/** 自动增加数据权限功能,在所有的查询语句中追加数据权限控制条件 **/ protected function _options_filter(&$options) { /** * 增加数据权限域管理的功能。 * */ //if(APP_DEBUG) new \Think\Log::write(var_export($options,true).MODULE_NAME."|".CONTROLLER_NAME."__options",'INFO'); if ($this->skipDataPowerCheck || DxFunction::checkInNotArray(C('DP_NOT_CHECK_MODEL'), array(), $this->name)) { return; } $dataPowerFieldW = array(); $dataPowerFieldPublic = ""; $dbFields = $this->getDbFields(); $dataPowerFieldDelete = ""; //if(APP_DEBUG) Log::write(var_export($dbFields,true).MODULE_NAME."|".ACTION_NAME."__dbFields",Log::INFO); //追加数据删除字段标志,,直接追加Where条件。 if (is_array(C('DELETE_TAGS'))) { foreach (C('DELETE_TAGS') as $key => $val) { if (in_array($key, $dbFields)) { $dataPowerFieldDelete[] = sprintf("%s!='%s'", $key, $val); } } } if (is_array(C('DP_POWER_FIELDS')) && sizeof(C('DP_POWER_FIELDS')) > 0 && (!array_key_exists("DP_ADMIN", $_SESSION) || !$_SESSION["DP_ADMIN"])) { //为了提高代码执行效率 //某些模块不需要进行数据域验证,比如:登录;;管理员也不受此限制 if (!DxFunction::checkNotAuth(C('DP_NOT_CHECK_ACTION'))) { //方法一、是将表名直接转换为一个SQL子语句。。。这个要处理UPDATE太麻烦。 // $dataPowerTable = sprintf("(SELECT * FROM %s WHER %s like '%s%%' AND %s like '%s%%')", // $options['table'],C("DX_DATA_POWER_DEPT"),$_SESSION["dept_code"],C("DX_DATA_POWER_AREA"),$_SESSION["area_code"]); // // if(!empty($options['alias'])) { // $options['select_table'] = $dataPowerTable.' '.$options['alias']; // }else{ // $options['select_table'] = $dataPowerTable.' '.$options['table']; // } //方法二、将所有的where追加一些条件。难点是要判断where的类型:string、array、object // print_r($dp_fields); foreach (C('DP_POWER_FIELDS') as $dp_fields) { $dataPowerOneW = array(); $field_name = $dp_fields["field_name"]; //如果没有定义session的名称,则使用字段名称。 if (array_key_exists("session_field", $dp_fields)) { $session_field_name = $dp_fields["session_field"]; } else { $session_field_name = $field_name; } //Log::write("field".var_export($dp_fields,true).MODULE_NAME."|".ACTION_NAME."__DP_POWER_FIELDS",Log::INFO); //Log::write("field".var_export($dbFields,true).MODULE_NAME."|".ACTION_NAME."__DBFIELDs",Log::INFO); if ($dp_fields["type"] & self::DP_TYPE_ENABLE && isset($_SESSION[$session_field_name]) && array_search($field_name, $dbFields, true)) { //Log::write($session_field_name."_field_".var_export($_SESSION,true).MODULE_NAME."|".ACTION_NAME."SESSION",Log::INFO); if (is_array($_SESSION[$session_field_name])) { foreach ($_SESSION[$session_field_name] as $key => $val) { if (!empty($val)) { switch ($dp_fields["operator"]) { case "eq": $dataPowerOneW[] = sprintf("%s='%s'", $field_name, $val); break; default: $dataPowerOneW[] = sprintf("%s like '%s%%'", $field_name, $val); break; } } } } else { if (!empty($_SESSION[$session_field_name])) { switch ($dp_fields["operator"]) { case "eq": $dataPowerOneW[] = sprintf("%s='%s'", $field_name, $_SESSION[$session_field_name]); break; default: $dataPowerOneW[] = sprintf("%s like '%s%%'", $field_name, $_SESSION[$session_field_name]); break; } } } } if ($dp_fields["type"] & self::DP_TYPE_PUBLIC && array_search($field_name, $dbFields, true)) { $dataPowerFieldPublic = $field_name . "=1"; } if (!empty($dataPowerOneW)) { $dataPowerFieldW[] = "(" . implode(" OR ", $dataPowerOneW) . ")"; } } } } //dump($this->name); //大部分人员,喜欢使用管理员来操作数据,所以删除标记的数据,管理员也不能看到。 $tempOptionsWhere = ""; if (!empty($dataPowerFieldW)) { $tempOptionsWhere = $this->addOptionsWhere($dataPowerFieldPublic, implode(" AND ", $dataPowerFieldW), "OR"); } $tempOptionsWhere = $this->addOptionsWhere($tempOptionsWhere, implode(" AND ", $dataPowerFieldDelete), "AND"); //dump($options["where"]); $options["where"] = $this->addOptionsWhere($options["where"], $tempOptionsWhere, "AND"); //dump($dataPowerFieldW);dump($options["where"]); //if(APP_DEBUG) new \Think\Log::write(var_export($dataPowerFieldDelete,true).$this->name."|".MODULE_NAME."|".ACTION_NAME."dataPowerFieldDelete",Log::INFO); //if(APP_DEBUG) new \Think\Log::write(var_export($dataPowerFieldW,true).MODULE_NAME."|".ACTION_NAME."dataPowerFieldW",Log::INFO); //if(APP_DEBUG) new \Think\Log::write(var_export($dataPowerFieldPublic,true).MODULE_NAME."|".ACTION_NAME."dataPowerFieldPublic",Log::INFO); }