/** 自动增加数据权限功能,在所有的查询语句中追加数据权限控制条件 **/
protected function _options_filter(&$options)
{
/**
* 增加数据权限域管理的功能。
* */
//if(APP_DEBUG) new \Think\Log::write(var_export($options,true).MODULE_NAME."|".CONTROLLER_NAME."__options",'INFO');
if ($this->skipDataPowerCheck || DxFunction::checkInNotArray(C('DP_NOT_CHECK_MODEL'), array(), $this->name)) {
return;
}
$dataPowerFieldW = array();
$dataPowerFieldPublic = "";
$dbFields = $this->getDbFields();
$dataPowerFieldDelete = "";
//if(APP_DEBUG) Log::write(var_export($dbFields,true).MODULE_NAME."|".ACTION_NAME."__dbFields",Log::INFO);
//追加数据删除字段标志,,直接追加Where条件。
if (is_array(C('DELETE_TAGS'))) {
foreach (C('DELETE_TAGS') as $key => $val) {
if (in_array($key, $dbFields)) {
$dataPowerFieldDelete[] = sprintf("%s!='%s'", $key, $val);
}
}
}
if (is_array(C('DP_POWER_FIELDS')) && sizeof(C('DP_POWER_FIELDS')) > 0 && (!array_key_exists("DP_ADMIN", $_SESSION) || !$_SESSION["DP_ADMIN"])) {
//为了提高代码执行效率
//某些模块不需要进行数据域验证,比如:登录;;管理员也不受此限制
if (!DxFunction::checkNotAuth(C('DP_NOT_CHECK_ACTION'))) {
//方法一、是将表名直接转换为一个SQL子语句。。。这个要处理UPDATE太麻烦。
// $dataPowerTable = sprintf("(SELECT * FROM %s WHER %s like '%s%%' AND %s like '%s%%')",
// $options['table'],C("DX_DATA_POWER_DEPT"),$_SESSION["dept_code"],C("DX_DATA_POWER_AREA"),$_SESSION["area_code"]);
//
// if(!empty($options['alias'])) {
// $options['select_table'] = $dataPowerTable.' '.$options['alias'];
// }else{
// $options['select_table'] = $dataPowerTable.' '.$options['table'];
// }
//方法二、将所有的where追加一些条件。难点是要判断where的类型:string、array、object
// print_r($dp_fields);
foreach (C('DP_POWER_FIELDS') as $dp_fields) {
$dataPowerOneW = array();
$field_name = $dp_fields["field_name"];
//如果没有定义session的名称,则使用字段名称。
if (array_key_exists("session_field", $dp_fields)) {
$session_field_name = $dp_fields["session_field"];
} else {
$session_field_name = $field_name;
}
//Log::write("field".var_export($dp_fields,true).MODULE_NAME."|".ACTION_NAME."__DP_POWER_FIELDS",Log::INFO);
//Log::write("field".var_export($dbFields,true).MODULE_NAME."|".ACTION_NAME."__DBFIELDs",Log::INFO);
if ($dp_fields["type"] & self::DP_TYPE_ENABLE && isset($_SESSION[$session_field_name]) && array_search($field_name, $dbFields, true)) {
//Log::write($session_field_name."_field_".var_export($_SESSION,true).MODULE_NAME."|".ACTION_NAME."SESSION",Log::INFO);
if (is_array($_SESSION[$session_field_name])) {
foreach ($_SESSION[$session_field_name] as $key => $val) {
if (!empty($val)) {
switch ($dp_fields["operator"]) {
case "eq":
$dataPowerOneW[] = sprintf("%s='%s'", $field_name, $val);
break;
default:
$dataPowerOneW[] = sprintf("%s like '%s%%'", $field_name, $val);
break;
}
}
}
} else {
if (!empty($_SESSION[$session_field_name])) {
switch ($dp_fields["operator"]) {
case "eq":
$dataPowerOneW[] = sprintf("%s='%s'", $field_name, $_SESSION[$session_field_name]);
break;
default:
$dataPowerOneW[] = sprintf("%s like '%s%%'", $field_name, $_SESSION[$session_field_name]);
break;
}
}
}
}
if ($dp_fields["type"] & self::DP_TYPE_PUBLIC && array_search($field_name, $dbFields, true)) {
$dataPowerFieldPublic = $field_name . "=1";
}
if (!empty($dataPowerOneW)) {
$dataPowerFieldW[] = "(" . implode(" OR ", $dataPowerOneW) . ")";
}
}
}
}
//dump($this->name);
//大部分人员,喜欢使用管理员来操作数据,所以删除标记的数据,管理员也不能看到。
$tempOptionsWhere = "";
if (!empty($dataPowerFieldW)) {
$tempOptionsWhere = $this->addOptionsWhere($dataPowerFieldPublic, implode(" AND ", $dataPowerFieldW), "OR");
}
$tempOptionsWhere = $this->addOptionsWhere($tempOptionsWhere, implode(" AND ", $dataPowerFieldDelete), "AND");
//dump($options["where"]);
$options["where"] = $this->addOptionsWhere($options["where"], $tempOptionsWhere, "AND");
//dump($dataPowerFieldW);dump($options["where"]);
//if(APP_DEBUG) new \Think\Log::write(var_export($dataPowerFieldDelete,true).$this->name."|".MODULE_NAME."|".ACTION_NAME."dataPowerFieldDelete",Log::INFO);
//if(APP_DEBUG) new \Think\Log::write(var_export($dataPowerFieldW,true).MODULE_NAME."|".ACTION_NAME."dataPowerFieldW",Log::INFO);
//if(APP_DEBUG) new \Think\Log::write(var_export($dataPowerFieldPublic,true).MODULE_NAME."|".ACTION_NAME."dataPowerFieldPublic",Log::INFO);
}
