<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use DB;
use Illuminate\Support\Facades\Redis;
class PermController extends Controller
{
// 检查用户是否具有系统访问权限
public function checkAccess($request)
{
$user_id = $request->user->userId;
$role = $this->getUserRole($request);
if ($role == 1) return true; // 超级管理员或系统管理员直接进入
$userPerms = $this->getUserAllPerms($user_id, $role);
if (!$userPerms) return false;
$parse_url = parse_url($request->url()); // 页面url
if (!isset($parse_url['path'])) {
if (in_array('apply_access', $userPerms)) return true; // 访问权限存在,则返回true
}
$key = Config('perm_args.perm_menus_data');
$redis = Redis::connection('read');
$menus = $redis->get($key);
if (!$menus) {
$menuconfig = DB::table('config')->where('config_title', '订单系统')->first();
if (!$menuconfig) return false;
$menus = json_decode($menuconfig->config_data);
$menu_href = [];
$this->getAllMenus($menus, $menu_href); // 获取所有菜单href
$expire = Config('perm_args.perm_menus_data_expire'); // 缓存两小时
Redis::setex($key, $expire, json_encode($menu_href));
} else {
$menu_href = json_decode($menus);
}
$path = isset($parse_url['path']) ? $parse_url['path'] : ''; // path路径
if (in_array($path, $menu_href)) {
if (preg_match('/\/web\//', $path)) {
$permId = str_replace('/web/','',$path);
} else {
$permId = str_replace('/', '', $path);
}
$permId = $permId . '_check'; // 路径查看权限
if (in_array('apply_access', $userPerms) && in_array($permId, $userPerms)) return true; // 访问及路径权限存在,则返回true
} else {
if (in_array('apply_access', $userPerms)) return true; // 访问权限存在,则返回true
}
return false;
}
// 检查路径是否存在于菜单
public function getAllMenus($menus, &$menu_href)
{
foreach ($menus as $k => $v) {
if (count($v->childs) > 0) $this->getAllMenus($v->childs, $menu_href);
if (strlen($v->href) > 1) $menu_href[] = $v->href;
}
}
// 获取系统信息
public function getBusinessInfo()
{
// 根据域名查询系统业务ID
$business = DB::table('t_business_config')->where('url', Config('website.order_url'))->first();
return !empty($business) ? $business : false;
}
// 获取用户角色
public function getUserRole(Request $request)
{
$uid = $request->user->userId;
$email = $request->user->email;
if ($email == 'admin@ichunt.com') return 1;
// 根据域名查询系统业务ID
$business = $this->getBusinessInfo();
if ($business) {
$bid = $business->bid;
// 权限系统配置的管理帐号
$adminAccount = json_decode($business->admin, true);
if (in_array($email, $adminAccount)) return 1;
// 根据用户ID和业务ID查看角色
$userPerm = DB::table('t_user_perm')->where(['userId' => $uid, 'bid' => $bid])->first();
if (empty($userPerm)) return 0;
if ($userPerm->roles == 'null') return 0; // 没有选择角色
$role = json_decode($userPerm->roles, true);
$user_role = []; // 当前用户拥有的角色值
foreach ($role as $v) {
$department = DB::table('t_role_perm')->where(['roleId' => $v, 'bid' => $bid])->first();
if (!isset($department->name)) continue;
$user_role[] = in_array($department->name, array_keys(Config('perm_args.roles'))) ? array_get(Config('perm_args.roles'), $department->name) : 0;
}
return count($role) > 1 ? implode(',', $user_role) : implode('', $user_role); // 多角色用逗号拼接
}
return 0;
}
// 获取所有角色用户集合
public function getRoleUsers(Request $request, $roleName)
{
// 根据域名查询系统业务ID
$business = $this->getBusinessInfo();
$userId = array();
$roleUsers = array();
if ($business) {
$bid = $business->bid;
$role = DB::table('t_role_perm')->where(['bid' => $bid, 'name' => $roleName])->first();
$roleId = isset($role->roleId) ? $role->roleId : 0;
// $user = DB::select("SELECT * FROM `t_user_perm` WHERE `bid` = $bid AND `roles` REGEXP $roleId");
$user = DB::select("SELECT `userId` FROM `t_user_perm` WHERE `bid` = $bid AND `roles` LIKE '%\"".$roleId."\"%' ORDER BY `mtime`");
if ($user) {
foreach ($user as $v) {
$userId[] = $v->userId;
}
if ($userId) {
foreach ($userId as $id) {
$userInfo = DB::table('user_info')->where('userId', $id)->select('userId', 'name', 'email', 'status')->first();
if (!$userInfo) continue;
// 判断用户是否已离职 4为离职状态
// if ($userInfo->status != 4) {
$roleUsers[] = $userInfo;
// }
continue;
}
}
}
}
return $roleUsers;
}
// 获取权限菜单
public function getPermMenu($menus, $user_id)
{
$userPerms = $this->getUserAllPerms($user_id);
if ($userPerms) {
return $this->handleMenus($menus, $userPerms);
}
return false;
}
// 获取用户所有权限
public function getUserAllPerms($user_id, $role=0)
{
// 根据域名查询系统业务ID
$business = $this->getBusinessInfo();
if ($business) {
if ($role != 1) {
$bid = $business->bid;
$url = Config('website.perm_api').$user_id.'/'.$bid;
$userPerms = json_decode(curlApi($url), true);
if ($userPerms && $userPerms['retcode'] == 0) {
return $userPerms['data']['perms'];
}
} else { // 获取管理员所有权限
return $this->getAllPerms(json_decode($business->configs, true));
}
}
return false;
}
// 获取系统配置权限
public function getAllPerms($configs)
{
$perms = [];
foreach ($configs as $k => $v) {
$perm_a = [];
$perm_b = [];
if (isset($v['childs']) && count($v['childs']) > 0) {
$perm_b = $this->getAllPerms($v['childs']);
} else {
$perm_a[] = $v['permId'];
}
$perms = array_merge($perms, array_merge($perm_a, $perm_b));
}
return $perms;
}
// 处理菜单
public function handleMenus($menus, $perms)
{
foreach ($menus as $k => $v) {
if (strlen($v->href) > 2) {
if (preg_match('/\/web\//', $v->href)) {
$permId = str_replace('/web/','',$v->href);
} else {
$permId = str_replace('/', '', $v->href);
}
// 查看菜单权限
$permId = $permId . '_check';
if (!in_array($permId, $perms)) {
unset($menus[$k]);
}
}
if (count($v->childs) > 0) {
$menus[$k]->childs = array_values($this->handleMenus($v->childs, $perms));
if (empty($menus[$k]->childs)) {
unset($menus[$k]);
}
}
}
return array_values($menus);
}
// 获取主管及其下对应组员的sale_id
public function getGroupSalesId($request, $role_id)
{
$sale_id = [];
// 主管ID
$manager_role_name = array_keys(Config('perm_args.roles'), $role_id);
if ($manager_role_name) {
$manager_sales = $this->getRoleUsers($request, $manager_role_name[0]);
if ($manager_sales) {
foreach ($manager_sales as $v) {
$sale_id[] = $v->userId;
}
}
}
// 线销主管对应的客服
$manager_to_kefu = Config('perm_args.manager_to_kefu');
if (!in_array($role_id, array_keys($manager_to_kefu))) return 0;
$sub_id = $manager_to_kefu[$role_id];
$role_name = array_keys(Config('perm_args.roles'), $sub_id);
if (!$role_name) return 0;
$sales = $this->getRoleUsers($request, $role_name[0]);
if ($sales) {
foreach ($sales as $v) {
$sale_id[] = $v->userId;
}
}
return $sale_id;
}
/**
* 多角色情况下
* 1.若存在管理员、经理、测试角色,则返回角色
* 2.若存在线销主管,则查询其下客服
* 3.其他情况暂不考虑
* @param [type] $request [description]
* @param [type] $role_id [description]
* @return [type] [description]
*/
public function checkUserRoles($request, $role_id)
{
$roles = explode(',', $role_id);
$data = [];
$data['role_id'] = min($roles); // 默认最小值
$data['sale_id'] = $request->user->userId; // 默认只能查看自己的订单数据
$master = array_intersect($roles, Config('perm_args.check_all_order')); // 交集,是否能查看所有订单
if ($master) {
$data['role_id'] = min($master); // 设置最小值的角色 (因为系统页面都是单角色判断)
$data['sale_id'] = 0;
return $data;
}
$intersect = array_intersect($roles, Config('perm_args.manager_order')); // 交集,获取线销主管
if ($intersect) {
$data['role_id'] = min($intersect); // 设置最小值的角色
foreach ($intersect as $v) {
$sale_ids[] = $this->getGroupSalesId($request, $v);
}
$arr = array_reduce($sale_ids, 'array_merge', array()); // 转一维数组
$data['sale_id'] = array_merge(array_unique($arr)); // 去重后,再重新索引
}
return $data;
}
// 获取角色对应的主管邮箱
public function getManager($request)
{
$role = $this->getUserRole($request); // 当前用户角色
$manager_key = array_search($role, Config('perm_args.manager_to_kefu')); // 获取对应的主管key
if (!$manager_key) return false;
$role_name = array_search($manager_key, Config('perm_args.roles')); // 获取主管对应的角色名称
if (!$role_name) return false;
$res = $this->getRoleUsers($request, $role_name); // 获取角色对应的用户
$email = [];
if ($res) {
foreach ($res as $v) {
$email[] = $v->email;
}
}
return $email;
}
}