PermController.php
4.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use DB;
class PermController extends Controller
{
// 检查用户是否具有系统访问权限
public function checkAccess($request)
{
$user_id = $request->user->userId;
$role = $this->getUserRole($request);
if ($role == 1) return true; // 超级管理员或系统管理员直接进入
$userPerms = $this->getUserAllPerms($user_id, $role);
if (!$userPerms) return false;
if (in_array('apply_access', $userPerms)) return true; // 访问权限ID是否存在
return false;
}
// 获取系统信息
public function getBusinessInfo()
{
// 根据域名查询系统业务ID
$business = DB::table('t_business_config')->where('url', Config('website.risk_url'))->first();
return !empty($business) ? $business : false;
}
// 获取用户角色
public function getUserRole(Request $request)
{
$uid = $request->user->userId;
$email = $request->user->email;
if ($email == 'admin@ichunt.com') {
return 1;
}
$business = $this->getBusinessInfo();
if ($business) {
$bid = $business->bid;
// 权限系统配置的管理帐号
$adminAccount = json_decode($business->admin, true);
if (in_array($email, $adminAccount)) {
return 1;
}
// 根据用户ID和业务ID查看角色
$userPerm = DB::table('t_user_perm')->where(['userId' => $uid, 'bid' => $bid])->first();
if (empty($userPerm)) {
return 0;
} else {
if ($userPerm->roles == 'null') return 0;
$role = json_decode($userPerm->roles, true);
foreach ($role as $v) {
$department = DB::table('t_role_perm')->where(['roleId' => $v, 'bid' => $bid])->first();
return in_array($department->name,array_keys(Config('roles.sys_roles'))) ? array_get(Config('roles.sys_roles'),$department->name) : 0;
}
}
}
return 0;
}
// 获取所有角色用户集合
public function getRoleUsers($roleName)
{
// 根据域名查询系统业务ID
$business = $this->getBusinessInfo();
$userId = [];
$roleUsers = [];
if ($business) {
$bid = $business->bid;
$role = DB::table('t_role_perm')->where(['bid' => $bid, 'name' => $roleName])->first();
$roleId = $role->roleId;
$user = DB::select("SELECT * FROM `t_user_perm` WHERE `bid` = $bid AND `roles` REGEXP $roleId");
if ($user) {
foreach ($user as $v) {
$userId[] = $v->userId;
$id = $v->userId ? $v->userId : 0;
if(!$id) continue;
$userId[] = $id;
$userInfo = DB::table('user_info')->where('userId', $id)->select('userId', 'name', 'status')->first();
// 判断用户是否已离职 4为离职状态
if ($userInfo->status != 4) {
$roleUsers[] = $userInfo;
}
}
}
}
return $roleUsers;
}
// 获取权限菜单
public function getPermMenu($menus, $user_id)
{
$userPerms = $this->getUserAllPerms($user_id);
if ($userPerms) {
return $this->handleMenus($menus, $userPerms);
}
return false;
}
// 获取用户所有权限
public function getUserAllPerms($user_id, $role=0)
{
// 根据域名查询系统业务ID
$business = $this->getBusinessInfo();
if ($business) {
if ($role != 1) {
$bid = $business->bid;
$url = Config('website.perm_api').$user_id.'/'.$bid;
$userPerms = json_decode(curlApi($url), true);
if ($userPerms && $userPerms['retcode'] == 0) {
return $userPerms['data']['perms'];
}
} else { // 获取管理员所有权限
return $this->getAllPerms(json_decode($business->configs, true));
}
}
return false;
}
// 获取系统配置权限
public function getAllPerms($configs)
{
$perms = [];
foreach ($configs as $k => $v) {
$perm_a = [];
$perm_b = [];
if (isset($v['childs']) && count($v['childs']) > 0) {
$perm_b = $this->getAllPerms($v['childs']);
} else {
$perm_a[] = $v['permId'];
}
$perms = array_merge($perms, array_merge($perm_a, $perm_b));
}
return $perms;
}
// 处理菜单
public function handleMenus($menus, $perms)
{
foreach ($menus as $k => $v) {
if (strlen($v->href) > 2) {
if (preg_match('/\/web\//', $v->href)) {
$permId = str_replace('/web/','',$v->href);
} else {
$permId = str_replace('/', '', $v->href);
}
// 查看菜单权限
$permId = 'cron_'.$permId . '_check';
if (!in_array($permId, $perms)) {
unset($menus[$k]);
}
}
if (count($v->childs) > 0) {
$menus[$k]->childs = array_values($this->handleMenus($v->childs, $perms));
if (empty($menus[$k]->childs)) {
unset($menus[$k]);
}
}
}
return array_values($menus);
}
}