.group_id from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=2 and node.pid=" . $appId . " and node.status=1"; $mianban = $db->query($sql2); // 读取项目的模块权限 $already_mianban = array(); foreach ($mianban as $k => $v) { if ($already_mianban[$v['id']]) { continue; } else { $already_mianban[$v['id']] = 1; } /*$sql = "select DISTINCT(node.id),node.type,node.name from ". $table['role']." as role,". $table['user']." as user,". $table['access']." as access ,". $table['node']." as node ". "where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=3 and node.pid={$v['id']} and node.status=1";*/ $sql2 = "select node.id ,node.type,node.name,node.group_id from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=3 and node.pid=" . $v['id'] . " and node.status=1"; $m = $db->query($sql2); if ($m) { $modules = array_merge($modules, $m); foreach ($m as $k2 => $v2) { if ($v2['type'] == 2) { /*$sql2 = "select DISTINCT(node.id),node.type,node.name from ". $table['role']." as role,". $table['user']." as user,". $table['access']." as access ,". $table['node']." as node ". "where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=3 and node.pid={$v2['id']} and node.status=1";*/ $sql2 = "select node.id ,node.type,node.name from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=3 and node.pid=" . $v2['id'] . " and node.status=1"; $m2 = $db->query($sql2); if ($m2) { $modules = array_merge($modules, $m2); } } } } } // 判断是否存在公共模块的权限 $publicAction = array(); foreach ($modules as $k3 => $v3) { $moduleId = $v3['id']; $moduleName = $v3['name']; if ('PUBLIC' == strtoupper($moduleName)) { /*$sql = "select DISTINCT(node.id),node.name,access.plevels from ". $table['role']." as role,". $table['user']." as user,". $table['access']." as access ,". $table['node']." as node ". "where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=4 and node.pid={$moduleId} and node.status=1";*/ $sql2 = "select node.id ,node.name,node.group_id,access.plevels from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=4 and node.pid=" . $moduleId . " and node.status=1"; $rs = $db->query($sql2); foreach ($rs as $a) { $publicAction[$a['name']] = $a['id'] . "-" . $a['plevels']; } unset($modules[$k3]); break; } } // 依次读取模块的操作权限 $already_action = array(); foreach ($modules as $k4 => $v4) { if ($already_action[$v4['id']]) { continue; } else { $already_action[$v4['id']] = 1; } if ($v4['type'] == 2) { continue; } $moduleId = $v4['id']; $moduleName = $v4['name']; /*$sql = "select DISTINCT(node.id),node.name,access.plevels from ". $table['role']." as role,". $table['user']." as user,". $table['access']." as access ,". $table['node']." as node ". "where access.role_id in ({$myallroles}) and role.status=1 and access.node_id=node.id and node.level=4 and node.pid={$moduleId} and node.status=1";*/ $sql2 = "select node.id ,node.name,node.group_id,access.plevels from node LEFT JOIN access ON node.id=access.node_id where access.role_id in(" . $myallroles . ") and node.level=4 and node.pid=" . $moduleId . " and node.status=1"; $rs = $db->query($sql2); $action = array(); foreach ($rs as $a) { $action['GROUPID'] = $a['group_id']; if (isset($action[$a['name']])) { $ex = explode("-", $action[$a['name']]); if ($ex[1] > $a['plevels']) { $action[$a['name']] = $a['id'] . "-" . $a['plevels']; } } else { $action[$a['name']] = $a['id'] . "-" . $a['plevels']; } } foreach ($publicAction as $b => $c) { if (!isset($action[$b])) { $action[$b] = $c; } } // 和公共模块的操作权限合并 //$action += $publicAction; $access[strtoupper($appName)][strtoupper($moduleName)] = array_change_key_case($action, CASE_UPPER); } } //获取我的权限 $access2 = RBAC::getAccessListSelf($authId); if ($access2) { //过滤相关权限 foreach ($access2 as $k => $v) { foreach ($v as $k2 => $v2) { foreach ($v2 as $k3 => $v3) { $ex = explode("-", $v3); if ($ex[1] == 5) { unset($access[$k][$k2][$k3]); } else { $access[$k][$k2][$k3] = $v3; } } if (count($access[$k][$k2]) == 0) { unset($access[$k][$k2]); } } } } return $access; }