Haina
/
information-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
webht/payment
master
hotfix/paypal-note
ct-mobile-first
mobile-first
feature/pay
feature/trippest
hotfix/远程访问多媒体中心
add-auto-ticket
v20170316.1
v20
国际站的图片管理
v20170303.1
CDNsession问题
v20170302.3
v20170302.2
v20170302.1
v20170228.2
v20170228.1
模板名称统一
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07eeb74c21'
${ noResults }
information-system/application/libraries/Accesscheck.php

259 lines
11 KiB
PHP
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Accesscheck extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->model('infoAccessmanage_model','Access_model');
}
public function check_access($site_code='',$module=''){
$userdata=$this->session->userdata('session_admin');
//如果没有开启权限管理或者是超级管理员则拥有全部权限
if (!$this->config->item('check_access') or in_array(strtolower($userdata['OPI_Code']), $this->config->item('access_super_manage'))) {
return true;
}
if ($this->session->userdata('access_module') === false){
$this->init_accessdata();
}
//用户拥有权限de站点、模块&需要权限认证的模块
$access_module = $this->session->userdata('access_module');
$user_controller = $access_module['user_controller'];
$user_action = $access_module['user_action'];
$iaa_controller_list = $access_module['iaa_controller_list'];
$iaa_action_list = $access_module['iaa_action_list'];
$user_site_list = $this->session->userdata('access_sitecode');
//检测用户是否能访问当前站点,如果不能,则跳转到该用户有权限的站点
if($site_code=='')$site_code=$this->config->item('site_code');
if (false===stripos(',' . $user_site_list, $site_code)){
header('Location: '.$_SERVER['HTTP_REFERER']);
exit();
}
//判断当前操作是否需要认证
$flag=true;
if ($module!='') {
$module_array=explode('/', trim($module));
$this->router->class= $module_array[0];
$this->router->method= $module_array[1];
}
//判断当前模块是否需要认证
if (in_array($this->router->class, $iaa_controller_list)) {
//如果需要认证,判断是否有权限操作当前模块
if (in_array($this->router->class,$user_controller)) {
//判断是否能编辑不同省份信息
/*if($this->router->class=='province'){
$province=str_replace('/province/', '', $this->uri->uri_string());
$province=trim($province);
if (!isset($user_action[$this->router->class]) || !in_array($province, $user_action[$this->router->class])) {
$flag = false;//没有权限查看当前省份!
}
}
//判断当前方法是否需要认证
else*/
if (isset($iaa_action_list[$this->router->class]) && in_array($this->router->method, $iaa_action_list[$this->router->class])) {
//如果当前方法需要认证,则判断是否有权限
if (!isset($user_action[$this->router->class]) || !in_array($this->router->method, $user_action[$this->router->class])) {
$flag = false;//没有权限执行当前方法!
}
}
}else {
$flag = false;//没有权限执行当前控制器模块!
}
}
if ($module =='' && !$flag) {
redirect(site_url('Login/refuse'));
exit();
}
return $flag;
}
public function init_accessdata(){
$userdata=$this->session->userdata('session_admin');
//根据usercode获取用户角色、可读、可写列表
$user_access=$this->Access_model->get_user_access($userdata['OPI_Code'],$this->config->item('site_code'));
//根据角色字符串获取用户有权限的操作
$user_node=$this->Access_model->get_node_list($user_access->iao_role.'0');
//把用户拥有的所有角色id组装成一个数组集合
$node_str='';
foreach ($user_node as $node) {
$node_str.=$node->ian_iaa_id;
}
$node_array=explode(',', substr($node_str, 0,-1));
//用户拥有权限de站点、模块&需要权限认证的模块
$user_controller = array();
$user_action = array();
$iaa_controller_list = array();
$iaa_action_list = array();
//所有需要认证的模块、方法
$action_list=$this->Access_model->get_action_list();
foreach ($action_list as $a) {
//用户拥有的权限模块、方法
if (in_array($a->iaa_id, $node_array) && $a->iaa_controller!='') {
$user_controller[] = $a->iaa_controller;
$user_action[$a->iaa_controller][] = $a->iaa_action;
}
//需要认证的控制器和方法
if(!empty($a->iaa_controller))$iaa_controller_list[]=$a->iaa_controller;
if(!empty($a->iaa_action))$iaa_action_list[$a->iaa_controller][]=$a->iaa_action;
}
$access_module['user_controller'] = $user_controller;
$access_module['user_action'] = $user_action;
$access_module['iaa_controller_list'] = $iaa_controller_list;
$access_module['iaa_action_list'] = $iaa_action_list;
$this->session->set_userdata('access_read_list', $user_access->iao_read);
$this->session->set_userdata('access_write_list', $user_access->iao_write);
$this->session->set_userdata('access_sitecode', $this->Access_model->get_user_site_list($userdata['OPI_Code']));
$this->session->set_userdata('access_module', $access_module);
}
//获取角色等级(角色树形结构的等级)
public function get_role_level($site_code='',$author=''){
if (!$this->config->item('check_access')) {
return 1;
}
if ($author=='') {
$userdata=$this->session->userdata('session_admin');
$author=$userdata['OPI_Code'];
}
if($site_code=='')$site_code=$this->config->item('site_code');
$ownsite=$this->Access_model->get_user_access($author,$site_code);
if(isset($ownsite->iao_role) && !empty($ownsite->iao_role)){
$role_str='';
$role_str=substr(trim($ownsite->iao_role),0,-1);
$allrole = $this->Access_model->get_role($role_str);
$rolelevel=array();
foreach ($allrole as $r) {
$rolelevel[]=$r->is_level;
}
}
$level=100;
if(!empty($rolelevel))$level=min($rolelevel);
return($level);
}
//判断信息节点是可读还是可写 1:可写0只读
public function get_edit_type($is_path){
if (!$this->config->item('check_access')) {
return 1;
}
$write_list = trim($this->session->userdata('access_write_list'));
$read_list = trim($this->session->userdata('access_read_list'));
$is_path = trim($is_path);
$path_array = explode(',', $is_path);
//对全站拥有可写权限
if (empty($write_list) && empty($read_list)) {
return 1;
}
//对当前节点有可读权限
if ($read_list!='') {
$read_array = explode(',', $read_list);
if (array_intersect($path_array,$read_array)) {
return 0;
}
}
//对当前节点有可写权限
if ($write_list!='') {
$write_array = explode(',', $write_list);
if (array_intersect($path_array,$write_array)) {
return 1;
}
}
//如果是有权限的信息节点的父节点则给予可读权限
return 0;
}
//获取信息树形结构
public function get_info_structure($root_id){
$this->load->model('InfoStructures_model');
$this->load->model('Information_model');
//查询结构列表信息
$data['informationList'] = $this->Information_model->StructureList($root_id);
$ori_informationList=$data['informationList'];
if (!$this->config->item('check_access')) {
return $data['informationList'];
}
//权限处理
$write_list = trim($this->session->userdata('access_write_list'));
$read_list = trim($this->session->userdata('access_read_list'));
if(!empty($read_list))$read_list=$read_list.',';
$nodelist=$read_list.$write_list;
$nodelist=trim($nodelist);
if ($this->config->item('check_access') && !empty($nodelist)) {
$access_ids=explode(',',$nodelist);
$parent_id_str = '';
$flag=array();
$parent=array();
$parent_is_array=array();
//获取有权限的节点下的所有子节点
foreach ($data['informationList'] as $tree) {
$infopatharr=explode(',', trim($tree->is_path));
if (in_array($tree->is_id, $access_ids)) {
$parent_id_str .= $tree->is_path;
$parent_is_array[$tree->is_id] = $tree;
}elseif (array_intersect($infopatharr,$access_ids)) {
$flag[]=$tree;
}else{
$parent_is_array[$tree->is_id] = $tree;
}
}
//获取有权限的节点的父节点
$parent_id_array=explode(',', $parent_id_str);
$parent_id_array=array_unique($parent_id_array);
array_pop($parent_id_array);
foreach ($parent_id_array as $v) {
if (isset($parent_is_array[$v]))
$parent[] = $parent_is_array[$v];
}
//合并父节点和子节点数组
$data['informationList'] = $flag;
if (!empty($parent) and !empty($data['informationList'])) {
$data['informationList'] = array_merge($parent,$flag);
}else{
$data['informationList']=$parent;
}
}
elseif ($this->config->item('check_access') && empty($nodelist) && $this->get_role_level()>4)
{
$user_province=array();
$access_module = $this->session->userdata('access_module');
if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
$user_province = $access_module['user_action']['province'];
$current_province = $this->Information_model->get_province_by_isid($root_id);
if ($current_province!==false && !in_array($current_province, $user_province)) {
return false;
}
}
}
//如果该信息不在可读可写列表里面,再检查是否在有权限的某一城市里面,
//若不在则表示没有权限访问当前信息模块
if (empty($data['informationList']))
{
$user_province = array();
$access_module = $this->session->userdata('access_module');
if(isset($access_module['user_action']['province']) && !empty($access_module['user_action']['province'])){
$user_province = $access_module['user_action']['province'];
}
$current_province = $this->Information_model->get_province_by_isid($root_id);
if ($current_province!==false && in_array($current_province, $user_province)) {
$data['informationList']=$ori_informationList;
}else{
return false;
}
}
return $data['informationList'];
}
}
Reference in New Issue View Git Blame Copy Permalink