load->model('infoAccessmanage_model','Access_model'); } public function check_access($site_code='',$module=''){ $userdata=$this->session->userdata('session_admin'); //如果没有开启权限管理或者是超级管理员则拥有全部权限 if (!$this->config->item('check_access') or in_array(strtolower($userdata['OPI_Code']), $this->config->item('access_super_manage'))) { return true; } if ($this->session->userdata('access_module') === false){ $this->init_accessdata(); } //用户拥有权限de站点、模块&需要权限认证的模块 $access_module = $this->session->userdata('access_module'); $user_controller = $access_module['user_controller']; $user_action = $access_module['user_action']; $iaa_controller_list = $access_module['iaa_controller_list']; $iaa_action_list = $access_module['iaa_action_list']; $user_site_list = $this->session->userdata('access_sitecode'); //检测用户是否能访问当前站点,如果不能，则跳转到该用户有权限的站点 if($site_code=='')$site_code=$this->config->item('site_code'); if (false===stripos(',' . $user_site_list, $site_code)){ header('Location: '.$_SERVER['HTTP_REFERER']); exit(); } //判断当前操作是否需要认证 $flag=true; if ($module!='') { $module_array=explode('/', trim($module)); $this->router->class= $module_array[0]; $this->router->method= $module_array[1]; } //判断当前模块是否需要认证 if (in_array($this->router->class, $iaa_controller_list)) { //如果需要认证，判断是否有权限操作当前模块 if (in_array($this->router->class,$user_controller)) { //判断是否能编辑不同省份信息 /*if($this->router->class=='province'){ $province=str_replace('/province/', '', $this->uri->uri_string()); $province=trim($province); if (!isset($user_action[$this->router->class]) || !in_array($province, $user_action[$this->router->class])) { $flag = false;//没有权限查看当前省份！ } } //判断当前方法是否需要认证 else*/ if (isset($iaa_action_list[$this->router->class]) && in_array($this->router->method, $iaa_action_list[$this->router->class])) { //如果当前方法需要认证，则判断是否有权限 if (!isset($user_action[$this->router->class]) || !in_array($this->router->method, $user_action[$this->router->class])) { $flag = false;//没有权限执行当前方法！ } } }else { $flag = false;//没有权限执行当前控制器模块！ } } if ($module =='' && !$flag) { redirect(site_url('Login/refuse')); exit(); } return $flag; } public function init_accessdata(){ $userdata=$this->session->userdata('session_admin'); //根据usercode获取用户角色、可读、可写列表 $user_access=$this->Access_model->get_user_access($userdata['OPI_Code'],$this->config->item('site_code')); //根据角色字符串获取用户有权限的操作 $user_node=$this->Access_model->get_node_list($user_access->iao_role.'0'); //把用户拥有的所有角色id组装成一个数组集合 $node_str=''; foreach ($user_node as $node) { $node_str.=$node->ian_iaa_id; } $node_array=explode(',', substr($node_str, 0,-1)); //用户拥有权限de站点、模块&需要权限认证的模块 $user_controller = array(); $user_action = array(); $iaa_controller_list = array(); $iaa_action_list = array(); //所有需要认证的模块、方法 $action_list=$this->Access_model->get_action_list(); foreach ($action_list as $a) { //用户拥有的权限模块、方法 if (in_array($a->iaa_id, $node_array) && $a->iaa_controller!='') { $user_controller[] = $a->iaa_controller; $user_action[$a->iaa_controller][] = $a->iaa_action; } //需要认证的控制器和方法 if(!empty($a->iaa_controller))$iaa_controller_list[]=$a->iaa_controller; if(!empty($a->iaa_action))$iaa_action_list[$a->iaa_controller][]=$a->iaa_action; } $access_module['user_controller'] = $user_controller; $access_module['user_action'] = $user_action; $access_module['iaa_controller_list'] = $iaa_controller_list; $access_module['iaa_action_list'] = $iaa_action_list; $this->session->set_userdata('access_read_list', $user_access->iao_read); $this->session->set_userdata('access_write_list', $user_access->iao_write); $this->session->set_userdata('access_sitecode', $this->Access_model->get_user_site_list($userdata['OPI_Code'])); $this->session->set_userdata('access_module', $access_module); } //获取角色等级(角色树形结构的等级) public function get_role_level($site_code='',$author=''){ if (!$this->config->item('check_access')) { return 1; } if ($author=='') { $userdata=$this->session->userdata('session_admin'); $author=$userdata['OPI_Code']; } if($site_code=='')$site_code=$this->config->item('site_code'); $ownsite=$this->Access_model->get_user_access($author,$site_code); if(isset($ownsite->iao_role) && !empty($ownsite->iao_role)){ $role_str=''; $role_str=substr(trim($ownsite->iao_role),0,-1); $allrole = $this->Access_model->get_role($role_str); $rolelevel=array(); foreach ($allrole as $r) { $rolelevel[]=$r->is_level; } } $level=100; if(!empty($rolelevel))$level=min($rolelevel); return($level); } //判断信息节点是可读还是可写 1:可写，0：只读 public function get_edit_type($is_path){ if (!$this->config->item('check_access')) { return 1; } $write_list = trim($this->session->userdata('access_write_list')); $read_list = trim($this->session->userdata('access_read_list')); $is_path = trim($is_path); $path_array = explode(',', $is_path); //对全站拥有可写权限 if (empty($write_list) && empty($read_list)) { return 1; } //对当前节点有可读权限 if ($read_list!='') { $read_array = explode(',', $read_list); if (array_intersect($path_array,$read_array)) { return 0; } } //对当前节点有可写权限 if ($write_list!='') { $write_array = explode(',', $write_list); if (array_intersect($path_array,$write_array)) { return 1; } } //如果是有权限的信息节点的父节点则给予可读权限 return 0; } //获取信息树形结构 public function get_info_structure($root_id){ $this->load->model('InfoStructures_model'); $this->load->model('Information_model'); //查询结构列表信息 $data['informationList'] = $this->Information_model->StructureList($root_id); $ori_informationList=$data['informationList']; if (!$this->config->item('check_access')) { return $data['informationList']; } //权限处理 $write_list = trim($this->session->userdata('access_write_list')); $read_list = trim($this->session->userdata('access_read_list')); if(!empty($read_list))$read_list=$read_list.','; $nodelist=$read_list.$write_list; $nodelist=trim($nodelist); if ($this->config->item('check_access') && !empty($nodelist)) { $access_ids=explode(',',$nodelist); $parent_id_str = ''; $flag=array(); $parent=array(); $parent_is_array=array(); //获取有权限的节点下的所有子节点 foreach ($data['informationList'] as $tree) { $infopatharr=explode(',', trim($tree->is_path)); if (in_array($tree->is_id, $access_ids)) { $parent_id_str .= $tree->is_path; $parent_is_array[$tree->is_id] = $tree; }elseif (array_intersect($infopatharr,$access_ids)) { $flag[]=$tree; }else{ $parent_is_array[$tree->is_id] = $tree; } } //获取有权限的节点的父节点 $parent_id_array=explode(',', $parent_id_str); $parent_id_array=array_unique($parent_id_array); array_pop($parent_id_array); foreach ($parent_id_array as $v) { if (isset($parent_is_array[$v])) $parent[] = $parent_is_array[$v]; } //合并父节点和子节点数组 $data['informationList'] = $flag; if (!empty($parent) and !empty($data['informationList'])) { $data['informationList'] = array_merge($parent,$flag); }else{ $data['informationList']=$parent; } } elseif ($this->config->item('check_access') && empty($nodelist) && $this->get_role_level()>4) { $user_province=array(); $access_module = $this->session->userdata('access_module'); if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){ $user_province = $access_module['user_action']['province']; $current_province = $this->Information_model->get_province_by_isid($root_id); if ($current_province!==false && !in_array($current_province, $user_province)) { return false; } } } //如果该信息不在可读可写列表里面，再检查是否在有权限的某一城市里面， //若不在则表示没有权限访问当前信息模块 if (empty($data['informationList'])) { $user_province = array(); $access_module = $this->session->userdata('access_module'); if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){ $user_province = $access_module['user_action']['province']; } $current_province = $this->Information_model->get_province_by_isid($root_id); if ($current_province!==false && in_array($current_province, $user_province)) { $data['informationList']=$ori_informationList; }else{ return false; } } return $data['informationList']; } }