1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
<?php
namespace backend\controllers;
use common\models\psources\CoinPlatform;
use Yii;
use common\models\Admin;
use common\models\Menu;
/**
* 身份授权控制器
* @author libingle
*/
class AuthController extends BaseController
{
/**
* @var \common\core\rbac\DbManager
*/
public $authManager;
/**
* @var bool 这里很多自定义的表单,就没有添加验证
*/
public $enableCsrfValidation = false;
/**
* ---------------------------------------
* 构造方法
* ---------------------------------------
*/
public function init()
{
parent::init();
$this->authManager = Yii::$app->authManager;
}
/**
* ---------------------------------------
* “角色”列表
* ---------------------------------------
*/
public function actionIndex()
{
/* 添加当前位置到cookie供后续跳转调用 */
$this->setForward();
$auth = Yii::$app->authManager;
/* 获取角色列表 */
$self_roles = current($auth->getRolesByUser(Yii::$app->user->id));
$roles = $auth->getChildRoles($self_roles->name);
return $this->render('index', [
'roles' => $roles,
]);
}
/**
* ---------------------------------------
* 添加“角色”
* 注意:角色表的“rule_name”字段必须为“NULL”,不然会出错。
* 详情见“yii\rbac\BaseManager”的203行if($item->ruleName === null){return true;}
* @throws \Exception|\Throwable
* ---------------------------------------
*/
public function actionAdd()
{
$user_platform_id = Yii::$app->user->identity->platform_id;
if ($user_platform_id == 1) {
$platforms = CoinPlatform::find()->asArray()->all();
} else {
$platforms = CoinPlatform::find()->where(['id' => $user_platform_id])->asArray()->all();
}
if (Yii::$app->request->isPost) {
$auth = Yii::$app->authManager;
$self_role = current($auth->getRolesByUser(Yii::$app->user->id));
$data = Yii::$app->request->post('param');
$data['name'] = trim($data['name']);
if (!$data['name']) {
$this->error('请输入要添加的角色名!');
} else {
$role_name = $data['name'];
if (Yii::$app->authManager->getRole($role_name) != null) {
$this->error('该角色名已存在!');
} else {
/* 创建角色 */
$role = Yii::$app->authManager->createRole($role_name);
$role->type = 1;
$role->description = $data['description'];
$role->data = $data['platform_id'];
if (Yii::$app->authManager->add($role)) {
$auth = Yii::$app->authManager;
$auth->addChild($self_role, $role);
$this->success('添加成功!', $this->getForward());
}
$this->error('添加失败!');
}
}
}
return $this->render('add', ['platforms' => $platforms]);
}
/**
* ---------------------------------------
* 编辑“角色”
* 注意:角色表的“rule_name”字段必须为“NULL”,不然会出错。
* 详情见“yii\rbac\BaseManager”的203行if($item->ruleName === null){return true;}
* ---------------------------------------
*/
public function actionEdit()
{
/* 获取角色信息 */
$item_name = trim(Yii::$app->request->get('role'));
$role = Yii::$app->authManager->getRole($item_name);
$user_platform_id = Yii::$app->user->identity->platform_id;
if ($user_platform_id == 1) {
$platforms = CoinPlatform::find()->asArray()->all();
} else {
$platforms = CoinPlatform::find()->where(['id' => $user_platform_id])->asArray()->all();
}
if (Yii::$app->request->isPost) {
$data = Yii::$app->request->post('param');
$data['name'] = trim($data['name']);
if (!$data['name']) {
$this->success('请输入要更新的角色名!');
} else {
if (Yii::$app->authManager->getRole($data['name']) != null) {
$this->error('该角色名已存在!');
} else {
$role->name = $data['name'];
$role->description = $data['description'];
$role->data = $data['platform_id'];
if (Yii::$app->authManager->update($item_name, $role)) {
$this->success('更新成功!', $this->getForward());
}
$this->error('更新失败!');
}
}
}
return $this->render('edit', [
'role' => $role,
'platforms' => $platforms
]);
}
/**
* ---------------------------------------
* 删除“角色”
* 同时会删除auth_assignment、auth_item_child、auth_item中关于$role的内容
* @param string $role 角色名称
* ---------------------------------------
*/
public function actionDelete($role)
{
$auth = Yii::$app->authManager;
$role = $auth->getRole($role);
$role_self = current($auth->getRolesByUser(Yii::$app->user->id));
if ($auth->hasChild($role_self, $role)) {
if ($auth->remove($role)) {
$this->success('删除成功', $this->getForward());
}
}
$this->error('删除失败');
}
/**
* ---------------------------------------
* 角色授权
* ---------------------------------------
*/
public function actionAuth($role)
{
/* 提交后 */
if (Yii::$app->request->isPost) {
$rules = Yii::$app->request->post('rules');
/* 判断角色是否存在 */
$auth = Yii::$app->authManager;
$role_update = $auth->getRole($role);
if (!$role) {
$this->error('角色不存在');
}
// if ($role_update->name == 'administrator') {
// $this->error('超级管理员权限不允许修改');
// }
// 获取操作者角色的所有权限
$role_self = current($auth->getRolesByUser(Yii::$app->user->id));
$all_permissions = array_keys($auth->getPermissionsByRole($role_self->name));
// 获取角色原来的所有权限
$can_permissions = array_keys($auth->getPermissionsByRole($role));
// 需要移除的权限
$remove = array_intersect(array_diff($all_permissions, $rules), $can_permissions);
//需要添加的权限
$add = array_diff($rules, $can_permissions);
if (is_array($add)) {
foreach ($add as $rule) {
/* 更新auth_item_child表 */
$rule = $auth->getRule($rule);
$auth->addChild($role_update, $rule);
}
}
if (is_array($remove)) {
foreach ($remove as $value) {
$rule = $auth->getRule($value);
$auth->removeChild($role_update, $rule);
}
}
$this->success('更新权限成功', $this->getForward());
}
/* 获取栏目节点 */
$node_list = Menu::returnNodes();
$auth_rules = Yii::$app->authManager->getChildren($role);
$auth_rules = array_keys($auth_rules);
return $this->render('auth', [
'node_list' => $node_list,
'auth_rules' => $auth_rules,
'role' => $role,
]);
}
/**
* ---------------------------------------
* 授权用户列表
* ---------------------------------------
*/
public function actionUser($role)
{
/* 添加当前位置到cookie供后续跳转调用 */
$this->setForward();
$uids = Yii::$app->authManager->getUserIdsByRole($role);
$uids = implode(',', array_unique($uids));
/*更新uids 为空的情况*/
if ($uids) {
$_where = 'uid in(' . $uids . ')';
} else {
$_where = '1 != 1';
}
return $this->render('user', [
'dataProvider' => $this->lists1(new Admin(), $_where),
'role' => Yii::$app->request->get('role', 'administrator'),
]);
}
}