You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
wkcrm/extend/com/HonrayAuth.php

177 lines
6.2 KiB

4 years ago
<?php
// +----------------------------------------------------------------------
// | Author: linchuangbin
// +----------------------------------------------------------------------
namespace com;
use think\Db;
class HonrayAuth{
//默认配置
public $_config = array(
'AUTH_ON' => true, // 认证开关
'AUTH_TYPE' => 1, // 认证方式1为实时认证2为登录认证。
'AUTH_GROUP' => 'admin_group', // 用户组数据表名
'AUTH_GROUP_ACCESS' => 'admin_access', // 用户-用户组关系表
'AUTH_RULE' => 'admin_rule', // 权限规则表
'AUTH_USER' => 'admin_user' // 用户信息表
);
private $auth_key;
public function __construct($auth_key) {
$this->auth_key = $auth_key;
$this->_config['AUTH_GROUP'] = $this->_config['AUTH_GROUP'];
$this->_config['AUTH_RULE'] = $this->_config['AUTH_RULE'];
$this->_config['AUTH_USER'] = $this->_config['AUTH_USER'];
$this->_config['AUTH_GROUP_ACCESS'] = $this->_config['AUTH_GROUP_ACCESS'];
if (config('AUTH_CONFIG')) {
//可设置配置项 AUTH_CONFIG, 此配置项为数组。
$this->_config = array_merge($this->_config, config('AUTH_CONFIG'));
}
}
/**
* 检查权限
* @param name string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组
* @param uid int 认证用户的id
* @return boolean 通过验证返回true;失败返回false
*/
public function check($name, $uid, $relation = 'or') {
if (!$this->_config['AUTH_ON'])
return true;
$authList = $this->getAuthList($uid); //获取用户需要验证的所有有效规则列表
if (is_string($name)) {
$name = strtolower($name);
if (strpos($name, ',') !== false) {
$name = explode(',', $name);
} else {
$name = array($name);
}
}
if (is_array($name)) {
foreach ($name as $k => $v) {
$name[$k] = strtolower($v);
}
}
$list = array(); //保存验证通过的规则名
foreach ( $authList as $auth ) {
if (in_array($auth , $name)){
$list[] = $auth ;
}
}
if ($relation == 'or' and !empty($list)) {
return true;
}
$diff = array_diff($name, $list);
if ($relation == 'and' and empty($diff)) {
return true;
}
return false;
}
/**
* 根据用户id获取用户组,返回值为数组
* @param uid int 用户id
* @return array 用户所属的用户组 array(
* array('uid'=>'用户id','group_id'=>'用户组id','title'=>'用户组名称','rules'=>'用户组拥有的规则id,多个,号隔开'),
* ...)
*/
public function getGroups($uid) {
static $groups = array();
if (isset($groups[$uid])) return $groups[$uid];
$userModel = new \app\admin\model\User();
$user_groups = collection($userModel->get($uid)->groups)->toArray();
$groups[$uid] = $user_groups ? : array();
return $groups[$uid];
}
/**
* 获得权限列表
* @param integer $uid 用户id
*/
protected function getAuthList($uid) {
$temp = cache('Auth_'.$this->auth_key);
$authList = $temp['_AUTH_LIST_'];
if( $this->_config['AUTH_TYPE'] == 2 && isset($authList)){
return $authList;
}
//读取用户所属用户组
$groups = $this->getGroups($uid);
$ids = [];//保存用户所属用户组设置的所有权限规则id
foreach ($groups as $g) {
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
}
$ids = array_unique($ids);
if (empty($ids)) {
return [];
}
$map = [
'id' => array('in', $ids),
'status' => 1,
];
//读取用户组所有权限规则
$rules = Db::name($this->_config['AUTH_RULE'])->where($map)->select();
foreach ($rules as $k => $v) {
$rules[$k]['name'] = strtolower($v['name']);
}
$tree = new \com\Tree();
$authList = $tree->list_to_tree($rules, 'id', 'pid', 'child', 0, true, array('pid'));
$authList = rulesDeal($authList);
//登录有效时间
$cacheConfig = config('cache');
$loginExpire = $cacheConfig['expire'] ? : '3600';
if ($this->_config['AUTH_TYPE'] == 2) {
//规则列表结果保存到缓存
$cache_info = cache('Auth_'.$this->auth_key);
$cache_info['_AUTH_LIST_'] = $authList;
cache('Auth_'.$this->auth_key, $cache_info, $loginExpire);
}
return $authList;
}
/**
* 更新缓存中auth_list
* @param string $type rule的类型
* @return array 权限菜单
*/
public function updateCacheAuth(){
$cache = cache('Auth_'.$this->auth_key);
$uid = $cache['userInfo']['u_id'];
$groups = $this->getGroups($uid);
$ids = array();
foreach ($groups as $g) {
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
}
$ids = array_unique($ids);
if (empty($ids)) {
return [];
}
$map = [
'id' => array('in',$ids),
'status' => 1,
];
//读取用户组所有权限规则
$rules = Db::name($this->_config['AUTH_RULE'])->where($map)->select();
foreach ($rules as $k => $v) {
$rules[$k]['name'] = strtolower($v['name']);
}
$tree = new \com\Tree();
$authList = $tree->list_to_tree($rules, 'id', 'pid', 'child', 0, true, array('pid'));
$authList = rulesDeal($authList);
//规则列表结果保存到缓存
$cache['_AUTH_LIST_'] = $authList;
cache('Auth_'.$this->auth_key, $cache, config('LOGIN_SESSION_VALID'));
return $cache['_AUTH_LIST_'];
}
}