update

d84c726a · rlgy · 243e0c39 · d84c726a · d84c726a
Commit d84c726a authored Sep 03, 2018 by rlgy
Show whitespace changes
Inline Side-by-side

Showing with 79 additions and 26 deletions

AuthController.php backend/controllers/AuthController.php +46 -19

Menu.php common/models/Menu.php +33 -7

No files found.
--- a/backend/controllers/AuthController.php
+++ b/backend/controllers/AuthController.php
@@ -42,9 +42,10 @@ class AuthController extends BaseController
    {
        /* 添加当前位置到cookie供后续跳转调用 */
        $this->setForward();
+        $auth = Yii::$app->authManager;
        /* 获取角色列表 */
-        $roles = Yii::$app->authManager->getRoles();
+        $self_roles = current($auth->getRolesByUser(Yii::$app->user->id));
+        $roles = $auth->getChildRoles($self_roles->name);
        return $this->render('index', [
            'roles' => $roles,
@@ -62,23 +63,28 @@ class AuthController extends BaseController
    public function actionAdd()
    {
        if (Yii::$app->request->isPost) {
+            $auth = Yii::$app->authManager;
+            $self_role = current($auth->getRolesByUser(Yii::$app->user->id));
            $data         = Yii::$app->request->post('param');
            $data['name'] = trim($data['name']);
            if (!$data['name']) {
                $this->error('请输入要添加的角色名！');
            } else {
-                if (Yii::$app->authManager->getRole($data['name']) != null) {
+                if (Yii::$app->params['admin'] == Yii::$app->user->id) {
+                    $role_name = $data['name'];
+                } else {
+                    $role_name = $self_role->name . '.' . $data['name'];
+                }
+                if (Yii::$app->authManager->getRole($role_name) != null) {
                    $this->error('该角色名已存在！');
                } else {
                    /* 创建角色 */
-                    $role              = Yii::$app->authManager->createRole($data['name']);
+                    $role              = Yii::$app->authManager->createRole($role_name);
                    $role->type        = 1;
                    $role->description = $data['description'];
                    if (Yii::$app->authManager->add($role)) {
                        $auth          = Yii::$app->authManager;
-                        $administrator = $auth->getRole('administrator');
+                        $auth->addChild($self_role, $role);
-                        $auth->addChild($administrator, $role);
                        $this->success('添加成功！', $this->getForward());
                    }
                    $this->error('添加失败！');
@@ -138,10 +144,14 @@ class AuthController extends BaseController
     */
    public function actionDelete($role)
    {
-        $role = Yii::$app->authManager->getRole($role);
+        $auth = Yii::$app->authManager;
-        if (Yii::$app->authManager->remove($role)) {
+        $role = $auth->getRole($role);
+        $role_self = current($auth->getRolesByUser(Yii::$app->user->id));
+        if ($auth->hasChild($role_self, $role)) {
+            if ($auth->remove($role)) {
                $this->success('删除成功', $this->getForward());
            }
+        }
        $this->error('删除失败');
    }
@@ -152,23 +162,40 @@ class AuthController extends BaseController
     */
    public function actionAuth($role)
    {
        /* 提交后 */
        if (Yii::$app->request->isPost) {
            $rules = Yii::$app->request->post('rules');
            /* 判断角色是否存在 */
-            if (!$parent = Yii::$app->authManager->getRole($role)) {
+            $auth = Yii::$app->authManager;
+            $role_update = $auth->getRole($role);
+            if (!$role) {
                $this->error('角色不存在');
            }
-            /* 删除角色所有child */
+            if ($role_update->name == 'administrator') {
-            Yii::$app->authManager->removeChildren($parent);
+                $this->error('超级管理员权限不允许修改');
+            }
+            // 获取操作者角色的所有权限
+            $role_self = current($auth->getRolesByUser(Yii::$app->user->id));
+            $all_permissions = array_keys($auth->getPermissionsByRole($role_self->name));
-            if (is_array($rules)) {
+            // 获取角色原来的所有权限
-                foreach ($rules as $rule) {
+            $can_permissions = array_keys($auth->getPermissionsByRole($role));
-                    /* 更新auth_rule表 与 auth_item表 */
-                    Yii::$app->authManager->saveRule($rule);
+            // 需要移除的权限
+            $remove = array_intersect(array_diff($all_permissions, $rules), $can_permissions);
+            //需要添加的权限
+            $add = array_diff($rules, $can_permissions);
+            if (is_array($add)) {
+                foreach ($add as $rule) {
                    /* 更新auth_item_child表 */
-                    Yii::$app->authManager->saveChild($parent->name, $rule);
+                    $rule = $auth->getRule($rule);
+                    $auth->addChild($role_update, $rule);
+                }
+            }
+            if (is_array($remove)) {
+                foreach ($remove as $value) {
+                    $rule = $auth->getRule($value);
+                    $auth->removeChild($role_update, $rule);
                }
            }
            $this->success('更新权限成功', $this->getForward());
@@ -177,7 +204,7 @@ class AuthController extends BaseController
        /* 获取栏目节点 */
        $node_list  = Menu::returnNodes();
        $auth_rules = Yii::$app->authManager->getChildren($role);
-        $auth_rules = array_keys($auth_rules);//var_dump($auth_rules);exit;
+        $auth_rules = array_keys($auth_rules);
        return $this->render('auth', [
            'node_list'  => $node_list,

--- a/common/models/Menu.php
+++ b/common/models/Menu.php
@@ -42,24 +42,36 @@ class Menu extends \common\modelsgii\Menu
    }
+    public static function getPermissions()
+    {
+        $authManager = Yii::$app->authManager;
+        $user = Yii::$app->user;
+        if (Yii::$app->params['admin'] == $user->id) {
+            $can_permissions = $authManager->getPermissions();
+        }else{
+            $can_permissions = $authManager->getPermissionsByUser($user->id);
+        }
+        $can_permission_keys = array_keys($can_permissions);
+        return $can_permission_keys;
+    }
    /**
     * [获取导航缓存]
     * @author: libingke
     */
    public static function getBreadcrumbs()
    {
-		//$uid = !Yii::$app->user->isGuest ? Yii::$app->user->identity->getId() : 'base';
        $uid = 'base';
        $key = static::BASE_KEY . $uid;
-		//static::flushMenu($uid);
        $cache = Yii::$app->cache;
        $data = $cache->get($key);
+        $data = false;
        if ($data === false) {
            $all = static::find()
                ->where(['hide' => static::HIDE_NO, 'status' => static::STATUS_SHOW])
                ->orderBy('pid ASC,sort ASC')->asArray()->all();
-			$data = static::menuTree($all, 0);
+            $can_permission_keys = self::getPermissions();
+            $data = static::menuTree($all, 0, $can_permission_keys);
            $cache->set($key, $data);
        }
@@ -85,12 +97,15 @@ class Menu extends \common\modelsgii\Menu
     * @param $pid
     * @return array
     */
-	public static function menuTree($all, $pid)
+    public static function menuTree($all, $pid, &$can_permission_keys)
    {
        $tree = [];
        foreach ($all as $v) {
+            if (!in_array($v['url'], $can_permission_keys)) {
+                continue;
+            }
            if ($v['pid'] == $pid) {
-				$notes = static::menuTree($all, $v['id']);
+                $notes = static::menuTree($all, $v['id'], $can_permission_keys);
                $temp = [];
                $temp['id']     = $v['id'];
                $temp['label']  = $v['title'];
@@ -130,12 +145,23 @@ class Menu extends \common\modelsgii\Menu
                ->select(['id','pid','title','url','hide'])
                ->from(Menu::tableName())
                ->orderBy(['sort'=>SORT_ASC])->all();
-			$nodes = ArrayHelper::list_to_tree($list,$pk='id',$pid='pid',$child='child',$root=0);
+            $can_permission_keys = self::getPermissions();
+            foreach ($list as $key => $value) {
+                if (!in_array($value['url'], $can_permission_keys)) {
+                    unset($list[$key]);
+                }
+            }
+            $nodes = ArrayHelper::list_to_tree($list, $pk='id', $pid='pid', $child='child', $root=0);
        }else{
            $nodes = (new \yii\db\Query())
                ->select(['title','url','tip','pid'])
                ->from(Menu::tableName())
                ->orderBy(['sort'=>SORT_ASC])->all();
+            foreach ($nodes as $key => $value) {
+                if (!in_array($value['url'], $can_permission_keys)) {
+                    unset($nodes[$key]);
+                }
+            }
        }
        /* 节点赋值到静态变量中，以供下次调用 */
        $tree_nodes[(int)$tree]   = $nodes;