MRoleAcl.Class.php 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242
  1. <?php
  2. /**
  3. * 角色权限管理Model
  4. * Created by PhpStorm.
  5. * User: 小威
  6. * Date: 2019/11/08
  7. * Time: 16:00
  8. */
  9. namespace JinDouYun\Model\Department;
  10. use Jindouyun\Cache\RoleAclCache;
  11. use JinDouYun\Model\System\MModule;
  12. use Mall\Framework\Core\ErrorCode;
  13. use Mall\Framework\Core\StatusCode;
  14. use Mall\Framework\Core\ResultWrapper;
  15. use JinDouYun\Dao\Department\DRoleAcl;
  16. class MRoleAcl
  17. {
  18. private $objDRoleAcl;
  19. private $enterpriseId;
  20. public function __construct($enterpriseId)
  21. {
  22. $this->objDRoleAcl = new DRoleAcl('default');
  23. $this->enterpriseId = $enterpriseId;
  24. $this->objDRoleAcl->setTable('qianniao_role_acl_'.$enterpriseId);
  25. }
  26. /**
  27. * 角色权限添加
  28. * @param $params
  29. * @return ResultWrapper
  30. */
  31. public function addRoleAcl($params)
  32. {
  33. //判断是否已设置过权限
  34. $where = ['roleId'=>$params['roleId']];
  35. if(isset($params['userCenterId']) && $params['userCenterId']) {
  36. $where['userCenterId'] = $params['userCenterId'];
  37. }
  38. $result = self::getRoleAclInfo($where);
  39. if($result->isSuccess() == false) {
  40. return ResultWrapper::fail($result->getData(), $result->getErrorCode());
  41. }
  42. $resultData = $result->getData();
  43. if(!empty($resultData)) {
  44. //修改权限
  45. $dbResult = $this->objDRoleAcl->update($params,$where);
  46. }else {
  47. $dbResult = $this->objDRoleAcl->insert($params);
  48. }
  49. if($dbResult === false){
  50. return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror);
  51. }else{
  52. return ResultWrapper::success($dbResult);
  53. }
  54. }
  55. /**
  56. * 角色权限详情
  57. * @param $params
  58. * @return ResultWrapper
  59. */
  60. public function getRoleAclInfo($params)
  61. {
  62. $dbResult = $this->objDRoleAcl->get($params);
  63. if($dbResult === false){
  64. return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror);
  65. }else{
  66. return ResultWrapper::success(self::format($dbResult));
  67. }
  68. }
  69. /**
  70. * 删除权限
  71. * @param $params
  72. * @return ResultWrapper
  73. */
  74. public function deleteRoleAcl($params) {
  75. $dbResult = $this->objDRoleAcl->delete($params);
  76. if($dbResult === false){
  77. return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror);
  78. }else{
  79. return ResultWrapper::success(self::format($dbResult));
  80. }
  81. }
  82. public function getRoleAclByUserCenterId($userCenterId) {
  83. //查出当前用户所属的角色组
  84. $objRoleAclCache = new RoleAclCache();
  85. $roleId = $objRoleAclCache->getRoleIdOfStaff($this->enterpriseId, $userCenterId);
  86. if(!$roleId){
  87. return ResultWrapper::success(['isAdministrator' => false,'custom' => [],'dataField'=>[]]);
  88. }
  89. //查出角色组拥有的权限,判断当前请求的url是否在权限范围内
  90. $roleAcl = $objRoleAclCache->getRoleIdAndAcl($this->enterpriseId, $roleId);
  91. if(empty($roleAcl)) {
  92. return ResultWrapper::success(['isAdministrator' => false,'custom' => [],'dataField'=>[]]);
  93. }
  94. //如果角色是超级管理员
  95. if($roleAcl['isAdministrator'] == StatusCode::$standard) {
  96. return ResultWrapper::success([
  97. 'isAdministrator' => true,
  98. 'custom' => [],
  99. 'dataField'=>[],
  100. ]);
  101. }
  102. //非超级管理员
  103. //TODO:查出用户拥有的附加权限
  104. //$userAcl = $this->objDRoleAcl->get(['userCenterId'=>$userCenterId]);
  105. //$userAclList = !empty($userAcl['acl']) ? json_decode($userAcl['acl'],true) : [];
  106. $userAclList = [];
  107. $roleAcl['acl'] = !empty($roleAcl['acl']) ? $roleAcl['acl'] : [];
  108. $allAclList = array_merge($roleAcl['acl'],$userAclList);
  109. $custom = [];
  110. $allAcl = [];
  111. if(!empty($allAclList)) {
  112. // id 和 alias 映射数据
  113. foreach ($allAclList as $k => $v){
  114. $allAcl[$v['id']] = $v['alias'];
  115. }
  116. foreach ($allAclList as $key=>$value) {
  117. // 同样名称的只添加一次
  118. if( !in_array($value['alias'], $custom) && $value['pid'] == 0){
  119. $custom[] = $value['alias'];
  120. }else{ // 相同别名,不同父类的,追加分类别名作为一个新别名添加
  121. if(isset($allAcl[$value['pid']])){
  122. $custom[] = $allAcl[$value['pid']].'_'.$value['alias'];
  123. }
  124. }
  125. }
  126. }
  127. // 获取数据域权限
  128. $dataField = $objRoleAclCache->getStaffUidAndDataField($this->enterpriseId, $userCenterId);
  129. if(empty($dataField)) {
  130. return ResultWrapper::success(['isAdministrator' => false,'custom' => $custom,'dataField'=>[]]);
  131. }
  132. return ResultWrapper::success([
  133. 'isAdministrator' => false,
  134. 'custom' => $custom, //自定义的权限
  135. 'dataField'=>$dataField,
  136. ]);
  137. }
  138. /**
  139. * 格式化角色权限
  140. * @param $data
  141. * @return mixed
  142. */
  143. public function format($data)
  144. {
  145. if(!isset($data['acl'])) {
  146. return $data;
  147. }
  148. $aclList =json_decode($data['acl'], true);
  149. unset($data['acl']);
  150. foreach ($aclList as $key=>$acl) {
  151. $data['acl'][$acl['id']] = $acl;
  152. }
  153. return $data;
  154. }
  155. public function initCache()
  156. {
  157. $dbResult = $this->objDRoleAcl->select();
  158. if($dbResult === false){
  159. return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror);
  160. }
  161. $objRoleAclCache = new RoleAclCache();
  162. $objMModule = new MModule();
  163. foreach($dbResult as $value){
  164. if(!empty($value['acl'])){
  165. $value['acl'] = json_decode($value['acl'], true);
  166. if($value['isAdministrator'] == 5){
  167. //缓存超级管理员
  168. $objRoleAclCache->addAdministrator($this->enterpriseId, $value['roleId']);
  169. continue;
  170. }
  171. $data = [];
  172. //缓存角色绑定权限
  173. foreach($value['acl'] as $v){
  174. $modelResult = $objMModule->getDataModule(['id' => $v['id'], 'deleteStatus' => 5, 'enableStatus' => 5]);
  175. if(!$modelResult->isSuccess()){
  176. return ResultWrapper::fail($modelResult->getData(), $modelResult->getErrorCode());
  177. }
  178. $module = $modelResult->getData();
  179. if(!empty($module)){
  180. $v = $module[0];
  181. if(!empty($v)){
  182. $data[] = $v;
  183. if(!empty($v['extend'])){
  184. $objRoleAclCache->addAuthorityBindRole($this->enterpriseId, $value['roleId'], $v['extend']);
  185. }
  186. $v['associate'] = json_decode($v['associate'], true);
  187. if(!empty($v['associate'])){
  188. $modelResult = $objMModule->getDataModule(['id' => $v['associate']]);
  189. if(!$modelResult->isSuccess()){
  190. return ResultWrapper::fail($modelResult->getData(), $modelResult->getErrorCode());
  191. }
  192. $array = $modelResult->getData();
  193. foreach($array as $vv){
  194. if(!empty($vv['extend'])){
  195. $objRoleAclCache->addAuthorityBindRole($this->enterpriseId, $value['roleId'], $vv['extend']);
  196. }
  197. }
  198. }
  199. }
  200. }
  201. }
  202. $acl = json_encode($data);
  203. $result = $this->objDRoleAcl->update(['acl' => $acl], ['id' => $value['id']]);
  204. if($result === false){
  205. return ResultWrapper::fail($this->objDRoleAcl->error(), ErrorCode::$dberror);
  206. }
  207. }else{
  208. if($value['isAdministrator'] == 5){
  209. //缓存超级管理员
  210. $objRoleAclCache->addAdministrator($this->enterpriseId, $value['roleId']);
  211. continue;
  212. }
  213. }
  214. }
  215. return ResultWrapper::success('初始化成功');
  216. }
  217. }