<?php
// +---------------------------------------------------------------------
// | ThinkCMF [ WE CAN DO IT MORE SIMPLE ]
// +---------------------------------------------------------------------
// | Copyright (c) 2013-2014 http://www.thinkcmf.com All rights reserved.
// +---------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +---------------------------------------------------------------------
// | Author: Dean <zxxjjforever@163.com>
// +---------------------------------------------------------------------
namespace Common\Lib;
/**
* ThinkCMF权限认证类
*/
class iAuth{
//默认配置
protected $_config = array(
);
public function __construct() {
}
/**
* 检查权限
* @param name string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组
* @param uid int 认证用户的id
* @param relation string 如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证
* @return boolean 通过验证返回true;失败返回false
*/
public function check($uid,$name,$relation='or') {
if(empty($uid)){
return false;
}
if($uid==1){
return true;
}
if (is_string($name)) {
$name = strtolower($name);
if (strpos($name, ',') !== false) {
$name = explode(',', $name);
} else {
$name = array($name);
}
}
$list = array(); //保存验证通过的规则名
$role_user_model=M("RoleUser");
$role_user_join = '__ROLE__ as b on a.role_id =b.id';
//查询分组
$groups=$role_user_model->alias("a")->join($role_user_join)->where(array("user_id"=>$uid,"status"=>1))->getField("role_id",true);
if(in_array(1, $groups)){//超级管理员,返回认证通过
return true;
}
if(empty($groups)){ //角色组为空,验证失败
return false;
}
$auth_access_model=M("AuthAccess"); //权限表
$join = '__AUTH_RULE__ as b on a.rule_name =b.name';
$rules=$auth_access_model->alias("a")->join($join)->where(array("a.role_id"=>array("in",$groups),"b.name"=>array("in",$name)))->select();
foreach ($rules as $rule){
if (!empty($rule['condition'])) { //根据condition进行验证
$user = $this->getUserInfo($uid);//获取用户信息,一维数组
$command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']);
//dump($command);//debug
@(eval('$condition=(' . $command . ');'));
if ($condition) {
$list[] = strtolower($rule['name']);
}
}else{
$list[] = strtolower($rule['name']);
}
}
if ($relation == 'or' and !empty($list)) {
return true;
}
$diff = array_diff($name, $list);
if ($relation == 'and' and empty($diff)) {
return true;
}
return false;
}
/**
* 获得用户资料
*/
private function getUserInfo($uid) {
static $userinfo=array();
if(!isset($userinfo[$uid])){
$userinfo[$uid]=M("Users")->where(array('id'=>$uid))->find();
}
return $userinfo[$uid];
}
}
$role_user_join = '__ROLE__ as b on a.role_id =b.id';
//查询分组
$groups=$role_user_model->alias("a")->join($role_user_join)->where(array("user_id"=>$uid,"status"=>1))->getField("role_id",true);
if(in_array(1, $groups)){//超级管理员,返回认证通过
return true;
}
if(empty($groups)){ //角色组为空,验证失败
return false;
}
$auth_access_model=M("AuthAccess"); //权限表
$join = '__AUTH_RULE__ as b on a.rule_name =b.name';
$rules=$auth_access_model->alias("a")->join($join)->where(array("a.role_id"=>array("in",$groups),"b.name"=>array("in",$name)))->select();
foreach ($rules as $rule){
if (!empty($rule['condition'])) { //根据condition进行验证
$user = $this->getUserInfo($uid);//获取用户信息,一维数组
$command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']);
//dump($command);//debug
@(eval('$condition=(' . $command . ');'));
if ($condition) {
$list[] = strtolower($rule['name']);
}
}else{
$list[] = strtolower($rule['name']);
}
}
if ($relation == 'or' and !empty($list)) {
return true;
}
$diff = array_diff($name, $list);
if ($relation == 'and' and empty($diff)) {
return true;
}
return false;
}
/**
* 获得用户资料
*/
private function getUserInfo($uid) {
static $userinfo=array();
if(!isset($userinfo[$uid])){
$userinfo[$uid]=M("Users")->where(array('id'=>$uid))->find();
}
return $userinfo[$uid];
}
}
注意上面两个内连接的查询:
$role_user_join = '__ROLE__ as b on a.role_id =b.id';
SELECT `role_id` FROM cmf_role_user a
INNER JOIN cmf_role as b on a.role_id =b.id
WHERE `user_id` = '4' AND `status` = 1
$join = '__AUTH_RULE__ as b on a.rule_name =b.name';
SELECT * FROM cmf_auth_access a
INNER JOIN cmf_auth_rule as b on a.rule_name =b.name
WHERE a.role_id IN ('2') AND b.name IN ('admin/setting/default')