objDRoleAcl = new DRoleAcl('default'); $this->enterpriseId = $enterpriseId; $this->objDRoleAcl->setTable('qianniao_role_acl_'.$enterpriseId); } /** * 角色权限添加 * @param $params * @return ResultWrapper */ public function addRoleAcl($params) { //判断是否已设置过权限 $where = ['roleId'=>$params['roleId']]; if(isset($params['userCenterId']) && $params['userCenterId']) { $where['userCenterId'] = $params['userCenterId']; } $result = self::getRoleAclInfo($where); if($result->isSuccess() == false) { return ResultWrapper::fail($result->getData(), $result->getErrorCode()); } $resultData = $result->getData(); if(!empty($resultData)) { //修改权限 $dbResult = $this->objDRoleAcl->update($params,$where); }else { $dbResult = $this->objDRoleAcl->insert($params); } if($dbResult === false){ return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror); }else{ return ResultWrapper::success($dbResult); } } /** * 角色权限详情 * @param $params * @return ResultWrapper */ public function getRoleAclInfo($params) { $dbResult = $this->objDRoleAcl->get($params); if($dbResult === false){ return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror); }else{ return ResultWrapper::success(self::format($dbResult)); } } /** * 删除权限 * @param $params * @return ResultWrapper */ public function deleteRoleAcl($params) { $dbResult = $this->objDRoleAcl->delete($params); if($dbResult === false){ return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror); }else{ return ResultWrapper::success(self::format($dbResult)); } } public function getRoleAclByUserCenterId($userCenterId) { //查出当前用户所属的角色组 $objRoleAclCache = new RoleAclCache(); $roleId = $objRoleAclCache->getRoleIdOfStaff($this->enterpriseId, $userCenterId); if(!$roleId){ return ResultWrapper::success(['isAdministrator' => false,'custom' => [],'dataField'=>[]]); } //查出角色组拥有的权限，判断当前请求的url是否在权限范围内 $roleAcl = $objRoleAclCache->getRoleIdAndAcl($this->enterpriseId, $roleId); if(empty($roleAcl)) { return ResultWrapper::success(['isAdministrator' => false,'custom' => [],'dataField'=>[]]); } //如果角色是超级管理员 if($roleAcl['isAdministrator'] == StatusCode::$standard) { return ResultWrapper::success([ 'isAdministrator' => true, 'custom' => [], 'dataField'=>[], ]); } //非超级管理员 //TODO:查出用户拥有的附加权限 //$userAcl = $this->objDRoleAcl->get(['userCenterId'=>$userCenterId]); //$userAclList = !empty($userAcl['acl']) ? json_decode($userAcl['acl'],true) : []; $userAclList = []; $roleAcl['acl'] = !empty($roleAcl['acl']) ? $roleAcl['acl'] : []; $allAclList = array_merge($roleAcl['acl'],$userAclList); $custom = []; $allAcl = []; if(!empty($allAclList)) { // id 和 alias 映射数据 foreach ($allAclList as $k => $v){ $allAcl[$v['id']] = $v['alias']; } foreach ($allAclList as $key=>$value) { // 同样名称的只添加一次 if( !in_array($value['alias'], $custom) && $value['pid'] == 0){ $custom[] = $value['alias']; }else{ // 相同别名，不同父类的，追加分类别名作为一个新别名添加 if(isset($allAcl[$value['pid']])){ $custom[] = $allAcl[$value['pid']].'_'.$value['alias']; } } } } // 获取数据域权限 $dataField = $objRoleAclCache->getStaffUidAndDataField($this->enterpriseId, $userCenterId); if(empty($dataField)) { return ResultWrapper::success(['isAdministrator' => false,'custom' => $custom,'dataField'=>[]]); } return ResultWrapper::success([ 'isAdministrator' => false, 'custom' => $custom, //自定义的权限 'dataField'=>$dataField, ]); } /** * 格式化角色权限 * @param $data * @return mixed */ public function format($data) { if(!isset($data['acl'])) { return $data; } $aclList =json_decode($data['acl'], true); unset($data['acl']); foreach ($aclList as $key=>$acl) { $data['acl'][$acl['id']] = $acl; } return $data; } public function initCache() { $dbResult = $this->objDRoleAcl->select(); if($dbResult === false){ return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror); } $objRoleAclCache = new RoleAclCache(); $objMModule = new MModule(); foreach($dbResult as $value){ if(!empty($value['acl'])){ $value['acl'] = json_decode($value['acl'], true); if($value['isAdministrator'] == 5){ //缓存超级管理员 $objRoleAclCache->addAdministrator($this->enterpriseId, $value['roleId']); continue; } $data = []; //缓存角色绑定权限 foreach($value['acl'] as $v){ $modelResult = $objMModule->getDataModule(['id' => $v['id'], 'deleteStatus' => 5, 'enableStatus' => 5]); if(!$modelResult->isSuccess()){ return ResultWrapper::fail($modelResult->getData(), $modelResult->getErrorCode()); } $module = $modelResult->getData(); if(!empty($module)){ $v = $module[0]; if(!empty($v)){ $data[] = $v; if(!empty($v['extend'])){ $objRoleAclCache->addAuthorityBindRole($this->enterpriseId, $value['roleId'], $v['extend']); } $v['associate'] = json_decode($v['associate'], true); if(!empty($v['associate'])){ $modelResult = $objMModule->getDataModule(['id' => $v['associate']]); if(!$modelResult->isSuccess()){ return ResultWrapper::fail($modelResult->getData(), $modelResult->getErrorCode()); } $array = $modelResult->getData(); foreach($array as $vv){ if(!empty($vv['extend'])){ $objRoleAclCache->addAuthorityBindRole($this->enterpriseId, $value['roleId'], $vv['extend']); } } } } } } $acl = json_encode($data); $result = $this->objDRoleAcl->update(['acl' => $acl], ['id' => $value['id']]); if($result === false){ return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror); } }else{ if($value['isAdministrator'] == 5){ //缓存超级管理员 $objRoleAclCache->addAdministrator($this->enterpriseId, $value['roleId']); continue; } } } return ResultWrapper::success('初始化成功'); } }