/**
* 修改权限
*
* @param ORM_Admin_Member_Data $member
* @throws Exception
*/
protected function change_member_perm(ORM_Admin_Member_Data $member)
{
if ($member->id > 0 && $member->id == $this->session()->member()) {
throw new Exception('系统不允许管理员操作自己的权限', -1);
}
# 不是自定义的权限,全部清理掉
if ($_POST['zdy_perm'] != 1) {
unset($_POST['perm_setting']);
}
if ($this->session()->member()->perm()->is_super_perm()) {
# 超管
if ($member->is_super_admin != $_POST['is_super_admin']) {
$member->is_super_admin = $_POST['is_super_admin'] ? 1 : 0;
if ($member->is_super_admin) {
# 标记为设置为超级管理员
$this->change_to_super_admin = true;
}
}
$perm_setting = $_POST['perm_setting'];
if (isset($member->setting['_group_admin'])) {
unset($member->setting['_group_admin']);
}
if ($_POST['manage_groups']) {
foreach ($_POST['manage_groups'] as $g => $setting) {
$gid = substr($g, 1);
if ($setting['edit_group']) {
$member->setting['_group_admin']['can_edit_group'] = 1;
}
foreach ($setting as $k => $s) {
if ($s) {
$member->setting['_group_admin']['is_group_manager'] = 1;
break;
}
}
}
}
} else {
# 非超管处理
if ($member->is_super_admin) {
throw new Exception('您不具备操作此管理员的权限', -1);
}
if ($_POST['is_super_admin']) {
throw new Exception('您不具备提升管理员为超管的权限', -1);
}
if ($member > 0) {
# 旧组
$old_groups = $member->groups()->ids();
asort($old_groups);
} else {
$old_groups = array();
}
# 新组
$new_groups = $_POST['group_ids'] ? (array) $_POST['group_ids'] : array();
asort($new_groups);
# 添加的权限
$new_diff_group = array_diff($new_groups, $old_groups);
# 删除掉的权限
$del_diff_group = array_diff($old_groups, $new_groups);
# 差别的权限
$diff_group = array_merge($new_diff_group, $del_diff_group);
# 当前用户的组权限设置
$my_groups_setting = $this->session()->member()->groups_setting();
$my_groups = $this->session()->member()->groups()->ids();
asort($my_groups);
if (array_diff($old_groups, $my_groups)) {
throw new Exception('您不在此用户某个权限组中,所以您不能对此用户进行操作', -1);
}
if (array_diff($new_groups, $my_groups)) {
throw new Exception('您为此用户设定的新权限组不在您的权限范围内', -1);
}
if (!$this->check_auth_for_perm($member)) {
if (!$new_groups) {
if ($old_groups) {
foreach ($old_groups as $gid) {
if (!($my_groups_setting[$gid]['del_user'] == 1 || $my_groups_setting[$gid]['remove_user'] == 1)) {
throw new Exception('您不具备当前组相应权限', -1);
}
}
} else {
throw new Exception($member->id > 0 ? '您不具备相应权限' : '创建新成员时必须选择一个组', -1);
}
} else {
foreach ($new_groups as $gid) {
if ($member->id) {
if ($my_groups_setting[$gid]['edit_users'] != 1) {
throw new Exception('您不具备当前组相应权限', -1);
}
} else {
if ($my_groups_setting[$gid]['add_user'] != 1) {
throw new Exception('您不具备当前组相应权限', -1);
}
}
}
}
}
if ($new_diff_group) {
foreach ($new_diff_group as $gourp_id) {
# 将用户添加相应的组
if ($my_groups_setting[$gourp_id]['add_user'] != 1) {
throw new Exception('您不具备添加当前组成员的权限', -1);
}
}
}
if ($del_diff_group) {
foreach ($del_diff_group as $gourp_id) {
# 将用户从此组移除/删除
if (!($my_groups_setting[$gourp_id]['del_user'] == 1 || $my_groups_setting[$gourp_id]['remove_user'] == 1)) {
throw new Exception('您不具备移除当前组成员的权限', -1);
}
}
}
if ($diff_group) {
# 标志为修改组
$this->is_change_group = true;
# 新旧管理组不一样
$orm_group = new ORM_Admin_MemberGroup_Finder();
$groups = $orm_group->in('id', $new_groups)->find(null, true);
$new_group_perm_setting = array();
foreach ($groups as $item) {
# 合并权限
$new_group_perm_setting = Arr::merge($new_group_perm_setting, $item->perm_setting);
}
# 修改权限组需要验证一下新权限
Controller_Administrator__Index::check_perm_data($new_group_perm_setting);
}
if ($_POST['perm_setting'] && is_array($_POST['perm_setting'])) {
# 检查提交的额外权限
$perm_setting = Controller_Administrator__Index::check_perm_data($_POST['perm_setting']);
}
if (isset($member->setting['_group_admin'])) {
unset($member->setting['_group_admin']);
}
if ($_POST['manage_groups']) {
foreach ($_POST['manage_groups'] as $g => $setting) {
/*
$_POST['manage_groups'] = array(
'g1' => array(...),
'g2' => array(...),
);
*/
# 需要截取掉g
$gid = substr($g, 1);
if ($setting['edit_group'] == 1) {
$member->setting['_group_admin']['can_edit_group'] = 1;
}
foreach ($setting as $k => $s) {
if ($s) {
$member->setting['_group_admin']['is_group_manager'] = 1;
if ($my_groups_setting[$gid][$k] != 1) {
throw new Exception('设定的组权限超出您的组权限', -1);
}
}
}
}
}
}
# 设置数据
$member->perm_setting = $perm_setting ? $perm_setting : null;
}
/**
* 保存数据
*
* @param ORM_Admin_MemberGroup_Data $group
*/
protected function save(ORM_Admin_MemberGroup_Data $group)
{
if (isset($_POST['group_name']) && $this->check_auth_for_info($group)) {
if (empty($_POST['group_name'])) {
$this->message('权限组名称不能空', 0);
}
if (strlen($_POST['group_desc']) > 1000) {
$this->message('权限组说明太长了,限定1000个字符', 0);
}
$group->group_name = $_POST['group_name'];
$group->group_desc = $_POST['group_desc'];
$group->sort = (int) $_POST['sort'];
# 群设置
if (isset($_POST['setting']['menu_config']) && !$this->session()->member()->perm()->is_own('administrator.edit_menu_config')) {
# 若不具备菜单管理权限,则清除此配置
unset($_POST['setting']['menu_config']);
}
$data = (array) $group->setting;
if (is_array($_POST['setting'])) {
foreach ($_POST['setting'] as $k => $v) {
$data[$k] = $v;
}
}
$group->setting = $data;
}
# 处理权限
if (isset($_POST['perm_setting']) && is_array($_POST['perm_setting']) && $this->check_auth_for_perm($group)) {
try {
$perm_setting = Controller_Administrator__Index::check_perm_data($_POST['perm_setting']);
} catch (Exception $e) {
$this->message($e->getMessage(), $e->getCode());
}
# 设置数据
$group->perm_setting = $perm_setting;
}
try {
if ($group->id) {
$s = $group->update();
} else {
# 指定项目
$group->project = Core::$project;
$s = $group->insert();
}
if ($s) {
$this->message('保存成功', 1);
} else {
$this->message('未保存任何数据');
}
} catch (Exception $e) {
Core::debug()->error($e->getMessage());
$this->message('保存失败,请重试', -1);
}
}
