thinkcmfx 权限认证类

最新推荐文章于 2021-06-07 09:00:04 发布

桃根仙

最新推荐文章于 2021-06-07 09:00:04 发布

阅读量831

点赞数

本文链接：https://blog.csdn.net/taotaobaobei/article/details/78948065

版权

<?php
// +---------------------------------------------------------------------
// | ThinkCMF [ WE CAN DO IT MORE SIMPLE ]
// +---------------------------------------------------------------------
// | Copyright (c) 2013-2014 http://www.thinkcmf.com All rights reserved.
// +---------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +---------------------------------------------------------------------
// | Author: Dean <zxxjjforever@163.com>
// +---------------------------------------------------------------------

namespace Common\Lib;

/**
 * ThinkCMF权限认证类
 */
class iAuth{

    //默认配置
    protected $_config = array(
    );

    public function __construct() {
    }

    /**
      * 检查权限
      * @param name string|array  需要验证的规则列表,支持逗号分隔的权限规则或索引数组
      * @param uid  int           认证用户的id
      * @param relation string    如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证
      * @return boolean           通过验证返回true;失败返回false
     */
    public function check($uid,$name,$relation='or') {
    	if(empty($uid)){
    		return false;
    	}
    	if($uid==1){
    		return true;
    	}
        if (is_string($name)) {
            $name = strtolower($name);
            if (strpos($name, ',') !== false) {
                $name = explode(',', $name);
            } else {
                $name = array($name);
            }
        }
        $list = array(); //保存验证通过的规则名
        
        $role_user_model=M("RoleUser");
        
        $role_user_join = '__ROLE__ as b on a.role_id =b.id';
        //查询分组
        $groups=$role_user_model->alias("a")->join($role_user_join)->where(array("user_id"=>$uid,"status"=>1))->getField("role_id",true);
        
        if(in_array(1, $groups)){//超级管理员，返回认证通过
        	return true;
        }

        if(empty($groups)){   //角色组为空，验证失败
        	return false;
        }
        
        $auth_access_model=M("AuthAccess");   //权限表
        
        $join = '__AUTH_RULE__ as b on a.rule_name =b.name';
        
        $rules=$auth_access_model->alias("a")->join($join)->where(array("a.role_id"=>array("in",$groups),"b.name"=>array("in",$name)))->select();
        
        foreach ($rules as $rule){
        	if (!empty($rule['condition'])) { //根据condition进行验证
        		$user = $this->getUserInfo($uid);//获取用户信息,一维数组
        	
        		$command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']);
        		//dump($command);//debug
        		@(eval('$condition=(' . $command . ');'));
        		if ($condition) {
        			$list[] = strtolower($rule['name']);
        		}
        	}else{
        		$list[] = strtolower($rule['name']);
        	}
        }
        
        if ($relation == 'or' and !empty($list)) {
            return true;
        }
        $diff = array_diff($name, $list);
        if ($relation == 'and' and empty($diff)) {
            return true;
        }
        return false;
    }
    
    /**
     * 获得用户资料
     */
    private function getUserInfo($uid) {
    	static $userinfo=array();
    	if(!isset($userinfo[$uid])){
    		$userinfo[$uid]=M("Users")->where(array('id'=>$uid))->find();
    	}
    	return $userinfo[$uid];
    }

}
$role_user_join = '__ROLE__ as b on a.role_id =b.id';
        //查询分组
        $groups=$role_user_model->alias("a")->join($role_user_join)->where(array("user_id"=>$uid,"status"=>1))->getField("role_id",true);
        
        if(in_array(1, $groups)){//超级管理员，返回认证通过
        	return true;
        }

        if(empty($groups)){   //角色组为空，验证失败
        	return false;
        }
        
        $auth_access_model=M("AuthAccess");   //权限表
        
        $join = '__AUTH_RULE__ as b on a.rule_name =b.name';
        
        $rules=$auth_access_model->alias("a")->join($join)->where(array("a.role_id"=>array("in",$groups),"b.name"=>array("in",$name)))->select();
        
        foreach ($rules as $rule){
        	if (!empty($rule['condition'])) { //根据condition进行验证
        		$user = $this->getUserInfo($uid);//获取用户信息,一维数组
        	
        		$command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']);
        		//dump($command);//debug
        		@(eval('$condition=(' . $command . ');'));
        		if ($condition) {
        			$list[] = strtolower($rule['name']);
        		}
        	}else{
        		$list[] = strtolower($rule['name']);
        	}
        }
        
        if ($relation == 'or' and !empty($list)) {
            return true;
        }
        $diff = array_diff($name, $list);
        if ($relation == 'and' and empty($diff)) {
            return true;
        }
        return false;
    }
    
    /**
     * 获得用户资料
     */
    private function getUserInfo($uid) {
    	static $userinfo=array();
    	if(!isset($userinfo[$uid])){
    		$userinfo[$uid]=M("Users")->where(array('id'=>$uid))->find();
    	}
    	return $userinfo[$uid];
    }

}

注意上面两个内连接的查询：

$role_user_join = '__ROLE__ as b on a.role_id =b.id';

SELECT `role_id` FROM cmf_role_user a
INNER JOIN cmf_role as b on a.role_id =b.id
WHERE `user_id` = '4' AND `status` = 1

$join = '__AUTH_RULE__ as b on a.rule_name =b.name';

SELECT * FROM cmf_auth_access a
INNER JOIN cmf_auth_rule as b on a.rule_name =b.name
WHERE a.role_id IN ('2') AND b.name IN ('admin/setting/default')