<?php

if (!defined('BASEPATH'))
    exit('No direct script access allowed');

class Accesscheck extends CI_Controller
{

    function __construct()
    {
        parent::__construct();
        $this->load->model('infoAccessmanage_model','Access_model');
    }
    public function check_access($site_code='',$module=''){
        $userdata=$this->session->userdata('session_admin');
        //如果没有开启权限管理或者是超级管理员则拥有全部权限
        if (!$this->config->item('check_access') or in_array(strtolower($userdata['OPI_Code']), $this->config->item('access_super_manage'))) {
            return true;
        }
        
		$this->session->set_userdata('access_sitecode', $this->Access_model->get_user_site_list($userdata['OPI_Code']));
        //用户拥有权限de站点、模块&需要权限认证的模块
        $user_site_list   = $this->session->userdata('access_sitecode');

        //检测用户是否能访问当前站点,如果不能，则跳转到该用户有权限的站点
        if($site_code=='')$site_code=$this->config->item('site_code');
        if (false===stripos(',' . $user_site_list, $site_code)){
            header('Location: '.$_SERVER['HTTP_REFERER']);
            exit();
        }
        return true;
    }


    //获取角色等级(角色树形结构的等级)
    public function get_role_level($site_code='',$author=''){
        if (!$this->config->item('check_access')) {
            return 1;
        }
        if ($author=='') {
            $userdata=$this->session->userdata('session_admin');
            $author=$userdata['OPI_Code'];
        }
        if($site_code=='')$site_code=$this->config->item('site_code');
        $ownsite=$this->Access_model->get_user_access($author,$site_code);
        
        if(isset($ownsite->iao_role) && !empty($ownsite->iao_role)){
            $role_str='';
            $role_str=substr(trim($ownsite->iao_role),0,-1);
            $allrole = $this->Access_model->get_role($role_str);
            $rolelevel=array();
            foreach ($allrole as $r) {
                $rolelevel[]=$r->is_level;
            }  
        }
        $level=100;
        if(!empty($rolelevel))$level=min($rolelevel);
        return($level);
    }

    //判断信息节点是可读还是可写 1:可写，0：只读
    public function get_edit_type($is_path){
        if (!$this->config->item('check_access')) {
            return 1;
        }
        $write_list = trim($this->session->userdata('access_write_list'));
        $read_list = trim($this->session->userdata('access_read_list'));
        $is_path   = trim($is_path);
        $path_array = explode(',', $is_path);
        //对全站拥有可写权限
        if (empty($write_list) && empty($read_list)) {
            return 1;
        }
        //对当前节点有可读权限
        if ($read_list!='') {
            $read_array = explode(',', $read_list);
            if (array_intersect($path_array,$read_array)) {
                return 0;
            }
        }
        //对当前节点有可写权限
        if ($write_list!='') {
            $write_array = explode(',', $write_list);
            if (array_intersect($path_array,$write_array)) {
                return 1;
            }
        }
        //如果是有权限的信息节点的父节点则给予可读权限
        return 0;
    }

    //获取信息树形结构
    public function get_info_structure($root_id){
        $this->load->model('InfoStructures_model');
        $this->load->model('Information_model');
        //查询结构列表信息
        $data['informationList'] = $this->Information_model->StructureList($root_id);
        $ori_informationList=$data['informationList'];
        if (!$this->config->item('check_access')) {
            return $data['informationList'];
        }
        
        //权限处理
        $write_list = trim($this->session->userdata('access_write_list'));
        $read_list = trim($this->session->userdata('access_read_list'));
        if(!empty($read_list))$read_list=$read_list.',';
        $nodelist=$read_list.$write_list;
        $nodelist=trim($nodelist);
        if ($this->config->item('check_access') && !empty($nodelist)) {
            $access_ids=explode(',',$nodelist);
            $parent_id_str = '';
            $flag=array();
            $parent=array();
            $parent_is_array=array();
            //获取有权限的节点下的所有子节点
            foreach ($data['informationList'] as $tree) {
                $infopatharr=explode(',', trim($tree->is_path));
                if (in_array($tree->is_id, $access_ids)) {
                    $parent_id_str .= $tree->is_path;
                    $parent_is_array[$tree->is_id] = $tree;
                }elseif (array_intersect($infopatharr,$access_ids)) {
                    $flag[]=$tree;
                }else{
                    $parent_is_array[$tree->is_id] = $tree;
                }
            }
            //获取有权限的节点的父节点
            $parent_id_array=explode(',', $parent_id_str);
            $parent_id_array=array_unique($parent_id_array);
            array_pop($parent_id_array);
            foreach ($parent_id_array as $v) {
                if (isset($parent_is_array[$v]))
                    $parent[] = $parent_is_array[$v];
            }
            //合并父节点和子节点数组
            $data['informationList'] = $flag;
            if (!empty($parent) and !empty($data['informationList'])) {
                $data['informationList'] = array_merge($parent,$flag);
            }else{
                $data['informationList']=$parent;
            }
        }
        elseif ($this->config->item('check_access') && empty($nodelist) && $this->get_role_level()>4)
        {
            $user_province=array();
            $access_module  = $this->session->userdata('access_module');
            if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
                $user_province  = $access_module['user_action']['province'];
                $current_province = $this->Information_model->get_province_by_isid($root_id);
                if ($current_province!==false && !in_array($current_province, $user_province)) {
                    return false;
                }
            }
        }
        //如果该信息不在可读可写列表里面，再检查是否在有权限的某一城市里面，
        //若不在则表示没有权限访问当前信息模块
        if (empty($data['informationList'])) 
        {
            $user_province  = array();
            $access_module  = $this->session->userdata('access_module');
            if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
                $user_province  = $access_module['user_action']['province'];
            }
            $current_province = $this->Information_model->get_province_by_isid($root_id);
            if ($current_province!==false && in_array($current_province, $user_province)) {
                $data['informationList']=$ori_informationList;
            }else{
                return false;
            }
        }

        return $data['informationList'];
    }
}