update

d84c726a · rlgy · 243e0c39 · d84c726a · d84c726a
Commit d84c726a authored Sep 03, 2018 by rlgy
Hide whitespace changes
Inline Side-by-side

Showing with 200 additions and 147 deletions

AuthController.php backend/controllers/AuthController.php +48 -21

Menu.php common/models/Menu.php +152 -126

No files found.
--- a/backend/controllers/AuthController.php
+++ b/backend/controllers/AuthController.php
@@ -42,9 +42,10 @@ class AuthController extends BaseController
    {
        /* 添加当前位置到cookie供后续跳转调用 */
        $this->setForward();
+        $auth = Yii::$app->authManager;
        /* 获取角色列表 */
-        $roles = Yii::$app->authManager->getRoles();
+        $self_roles = current($auth->getRolesByUser(Yii::$app->user->id));
+        $roles = $auth->getChildRoles($self_roles->name);
        return $this->render('index', [
            'roles' => $roles,
@@ -62,23 +63,28 @@ class AuthController extends BaseController
    public function actionAdd()
    {
        if (Yii::$app->request->isPost) {
+            $auth = Yii::$app->authManager;
+            $self_role = current($auth->getRolesByUser(Yii::$app->user->id));
            $data         = Yii::$app->request->post('param');
            $data['name'] = trim($data['name']);
            if (!$data['name']) {
                $this->error('请输入要添加的角色名！');
            } else {
-                if (Yii::$app->authManager->getRole($data['name']) != null) {
+                if (Yii::$app->params['admin'] == Yii::$app->user->id) {
+                    $role_name = $data['name'];
+                } else {
+                    $role_name = $self_role->name . '.' . $data['name'];
+                }
+                if (Yii::$app->authManager->getRole($role_name) != null) {
                    $this->error('该角色名已存在！');
                } else {
                    /* 创建角色 */
-                    $role              = Yii::$app->authManager->createRole($data['name']);
+                    $role              = Yii::$app->authManager->createRole($role_name);
                    $role->type        = 1;
                    $role->description = $data['description'];
                    if (Yii::$app->authManager->add($role)) {
                        $auth          = Yii::$app->authManager;
-                        $administrator = $auth->getRole('administrator');
+                        $auth->addChild($self_role, $role);
-                        $auth->addChild($administrator, $role);
                        $this->success('添加成功！', $this->getForward());
                    }
                    $this->error('添加失败！');
@@ -138,9 +144,13 @@ class AuthController extends BaseController
     */
    public function actionDelete($role)
    {
-        $role = Yii::$app->authManager->getRole($role);
+        $auth = Yii::$app->authManager;
-        if (Yii::$app->authManager->remove($role)) {
+        $role = $auth->getRole($role);
-            $this->success('删除成功', $this->getForward());
+        $role_self = current($auth->getRolesByUser(Yii::$app->user->id));
+        if ($auth->hasChild($role_self, $role)) {
+            if ($auth->remove($role)) {
+                $this->success('删除成功', $this->getForward());
+            }
        }
        $this->error('删除失败');
    }
@@ -152,23 +162,40 @@ class AuthController extends BaseController
     */
    public function actionAuth($role)
    {
        /* 提交后 */
        if (Yii::$app->request->isPost) {
            $rules = Yii::$app->request->post('rules');
            /* 判断角色是否存在 */
-            if (!$parent = Yii::$app->authManager->getRole($role)) {
+            $auth = Yii::$app->authManager;
+            $role_update = $auth->getRole($role);
+            if (!$role) {
                $this->error('角色不存在');
            }
-            /* 删除角色所有child */
+            if ($role_update->name == 'administrator') {
-            Yii::$app->authManager->removeChildren($parent);
+                $this->error('超级管理员权限不允许修改');
+            }
-            if (is_array($rules)) {
+            // 获取操作者角色的所有权限
-                foreach ($rules as $rule) {
+            $role_self = current($auth->getRolesByUser(Yii::$app->user->id));
-                    /* 更新auth_rule表 与 auth_item表 */
+            $all_permissions = array_keys($auth->getPermissionsByRole($role_self->name));
-                    Yii::$app->authManager->saveRule($rule);
+            // 获取角色原来的所有权限
+            $can_permissions = array_keys($auth->getPermissionsByRole($role));
+            // 需要移除的权限
+            $remove = array_intersect(array_diff($all_permissions, $rules), $can_permissions);
+            //需要添加的权限
+            $add = array_diff($rules, $can_permissions);
+            if (is_array($add)) {
+                foreach ($add as $rule) {
                    /* 更新auth_item_child表 */
-                    Yii::$app->authManager->saveChild($parent->name, $rule);
+                    $rule = $auth->getRule($rule);
+                    $auth->addChild($role_update, $rule);
+                }
+            }
+            if (is_array($remove)) {
+                foreach ($remove as $value) {
+                    $rule = $auth->getRule($value);
+                    $auth->removeChild($role_update, $rule);
                }
            }
            $this->success('更新权限成功', $this->getForward());
@@ -177,7 +204,7 @@ class AuthController extends BaseController
        /* 获取栏目节点 */
        $node_list  = Menu::returnNodes();
        $auth_rules = Yii::$app->authManager->getChildren($role);
-        $auth_rules = array_keys($auth_rules);//var_dump($auth_rules);exit;
+        $auth_rules = array_keys($auth_rules);
        return $this->render('auth', [
            'node_list'  => $node_list,

--- a/common/models/Menu.php
+++ b/common/models/Menu.php
@@ -7,7 +7,7 @@ use common\helpers\ArrayHelper;
 class Menu extends \common\modelsgii\Menu
 {
-	const BASE_KEY = 'cache_menu_';
+    const BASE_KEY = 'cache_menu_';
    /**
     * 配置model规则
@@ -22,14 +22,14 @@ class Menu extends \common\modelsgii\Menu
        ];
    }
-	/**
+    /**
-	 * [栏目权限检测]
+     * [栏目权限检测]
-	 * @author	libingke
+     * @author  libingke
-	 * @param	string	$rule	检测的规则
+     * @param   string  $rule   检测的规则
-	 * @return 	bool
+     * @return  bool
-	 */
+     */
    public static function checkRule($rule)
-	{
+    {
        /* 超级管理员允许访问任何页面 */
        if(Yii::$app->params['admin'] == Yii::$app->user->id){
            return true;
@@ -42,122 +42,148 @@ class Menu extends \common\modelsgii\Menu
    }
-	/**
+    public static function getPermissions()
-	 * [获取导航缓存]
+    {
-	 * @author: libingke
+        $authManager = Yii::$app->authManager;
-	 */
+        $user = Yii::$app->user;
-	public static function getBreadcrumbs()
+        if (Yii::$app->params['admin'] == $user->id) {
-	{
+            $can_permissions = $authManager->getPermissions();
-		//$uid = !Yii::$app->user->isGuest ? Yii::$app->user->identity->getId() : 'base';
+        }else{
-		$uid = 'base';
+            $can_permissions = $authManager->getPermissionsByUser($user->id);
-		$key = static::BASE_KEY . $uid;
+        }
-		//static::flushMenu($uid);
+        $can_permission_keys = array_keys($can_permissions);
-		$cache = Yii::$app->cache;
+        return $can_permission_keys;
-		$data = $cache->get($key);
+    }
-		if ($data === false) {
+    /**
-			$all = static::find()
+     * [获取导航缓存]
-				->where(['hide' => static::HIDE_NO, 'status' => static::STATUS_SHOW])
+     * @author: libingke
-				->orderBy('pid ASC,sort ASC')->asArray()->all();
+     */
-			$data = static::menuTree($all, 0);
+    public static function getBreadcrumbs()
-			$cache->set($key, $data);
+    {
-		}
+        $uid = 'base';
+        $key = static::BASE_KEY . $uid;
-		return $data;
+        $cache = Yii::$app->cache;
-	}
+        $data = $cache->get($key);
+        $data = false;
-	/**
+        if ($data === false) {
-	 * [刷新数据]
+            $all = static::find()
-	 * @author: libingke
+                ->where(['hide' => static::HIDE_NO, 'status' => static::STATUS_SHOW])
-	 * @param null $uid
+                ->orderBy('pid ASC,sort ASC')->asArray()->all();
-	 */
+            $can_permission_keys = self::getPermissions();
-	public static function flushMenu($uid = null)
+            $data = static::menuTree($all, 0, $can_permission_keys);
-	{
+            $cache->set($key, $data);
-		$key = $uid == null ? $key = static::BASE_KEY . 'base' : static::BASE_KEY . $uid;
+        }
-		Yii::$app->cache->delete($key);
-	}
+        return $data;
+    }
-	/**
+    /**
-	 * [导航树]
+     * [刷新数据]
-	 * @author: libingke
+     * @author: libingke
-	 * @param $all
+     * @param null $uid
-	 * @param $pid
+     */
-	 * @return array
+    public static function flushMenu($uid = null)
-	 */
+    {
-	public static function menuTree($all, $pid)
+        $key = $uid == null ? $key = static::BASE_KEY . 'base' : static::BASE_KEY . $uid;
-	{
+        Yii::$app->cache->delete($key);
-		$tree = [];
+    }
-		foreach ($all as $v) {
-			if ($v['pid'] == $pid) {
-				$notes = static::menuTree($all, $v['id']);
+    /**
-				$temp = [];
+     * [导航树]
-				$temp['id']		= $v['id'];
+     * @author: libingke
-				$temp['label']	= $v['title'];
+     * @param $all
-				if ($pid == 0) {
+     * @param $pid
-					$temp['url']	= $notes ? 'javascript:;' : \yii\helpers\Url::toRoute($v['url']);
+     * @return array
-					$temp['icon']	= '';
+     */
-				} else {
+    public static function menuTree($all, $pid, &$can_permission_keys)
-					$temp['url']	= \yii\helpers\Url::toRoute($v['url']);
+    {
-					$temp['icon']	= $v['icon'];
+        $tree = [];
-				}
+        foreach ($all as $v) {
-				//子节点
+            if (!in_array($v['url'], $can_permission_keys)) {
-				$notes ? $temp['notes'] = $notes : null;
+                continue;
+            }
-				$tree[] = $temp;
+            if ($v['pid'] == $pid) {
-			}
+                $notes = static::menuTree($all, $v['id'], $can_permission_keys);
-		}
+                $temp = [];
-		return $tree;
+                $temp['id']     = $v['id'];
-	}
+                $temp['label']  = $v['title'];
+                if ($pid == 0) {
+                    $temp['url']    = $notes ? 'javascript:;' : \yii\helpers\Url::toRoute($v['url']);
-	/**
+                    $temp['icon']   = '';
-	 * ---------------------------------------
+                } else {
-	 * 根据menu库，返回权限节点，或后台菜单
+                    $temp['url']    = \yii\helpers\Url::toRoute($v['url']);
-	 * @param boolean $tree 是否返回多维数组结构(生成菜单时用到),为false返回一维数组(生成权限节点时用到)
+                    $temp['icon']   = $v['icon'];
-	 * @return array
+                }
-	 * ---------------------------------------
+                //子节点
-	 */
+                $notes ? $temp['notes'] = $notes : null;
-	public static function returnNodes($tree = true){
-		/* 如果已经生成，直接调用 */
+                $tree[] = $temp;
-		static $tree_nodes = array();
+            }
-		if ( $tree && !empty($tree_nodes[(int)$tree]) ) {
+        }
-			return $tree_nodes[$tree];
+        return $tree;
-		}
+    }
-		/* 生成节点 */
-		if((int)$tree){
-			$list = (new \yii\db\Query())
+    /**
-				->select(['id','pid','title','url','hide'])
+     * ---------------------------------------
-				->from(Menu::tableName())
+     * 根据menu库，返回权限节点，或后台菜单
-				->orderBy(['sort'=>SORT_ASC])->all();
+     * @param boolean $tree 是否返回多维数组结构(生成菜单时用到),为false返回一维数组(生成权限节点时用到)
-			$nodes = ArrayHelper::list_to_tree($list,$pk='id',$pid='pid',$child='child',$root=0);
+     * @return array
-		}else{
+     * ---------------------------------------
-			$nodes = (new \yii\db\Query())
+     */
-				->select(['title','url','tip','pid'])
+    public static function returnNodes($tree = true){
-				->from(Menu::tableName())
+        /* 如果已经生成，直接调用 */
-				->orderBy(['sort'=>SORT_ASC])->all();
+        static $tree_nodes = array();
-		}
+        if ( $tree && !empty($tree_nodes[(int)$tree]) ) {
-		/* 节点赋值到静态变量中，以供下次调用 */
+            return $tree_nodes[$tree];
-		$tree_nodes[(int)$tree]   = $nodes;
+        }
+        /* 生成节点 */
-		return $nodes;
+        if((int)$tree){
-	}
+            $list = (new \yii\db\Query())
+                ->select(['id','pid','title','url','hide'])
+                ->from(Menu::tableName())
-	/**
+                ->orderBy(['sort'=>SORT_ASC])->all();
-	 * ---------------------------------------
+            $can_permission_keys = self::getPermissions();
-	 * 递归获取其所有父栏目
+            foreach ($list as $key => $value) {
-	 * @param $id
+                if (!in_array($value['url'], $can_permission_keys)) {
-	 * @return array
+                    unset($list[$key]);
-	 * ---------------------------------------
+                }
-	 */
+            }
-	public static function getParentMenus($id){
+            $nodes = ArrayHelper::list_to_tree($list, $pk='id', $pid='pid', $child='child', $root=0);
-		$path = [];
+        }else{
-		$nav = static::find()->select(['id','pid','title', 'url'])->where(['id'=>$id])->asArray()->one();
+            $nodes = (new \yii\db\Query())
-		$path[] = $nav;
+                ->select(['title','url','tip','pid'])
-		if($nav['pid'] > 0){
+                ->from(Menu::tableName())
-			$path = array_merge(static::getParentMenus($nav['pid']),$path);
+                ->orderBy(['sort'=>SORT_ASC])->all();
-		}
+            foreach ($nodes as $key => $value) {
-		return $path;
+                if (!in_array($value['url'], $can_permission_keys)) {
-	}
+                    unset($nodes[$key]);
+                }
+            }
+        }
+        /* 节点赋值到静态变量中，以供下次调用 */
+        $tree_nodes[(int)$tree]   = $nodes;
+        return $nodes;
+    }
+    /**
+     * ---------------------------------------
+     * 递归获取其所有父栏目
+     * @param $id
+     * @return array
+     * ---------------------------------------
+     */
+    public static function getParentMenus($id){
+        $path = [];
+        $nav = static::find()->select(['id','pid','title', 'url'])->where(['id'=>$id])->asArray()->one();
+        $path[] = $nav;
+        if($nav['pid'] > 0){
+            $path = array_merge(static::getParentMenus($nav['pid']),$path);
+        }
+        return $path;
+    }
 }