/**
* (false|int) actionDelete : 根据unitcode删除单位或部门
* @return false|int
* @throws NotFoundHttpException
* @throws \Exception
*/
public function actionDelete()
{
try {
$user_id = Yii::$app->user->identity->id;
$unitcode = Yii::$app->request->post('unitcode');
$unit = $this->findModel($unitcode);
if (MapUnit::getUserPower($user_id, $unitcode) != MapUnit::USER_POWER_ALLOW) {
return '权限不足';
}
return $unit->delete();
} catch (\Exception $e) {
return 'StaleObject';
}
}
/**
* (void) validateAttribute : 校验当前用户是否取得单位编码的完全访问权限
* @param \yii\base\Model $model
* @param string $attribute
*/
public function validateAttribute($model, $attribute)
{
/** @var integer $user_id 当前用户ID */
$user_id = Yii::$app->user->identity->id;
/** @var string $unitcode 校验单位编码 */
$unitcode = $model->{$attribute};
switch ($attribute) {
case 'unitcode':
//修改
if (Unit::findOne(['unitcode' => $unitcode]) && MapUnit::getUserPower($user_id, $unitcode) != MapUnit::USER_POWER_ALLOW) {
$this->addError($model, $attribute, '你没有单位(部门)『' . $unitcode . '』的『完全访问』权限.');
}
break;
case 'upunitcode':
//新增
if (!Unit::findOne(['upunitcode' => $unitcode]) && MapUnit::getUserPower($user_id, $unitcode) < MapUnit::USER_POWER_VIEW_DEPT) {
$this->addError($model, $attribute, '你没有单位(部门)『' . $unitcode . '』的『完全访问』权限.');
}
break;
}
}
/**
* (返回更新的记录数) userPowerUpdate :
* @param $currentUID integer 当前登录的用户ID
* @param $setUID integer 需要设置单位权限的用户ID
* @param $permission integer 单位权限级别
* @param $unitcode string 单位编码
* @param int $type 更新类型
* @return 返回更新的记录数
* @throws \yii\db\Exception
*/
private function userPowerUpdate($currentUID, $setUID, $permission, $unitcode, $type = self::UPDATE_SELF)
{
/** @var $result 返回更新的记录数*/
$result = 0;
/** @var $adminRole string 在Preferences中配置,classmark:sSystem */
$adminRole = Preferences::get('sSystem', 'adminRole');
//超级管理员
/** @var $role \yii\rbac\Role[] 当前用户角色数组*/
$role = Yii::$app->authManager->getRolesByUser(Yii::$app->user->identity->id);
/** @var $is_admin boolean 是否为超级管理员*/
$is_admin = array_key_exists($adminRole, $role);
$unitlist = $unitcode;
switch ($type) {
case self::UPDATE_CHILDLIST:
$unitlist = Unit::getChildList($unitcode);
break;
case self::UPDATE_PARENTLIST:
$unitlist = Unit::getParentList($unitcode);
break;
}
$SQL = "REPLACE INTO `map_unit`(`user_id`, `unitcode`, `user_power`) " . " SELECT {$setUID}, cur_mu.unitcode, CASE WHEN cur_mu.user_power >= :user_power THEN :user_power ELSE cur_mu.user_power END FROM " . " (SELECT unitcode, user_power FROM `map_unit` WHERE `user_id` = :currentUID AND FIND_IN_SET(unitcode,:unitlist)) cur_mu " . " LEFT JOIN (SELECT unitcode, user_power FROM `map_unit` WHERE `user_id` = :setUID ) set_mu ON (cur_mu.unitcode = set_mu.unitcode) " . " WHERE (set_mu.user_power <= cur_mu.user_power and set_mu.user_power <> :user_power or set_mu.user_power IS NULL)";
//超级管理员
if ($is_admin) {
$SQL = "REPLACE INTO `map_unit`(`user_id`, `unitcode`, `user_power`) " . " SELECT {$setUID}, u.unitcode, {$permission} FROM " . " (SELECT unitcode FROM `unit` WHERE FIND_IN_SET(unitcode,:unitlist)) u " . " LEFT JOIN (SELECT unitcode, user_power FROM `map_unit` WHERE `user_id` = :setUID ) set_mu ON (u.unitcode = set_mu.unitcode) " . " WHERE :currentUID > 0 and (set_mu.user_power <> :user_power or set_mu.user_power IS NULL)";
}
$result = Yii::$app->db->createCommand($SQL)->bindValues([':currentUID' => $currentUID, ':user_power' => $permission, ':unitlist' => $unitlist, ':setUID' => $setUID])->execute();
if ($permission == MapUnit::USER_POWER_DENY) {
//清除禁止访问的
MapUnit::deleteAll(['user_power' => MapUnit::USER_POWER_DENY]);
}
return $result;
}
/**
* @return \yii\db\ActiveQuery
*/
public function getMapUnits()
{
return $this->hasMany(MapUnit::className(), ['unitcode' => 'unitcode']);
}
