true, // 认证开关 'AUTH_TYPE' => 1, // 认证方式，1为实时认证；2为登录认证。 'AUTH_GROUP' => 'admin_group', // 用户组数据表名 'AUTH_GROUP_ACCESS' => 'admin_access', // 用户-用户组关系表 'AUTH_RULE' => 'admin_rule', // 权限规则表 'AUTH_USER' => 'admin_user' // 用户信息表 ); private $auth_key; public function __construct($auth_key) { $this->auth_key = $auth_key; $this->_config['AUTH_GROUP'] = $this->_config['AUTH_GROUP']; $this->_config['AUTH_RULE'] = $this->_config['AUTH_RULE']; $this->_config['AUTH_USER'] = $this->_config['AUTH_USER']; $this->_config['AUTH_GROUP_ACCESS'] = $this->_config['AUTH_GROUP_ACCESS']; if (config('AUTH_CONFIG')) { //可设置配置项 AUTH_CONFIG, 此配置项为数组。 $this->_config = array_merge($this->_config, config('AUTH_CONFIG')); } } /** * 检查权限 * @param name string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组 * @param uid int 认证用户的id * @return boolean 通过验证返回true;失败返回false */ public function check($name, $uid, $relation = 'or') { if (!$this->_config['AUTH_ON']) return true; $authList = $this->getAuthList($uid); //获取用户需要验证的所有有效规则列表 if (is_string($name)) { $name = strtolower($name); if (strpos($name, ',') !== false) { $name = explode(',', $name); } else { $name = array($name); } } if (is_array($name)) { foreach ($name as $k => $v) { $name[$k] = strtolower($v); } } $list = array(); //保存验证通过的规则名 foreach ( $authList as $auth ) { if (in_array($auth , $name)){ $list[] = $auth ; } } if ($relation == 'or' and !empty($list)) { return true; } $diff = array_diff($name, $list); if ($relation == 'and' and empty($diff)) { return true; } return false; } /** * 根据用户id获取用户组,返回值为数组 * @param uid int 用户id * @return array 用户所属的用户组 array( * array('uid'=>'用户id','group_id'=>'用户组id','title'=>'用户组名称','rules'=>'用户组拥有的规则id,多个,号隔开'), * ...) */ public function getGroups($uid) { static $groups = array(); if (isset($groups[$uid])) return $groups[$uid]; $userModel = new \app\admin\model\User(); $user_groups = collection($userModel->get($uid)->groups)->toArray(); $groups[$uid] = $user_groups ? : array(); return $groups[$uid]; } /** * 获得权限列表 * @param integer $uid 用户id */ protected function getAuthList($uid) { $temp = cache('Auth_'.$this->auth_key); $authList = $temp['_AUTH_LIST_']; if( $this->_config['AUTH_TYPE'] == 2 && isset($authList)){ return $authList; } //读取用户所属用户组 $groups = $this->getGroups($uid); $ids = [];//保存用户所属用户组设置的所有权限规则id foreach ($groups as $g) { $ids = array_merge($ids, explode(',', trim($g['rules'], ','))); } $ids = array_unique($ids); if (empty($ids)) { return []; } $map = [ 'id' => array('in', $ids), 'status' => 1, ]; //读取用户组所有权限规则 $rules = Db::name($this->_config['AUTH_RULE'])->where($map)->select(); foreach ($rules as $k => $v) { $rules[$k]['name'] = strtolower($v['name']); } $tree = new \com\Tree(); $authList = $tree->list_to_tree($rules, 'id', 'pid', 'child', 0, true, array('pid')); $authList = rulesDeal($authList); //登录有效时间 $cacheConfig = config('cache'); $loginExpire = $cacheConfig['expire'] ? : '3600'; if ($this->_config['AUTH_TYPE'] == 2) { //规则列表结果保存到缓存 $cache_info = cache('Auth_'.$this->auth_key); $cache_info['_AUTH_LIST_'] = $authList; cache('Auth_'.$this->auth_key, $cache_info, $loginExpire); } return $authList; } /** * 更新缓存中auth_list * @param string $type rule的类型 * @return array 权限菜单 */ public function updateCacheAuth(){ $cache = cache('Auth_'.$this->auth_key); $uid = $cache['userInfo']['u_id']; $groups = $this->getGroups($uid); $ids = array(); foreach ($groups as $g) { $ids = array_merge($ids, explode(',', trim($g['rules'], ','))); } $ids = array_unique($ids); if (empty($ids)) { return []; } $map = [ 'id' => array('in',$ids), 'status' => 1, ]; //读取用户组所有权限规则 $rules = Db::name($this->_config['AUTH_RULE'])->where($map)->select(); foreach ($rules as $k => $v) { $rules[$k]['name'] = strtolower($v['name']); } $tree = new \com\Tree(); $authList = $tree->list_to_tree($rules, 'id', 'pid', 'child', 0, true, array('pid')); $authList = rulesDeal($authList); //规则列表结果保存到缓存 $cache['_AUTH_LIST_'] = $authList; cache('Auth_'.$this->auth_key, $cache, config('LOGIN_SESSION_VALID')); return $cache['_AUTH_LIST_']; } }