|
|
<?php
|
|
|
// +----------------------------------------------------------------------
|
|
|
// | Author: linchuangbin
|
|
|
// +----------------------------------------------------------------------
|
|
|
namespace com;
|
|
|
|
|
|
use think\Db;
|
|
|
|
|
|
class HonrayAuth{
|
|
|
|
|
|
//默认配置
|
|
|
public $_config = array(
|
|
|
'AUTH_ON' => true, // 认证开关
|
|
|
'AUTH_TYPE' => 1, // 认证方式,1为实时认证;2为登录认证。
|
|
|
'AUTH_GROUP' => 'admin_group', // 用户组数据表名
|
|
|
'AUTH_GROUP_ACCESS' => 'admin_access', // 用户-用户组关系表
|
|
|
'AUTH_RULE' => 'admin_rule', // 权限规则表
|
|
|
'AUTH_USER' => 'admin_user' // 用户信息表
|
|
|
);
|
|
|
|
|
|
private $auth_key;
|
|
|
|
|
|
public function __construct($auth_key) {
|
|
|
$this->auth_key = $auth_key;
|
|
|
$this->_config['AUTH_GROUP'] = $this->_config['AUTH_GROUP'];
|
|
|
$this->_config['AUTH_RULE'] = $this->_config['AUTH_RULE'];
|
|
|
$this->_config['AUTH_USER'] = $this->_config['AUTH_USER'];
|
|
|
$this->_config['AUTH_GROUP_ACCESS'] = $this->_config['AUTH_GROUP_ACCESS'];
|
|
|
if (config('AUTH_CONFIG')) {
|
|
|
//可设置配置项 AUTH_CONFIG, 此配置项为数组。
|
|
|
$this->_config = array_merge($this->_config, config('AUTH_CONFIG'));
|
|
|
}
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* 检查权限
|
|
|
* @param name string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组
|
|
|
* @param uid int 认证用户的id
|
|
|
* @return boolean 通过验证返回true;失败返回false
|
|
|
*/
|
|
|
public function check($name, $uid, $relation = 'or') {
|
|
|
if (!$this->_config['AUTH_ON'])
|
|
|
return true;
|
|
|
$authList = $this->getAuthList($uid); //获取用户需要验证的所有有效规则列表
|
|
|
if (is_string($name)) {
|
|
|
$name = strtolower($name);
|
|
|
if (strpos($name, ',') !== false) {
|
|
|
$name = explode(',', $name);
|
|
|
} else {
|
|
|
$name = array($name);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
if (is_array($name)) {
|
|
|
foreach ($name as $k => $v) {
|
|
|
$name[$k] = strtolower($v);
|
|
|
}
|
|
|
}
|
|
|
$list = array(); //保存验证通过的规则名
|
|
|
foreach ( $authList as $auth ) {
|
|
|
if (in_array($auth , $name)){
|
|
|
$list[] = $auth ;
|
|
|
}
|
|
|
}
|
|
|
if ($relation == 'or' and !empty($list)) {
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
$diff = array_diff($name, $list);
|
|
|
if ($relation == 'and' and empty($diff)) {
|
|
|
return true;
|
|
|
}
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* 根据用户id获取用户组,返回值为数组
|
|
|
* @param uid int 用户id
|
|
|
* @return array 用户所属的用户组 array(
|
|
|
* array('uid'=>'用户id','group_id'=>'用户组id','title'=>'用户组名称','rules'=>'用户组拥有的规则id,多个,号隔开'),
|
|
|
* ...)
|
|
|
*/
|
|
|
public function getGroups($uid) {
|
|
|
static $groups = array();
|
|
|
if (isset($groups[$uid])) return $groups[$uid];
|
|
|
$userModel = new \app\admin\model\User();
|
|
|
$user_groups = collection($userModel->get($uid)->groups)->toArray();
|
|
|
$groups[$uid] = $user_groups ? : array();
|
|
|
return $groups[$uid];
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* 获得权限列表
|
|
|
* @param integer $uid 用户id
|
|
|
*/
|
|
|
protected function getAuthList($uid) {
|
|
|
$temp = cache('Auth_'.$this->auth_key);
|
|
|
$authList = $temp['_AUTH_LIST_'];
|
|
|
if( $this->_config['AUTH_TYPE'] == 2 && isset($authList)){
|
|
|
return $authList;
|
|
|
}
|
|
|
//读取用户所属用户组
|
|
|
$groups = $this->getGroups($uid);
|
|
|
$ids = [];//保存用户所属用户组设置的所有权限规则id
|
|
|
foreach ($groups as $g) {
|
|
|
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
|
|
|
}
|
|
|
|
|
|
$ids = array_unique($ids);
|
|
|
if (empty($ids)) {
|
|
|
return [];
|
|
|
}
|
|
|
|
|
|
$map = [
|
|
|
'id' => array('in', $ids),
|
|
|
'status' => 1,
|
|
|
];
|
|
|
|
|
|
//读取用户组所有权限规则
|
|
|
$rules = Db::name($this->_config['AUTH_RULE'])->where($map)->select();
|
|
|
foreach ($rules as $k => $v) {
|
|
|
$rules[$k]['name'] = strtolower($v['name']);
|
|
|
}
|
|
|
$tree = new \com\Tree();
|
|
|
$authList = $tree->list_to_tree($rules, 'id', 'pid', 'child', 0, true, array('pid'));
|
|
|
$authList = rulesDeal($authList);
|
|
|
//登录有效时间
|
|
|
$cacheConfig = config('cache');
|
|
|
$loginExpire = $cacheConfig['expire'] ? : '3600';
|
|
|
|
|
|
if ($this->_config['AUTH_TYPE'] == 2) {
|
|
|
//规则列表结果保存到缓存
|
|
|
$cache_info = cache('Auth_'.$this->auth_key);
|
|
|
$cache_info['_AUTH_LIST_'] = $authList;
|
|
|
cache('Auth_'.$this->auth_key, $cache_info, $loginExpire);
|
|
|
}
|
|
|
return $authList;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
* 更新缓存中auth_list
|
|
|
* @param string $type rule的类型
|
|
|
* @return array 权限菜单
|
|
|
*/
|
|
|
public function updateCacheAuth(){
|
|
|
$cache = cache('Auth_'.$this->auth_key);
|
|
|
$uid = $cache['userInfo']['u_id'];
|
|
|
$groups = $this->getGroups($uid);
|
|
|
$ids = array();
|
|
|
foreach ($groups as $g) {
|
|
|
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
|
|
|
}
|
|
|
$ids = array_unique($ids);
|
|
|
if (empty($ids)) {
|
|
|
return [];
|
|
|
}
|
|
|
$map = [
|
|
|
'id' => array('in',$ids),
|
|
|
'status' => 1,
|
|
|
];
|
|
|
//读取用户组所有权限规则
|
|
|
$rules = Db::name($this->_config['AUTH_RULE'])->where($map)->select();
|
|
|
|
|
|
foreach ($rules as $k => $v) {
|
|
|
$rules[$k]['name'] = strtolower($v['name']);
|
|
|
}
|
|
|
$tree = new \com\Tree();
|
|
|
$authList = $tree->list_to_tree($rules, 'id', 'pid', 'child', 0, true, array('pid'));
|
|
|
$authList = rulesDeal($authList);
|
|
|
|
|
|
//规则列表结果保存到缓存
|
|
|
$cache['_AUTH_LIST_'] = $authList;
|
|
|
cache('Auth_'.$this->auth_key, $cache, config('LOGIN_SESSION_VALID'));
|
|
|
return $cache['_AUTH_LIST_'];
|
|
|
}
|
|
|
}
|
