Haina
/
information-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
webht/payment
master
hotfix/paypal-note
ct-mobile-first
mobile-first
feature/pay
feature/trippest
hotfix/远程访问多媒体中心
add-auto-ticket
v20170316.1
v20
国际站的图片管理
v20170303.1
CDNsession问题
v20170302.3
v20170302.2
v20170302.1
v20170228.2
v20170228.1
模板名称统一
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07eeb74c21'
${ noResults }
information-system/application/libraries/Accesscheck.php

259 lines
11 KiB
PHTML
Raw Normal View History Unescape Escape

初始化合并后的信息平台代码
8 years ago
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Accesscheck extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->model('infoAccessmanage_model','Access_model');
}
public function check_access($site_code='',$module=''){
$userdata=$this->session->userdata('session_admin');
//如果没有开启权限管理或者是超级管理员则拥有全部权限
if (!$this->config->item('check_access') or in_array(strtolower($userdata['OPI_Code']), $this->config->item('access_super_manage'))) {
return true;
}
if ($this->session->userdata('access_module') === false){
$this->init_accessdata();
}
//用户拥有权限de站点、模块&需要权限认证的模块
$access_module = $this->session->userdata('access_module');
$user_controller = $access_module['user_controller'];
$user_action = $access_module['user_action'];
$iaa_controller_list = $access_module['iaa_controller_list'];
$iaa_action_list = $access_module['iaa_action_list'];
$user_site_list = $this->session->userdata('access_sitecode');
//检测用户是否能访问当前站点,如果不能,则跳转到该用户有权限的站点
if($site_code=='')$site_code=$this->config->item('site_code');
if (false===stripos(',' . $user_site_list, $site_code)){
header('Location: '.$_SERVER['HTTP_REFERER']);
exit();
}
//判断当前操作是否需要认证
$flag=true;
if ($module!='') {
$module_array=explode('/', trim($module));
$this->router->class= $module_array[0];
$this->router->method= $module_array[1];
}
//判断当前模块是否需要认证
if (in_array($this->router->class, $iaa_controller_list)) {
//如果需要认证,判断是否有权限操作当前模块
if (in_array($this->router->class,$user_controller)) {
//判断是否能编辑不同省份信息
/*if($this->router->class=='province'){
$province=str_replace('/province/', '', $this->uri->uri_string());
$province=trim($province);
if (!isset($user_action[$this->router->class]) || !in_array($province, $user_action[$this->router->class])) {
$flag = false;//没有权限查看当前省份!
}
}
//判断当前方法是否需要认证
else*/
if (isset($iaa_action_list[$this->router->class]) && in_array($this->router->method, $iaa_action_list[$this->router->class])) {
//如果当前方法需要认证,则判断是否有权限
if (!isset($user_action[$this->router->class]) || !in_array($this->router->method, $user_action[$this->router->class])) {
$flag = false;//没有权限执行当前方法!
}
}
}else {
$flag = false;//没有权限执行当前控制器模块!
}
}
if ($module =='' && !$flag) {
redirect(site_url('Login/refuse'));
exit();
}
return $flag;
}
public function init_accessdata(){
$userdata=$this->session->userdata('session_admin');
//根据usercode获取用户角色、可读、可写列表
$user_access=$this->Access_model->get_user_access($userdata['OPI_Code'],$this->config->item('site_code'));
//根据角色字符串获取用户有权限的操作
$user_node=$this->Access_model->get_node_list($user_access->iao_role.'0');
//把用户拥有的所有角色id组装成一个数组集合
$node_str='';
foreach ($user_node as $node) {
$node_str.=$node->ian_iaa_id;
}
$node_array=explode(',', substr($node_str, 0,-1));
//用户拥有权限de站点、模块&需要权限认证的模块
$user_controller = array();
$user_action = array();
$iaa_controller_list = array();
$iaa_action_list = array();
//所有需要认证的模块、方法
$action_list=$this->Access_model->get_action_list();
foreach ($action_list as $a) {
//用户拥有的权限模块、方法
if (in_array($a->iaa_id, $node_array) && $a->iaa_controller!='') {
$user_controller[] = $a->iaa_controller;
$user_action[$a->iaa_controller][] = $a->iaa_action;
}
//需要认证的控制器和方法
if(!empty($a->iaa_controller))$iaa_controller_list[]=$a->iaa_controller;
if(!empty($a->iaa_action))$iaa_action_list[$a->iaa_controller][]=$a->iaa_action;
}
$access_module['user_controller'] = $user_controller;
$access_module['user_action'] = $user_action;
$access_module['iaa_controller_list'] = $iaa_controller_list;
$access_module['iaa_action_list'] = $iaa_action_list;
$this->session->set_userdata('access_read_list', $user_access->iao_read);
$this->session->set_userdata('access_write_list', $user_access->iao_write);
$this->session->set_userdata('access_sitecode', $this->Access_model->get_user_site_list($userdata['OPI_Code']));
$this->session->set_userdata('access_module', $access_module);
}
//获取角色等级(角色树形结构的等级)
public function get_role_level($site_code='',$author=''){
if (!$this->config->item('check_access')) {
return 1;
}
if ($author=='') {
$userdata=$this->session->userdata('session_admin');
$author=$userdata['OPI_Code'];
}
if($site_code=='')$site_code=$this->config->item('site_code');
$ownsite=$this->Access_model->get_user_access($author,$site_code);
if(isset($ownsite->iao_role) && !empty($ownsite->iao_role)){
$role_str='';
$role_str=substr(trim($ownsite->iao_role),0,-1);
$allrole = $this->Access_model->get_role($role_str);
$rolelevel=array();
foreach ($allrole as $r) {
$rolelevel[]=$r->is_level;
}
}
$level=100;
if(!empty($rolelevel))$level=min($rolelevel);
return($level);
}
//判断信息节点是可读还是可写 1:可写0只读
public function get_edit_type($is_path){
if (!$this->config->item('check_access')) {
return 1;
}
$write_list = trim($this->session->userdata('access_write_list'));
$read_list = trim($this->session->userdata('access_read_list'));
$is_path = trim($is_path);
$path_array = explode(',', $is_path);
//对全站拥有可写权限
if (empty($write_list) && empty($read_list)) {
return 1;
}
//对当前节点有可读权限
if ($read_list!='') {
$read_array = explode(',', $read_list);
if (array_intersect($path_array,$read_array)) {
return 0;
}
}
//对当前节点有可写权限
if ($write_list!='') {
$write_array = explode(',', $write_list);
if (array_intersect($path_array,$write_array)) {
return 1;
}
}
//如果是有权限的信息节点的父节点则给予可读权限
return 0;
}
//获取信息树形结构
public function get_info_structure($root_id){
$this->load->model('InfoStructures_model');
$this->load->model('Information_model');
//查询结构列表信息
$data['informationList'] = $this->Information_model->StructureList($root_id);
$ori_informationList=$data['informationList'];
if (!$this->config->item('check_access')) {
return $data['informationList'];
}
//权限处理
$write_list = trim($this->session->userdata('access_write_list'));
$read_list = trim($this->session->userdata('access_read_list'));
if(!empty($read_list))$read_list=$read_list.',';
$nodelist=$read_list.$write_list;
$nodelist=trim($nodelist);
if ($this->config->item('check_access') && !empty($nodelist)) {
$access_ids=explode(',',$nodelist);
$parent_id_str = '';
$flag=array();
$parent=array();
$parent_is_array=array();
//获取有权限的节点下的所有子节点
foreach ($data['informationList'] as $tree) {
$infopatharr=explode(',', trim($tree->is_path));
if (in_array($tree->is_id, $access_ids)) {
$parent_id_str .= $tree->is_path;
$parent_is_array[$tree->is_id] = $tree;
}elseif (array_intersect($infopatharr,$access_ids)) {
$flag[]=$tree;
}else{
$parent_is_array[$tree->is_id] = $tree;
}
}
//获取有权限的节点的父节点
$parent_id_array=explode(',', $parent_id_str);
$parent_id_array=array_unique($parent_id_array);
array_pop($parent_id_array);
foreach ($parent_id_array as $v) {
if (isset($parent_is_array[$v]))
$parent[] = $parent_is_array[$v];
}
//合并父节点和子节点数组
$data['informationList'] = $flag;
if (!empty($parent) and !empty($data['informationList'])) {
$data['informationList'] = array_merge($parent,$flag);
}else{
$data['informationList']=$parent;
}
}
elseif ($this->config->item('check_access') && empty($nodelist) && $this->get_role_level()>4)
{
$user_province=array();
$access_module = $this->session->userdata('access_module');
if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
$user_province = $access_module['user_action']['province'];
$current_province = $this->Information_model->get_province_by_isid($root_id);
if ($current_province!==false && !in_array($current_province, $user_province)) {
return false;
}
}
}
//如果该信息不在可读可写列表里面,再检查是否在有权限的某一城市里面,
//若不在则表示没有权限访问当前信息模块
if (empty($data['informationList']))
{
$user_province = array();
$access_module = $this->session->userdata('access_module');
if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
$user_province = $access_module['user_action']['province'];
}
$current_province = $this->Information_model->get_province_by_isid($root_id);
if ($current_province!==false && in_array($current_province, $user_province)) {
$data['informationList']=$ori_informationList;
}else{
return false;
}
}
return $data['informationList'];
}
}