Haina
/
information-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
webht/payment
master
hotfix/paypal-note
ct-mobile-first
mobile-first
feature/pay
feature/trippest
hotfix/远程访问多媒体中心
add-auto-ticket
v20170316.1
v20
国际站的图片管理
v20170303.1
CDNsession问题
v20170302.3
v20170302.2
v20170302.1
v20170228.2
v20170228.1
模板名称统一
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '35df558908'
${ noResults }
information-system/application/libraries/Accesscheck.php

175 lines
7.1 KiB
PHTML
Raw Normal View History Unescape Escape

初始化合并后的信息平台代码
8 years ago
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Accesscheck extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->model('infoAccessmanage_model','Access_model');
}
public function check_access($site_code='',$module=''){
$userdata=$this->session->userdata('session_admin');
//如果没有开启权限管理或者是超级管理员则拥有全部权限
if (!$this->config->item('check_access') or in_array(strtolower($userdata['OPI_Code']), $this->config->item('access_super_manage'))) {
return true;
}
取消模块的权限判断
7 years ago
$this->session->set_userdata('access_sitecode', $this->Access_model->get_user_site_list($userdata['OPI_Code']));
初始化合并后的信息平台代码
8 years ago
//用户拥有权限de站点、模块&需要权限认证的模块
取消模块的权限判断
7 years ago
$user_site_list = $this->session->userdata('access_sitecode');
初始化合并后的信息平台代码
8 years ago
//检测用户是否能访问当前站点,如果不能,则跳转到该用户有权限的站点
if($site_code=='')$site_code=$this->config->item('site_code');
if (false===stripos(',' . $user_site_list, $site_code)){
header('Location: '.$_SERVER['HTTP_REFERER']);
exit();
}
取消模块的权限判断
7 years ago
return true;
初始化合并后的信息平台代码
8 years ago
}
//获取角色等级(角色树形结构的等级)
public function get_role_level($site_code='',$author=''){
if (!$this->config->item('check_access')) {
return 1;
}
if ($author=='') {
$userdata=$this->session->userdata('session_admin');
$author=$userdata['OPI_Code'];
}
if($site_code=='')$site_code=$this->config->item('site_code');
$ownsite=$this->Access_model->get_user_access($author,$site_code);
if(isset($ownsite->iao_role) && !empty($ownsite->iao_role)){
$role_str='';
$role_str=substr(trim($ownsite->iao_role),0,-1);
$allrole = $this->Access_model->get_role($role_str);
$rolelevel=array();
foreach ($allrole as $r) {
$rolelevel[]=$r->is_level;
}
}
$level=100;
if(!empty($rolelevel))$level=min($rolelevel);
return($level);
}
//判断信息节点是可读还是可写 1:可写0只读
public function get_edit_type($is_path){
if (!$this->config->item('check_access')) {
return 1;
}
$write_list = trim($this->session->userdata('access_write_list'));
$read_list = trim($this->session->userdata('access_read_list'));
$is_path = trim($is_path);
$path_array = explode(',', $is_path);
//对全站拥有可写权限
if (empty($write_list) && empty($read_list)) {
return 1;
}
//对当前节点有可读权限
if ($read_list!='') {
$read_array = explode(',', $read_list);
if (array_intersect($path_array,$read_array)) {
return 0;
}
}
//对当前节点有可写权限
if ($write_list!='') {
$write_array = explode(',', $write_list);
if (array_intersect($path_array,$write_array)) {
return 1;
}
}
//如果是有权限的信息节点的父节点则给予可读权限
return 0;
}
//获取信息树形结构
public function get_info_structure($root_id){
$this->load->model('InfoStructures_model');
$this->load->model('Information_model');
//查询结构列表信息
$data['informationList'] = $this->Information_model->StructureList($root_id);
$ori_informationList=$data['informationList'];
if (!$this->config->item('check_access')) {
return $data['informationList'];
}
//权限处理
$write_list = trim($this->session->userdata('access_write_list'));
$read_list = trim($this->session->userdata('access_read_list'));
if(!empty($read_list))$read_list=$read_list.',';
$nodelist=$read_list.$write_list;
$nodelist=trim($nodelist);
if ($this->config->item('check_access') && !empty($nodelist)) {
$access_ids=explode(',',$nodelist);
$parent_id_str = '';
$flag=array();
$parent=array();
$parent_is_array=array();
//获取有权限的节点下的所有子节点
foreach ($data['informationList'] as $tree) {
$infopatharr=explode(',', trim($tree->is_path));
if (in_array($tree->is_id, $access_ids)) {
$parent_id_str .= $tree->is_path;
$parent_is_array[$tree->is_id] = $tree;
}elseif (array_intersect($infopatharr,$access_ids)) {
$flag[]=$tree;
}else{
$parent_is_array[$tree->is_id] = $tree;
}
}
//获取有权限的节点的父节点
$parent_id_array=explode(',', $parent_id_str);
$parent_id_array=array_unique($parent_id_array);
array_pop($parent_id_array);
foreach ($parent_id_array as $v) {
if (isset($parent_is_array[$v]))
$parent[] = $parent_is_array[$v];
}
//合并父节点和子节点数组
$data['informationList'] = $flag;
if (!empty($parent) and !empty($data['informationList'])) {
$data['informationList'] = array_merge($parent,$flag);
}else{
$data['informationList']=$parent;
}
}
elseif ($this->config->item('check_access') && empty($nodelist) && $this->get_role_level()>4)
{
$user_province=array();
$access_module = $this->session->userdata('access_module');
if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
$user_province = $access_module['user_action']['province'];
$current_province = $this->Information_model->get_province_by_isid($root_id);
if ($current_province!==false && !in_array($current_province, $user_province)) {
return false;
}
}
}
//如果该信息不在可读可写列表里面,再检查是否在有权限的某一城市里面,
//若不在则表示没有权限访问当前信息模块
if (empty($data['informationList']))
{
$user_province = array();
$access_module = $this->session->userdata('access_module');
if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
$user_province = $access_module['user_action']['province'];
}
$current_province = $this->Information_model->get_province_by_isid($root_id);
if ($current_province!==false && in_array($current_province, $user_province)) {
$data['informationList']=$ori_informationList;
}else{
return false;
}
}
return $data['informationList'];
}
}