2013-01-16 08:09:14 +00:00
|
|
|
|
<?php
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Users 用户相关操作
|
2013-01-24 09:33:42 +00:00
|
|
|
|
* Users($db,Zend_Auth::getInstance())
|
2013-01-16 08:09:14 +00:00
|
|
|
|
*/
|
|
|
|
|
|
|
2013-01-24 09:33:42 +00:00
|
|
|
|
class Users extends Zend_Controller_Plugin_Abstract
|
2013-01-16 08:09:14 +00:00
|
|
|
|
{
|
|
|
|
|
|
|
2013-01-24 09:33:42 +00:00
|
|
|
|
private $db; //传入PDO对象.
|
|
|
|
|
|
private $auth = NULL; //Zend_Auth 对象
|
2013-01-16 08:09:14 +00:00
|
|
|
|
|
|
|
|
|
|
//使用到的公共变量
|
|
|
|
|
|
public $tbl_user = "users";
|
|
|
|
|
|
public $tbl_group = "groups";
|
|
|
|
|
|
public $tbl_userToGroup = "usergroup";
|
2013-01-24 09:33:42 +00:00
|
|
|
|
public $tbl_uAuth = "userauth";
|
|
|
|
|
|
public $tbl_gAuth = "groupauth";
|
|
|
|
|
|
|
|
|
|
|
|
//权限配置
|
|
|
|
|
|
private $def_auth_pass = false; //全局权限
|
|
|
|
|
|
private $def_GAuth_pass = true; //当用户没有组信息时是否承认他的个人权限
|
|
|
|
|
|
private $def_UAuth_pass = false; //当用户不存在时是否匹配全局权限
|
2013-01-16 08:09:14 +00:00
|
|
|
|
|
2013-01-24 09:33:42 +00:00
|
|
|
|
//默认权限控制器
|
|
|
|
|
|
private $def_auth_mvc = array(
|
|
|
|
|
|
'module' => 'default',
|
|
|
|
|
|
'controller'=>'error',
|
|
|
|
|
|
'action'=> 'authority'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
2013-01-25 09:34:52 +00:00
|
|
|
|
//所有权限
|
|
|
|
|
|
public $AuthResource = NULL; //资源
|
|
|
|
|
|
|
2013-01-24 09:33:42 +00:00
|
|
|
|
function __construct($db,Zend_Auth $auth=NULL)
|
2013-01-16 08:09:14 +00:00
|
|
|
|
{
|
|
|
|
|
|
$this->db = $db;
|
2013-01-24 09:33:42 +00:00
|
|
|
|
$this->auth = $auth;
|
2013-01-16 08:09:14 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2013-01-24 09:33:42 +00:00
|
|
|
|
//检查权限,仅在MVC模式中使用
|
|
|
|
|
|
public function CheckInMvc(Zend_Auth $auth,Zend_Controller_Request_Abstract $request,$special=""){
|
|
|
|
|
|
|
|
|
|
|
|
if(empty($auth) || empty($request))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$options = array(
|
|
|
|
|
|
'module' => $request->getModuleName(),
|
|
|
|
|
|
'controller' => $request->getControllerName(),
|
|
|
|
|
|
'action' => $request->getActionName(),
|
|
|
|
|
|
'special' => $special
|
|
|
|
|
|
);
|
|
|
|
|
|
//echo "<pre>";var_dump($options);echo "</pre>";exit();
|
|
|
|
|
|
|
|
|
|
|
|
$uid = 0;
|
|
|
|
|
|
$gid = 0;
|
|
|
|
|
|
|
|
|
|
|
|
if($auth->hasIdentity())
|
|
|
|
|
|
{
|
|
|
|
|
|
$user = $auth->getIdentity();
|
|
|
|
|
|
if(isset($user->id))
|
|
|
|
|
|
{
|
|
|
|
|
|
$uid = $user->id;
|
|
|
|
|
|
}
|
|
|
|
|
|
if(isset($user->gid))
|
|
|
|
|
|
{
|
|
|
|
|
|
$gid = $user->gid;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}else{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if($this->Check($uid,$gid,$options) !== true)
|
|
|
|
|
|
{
|
|
|
|
|
|
$request->setModuleName($this->def_auth_mvc['module']);
|
|
|
|
|
|
$request->setControllerName($this->def_auth_mvc['controller']);
|
|
|
|
|
|
$request->setActionName($this->def_auth_mvc['action']);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//检查权限,通用
|
|
|
|
|
|
public function Check($uid,$gid,$options)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($options))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$options = $this->Options($options);
|
|
|
|
|
|
|
|
|
|
|
|
if($options == false)
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$pass = false;
|
|
|
|
|
|
if($this->UAuth($uid,$options) == true)
|
|
|
|
|
|
{
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$pass = false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if($this->GAuth($gid,$options) == true)
|
|
|
|
|
|
{
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$pass = false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if($this->GlobalAuth() == true)
|
|
|
|
|
|
{
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$pass = false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//检查用户权限
|
|
|
|
|
|
private function UAuth($uid,$options)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($uid))
|
|
|
|
|
|
{
|
|
|
|
|
|
if($this->def_UAuth_pass == true)
|
|
|
|
|
|
{
|
|
|
|
|
|
return $this->GlobalAuth();
|
|
|
|
|
|
}else{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$wheresql = array();
|
|
|
|
|
|
|
|
|
|
|
|
$wheresql[] = " uid=$uid ";
|
|
|
|
|
|
|
|
|
|
|
|
foreach($options as $k=>$v)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(!empty($v))
|
|
|
|
|
|
{
|
|
|
|
|
|
$wheresql[] = "$k='".$v."' ";
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$wheresql = join(" AND ",$wheresql);
|
|
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT allow FROM ".$this->tbl_uAuth."
|
|
|
|
|
|
WHERE $wheresql
|
|
|
|
|
|
LIMIT 1";
|
|
|
|
|
|
|
|
|
|
|
|
$sth = $this->db->query($sql);
|
|
|
|
|
|
$row = $sth->fetch();
|
|
|
|
|
|
|
|
|
|
|
|
if( $row['allow'] > 0 )
|
|
|
|
|
|
{
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//检查用户组权限
|
|
|
|
|
|
private function GAuth($gid,$options)
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
|
|
if(empty($gid))
|
|
|
|
|
|
{
|
|
|
|
|
|
return $this->def_GAuth_pass;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$wheresql = array();
|
|
|
|
|
|
|
|
|
|
|
|
$wheresql[] = " gid=$gid ";
|
|
|
|
|
|
|
|
|
|
|
|
foreach($options as $k=>$v)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(!empty($v))
|
|
|
|
|
|
{
|
|
|
|
|
|
$wheresql[] = "$k='".$v."' ";
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$wheresql = join(" AND ",$wheresql);
|
|
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT allow FROM ".$this->tbl_gAuth."
|
|
|
|
|
|
WHERE $wheresql
|
|
|
|
|
|
LIMIT 1";
|
|
|
|
|
|
|
|
|
|
|
|
$sth = $this->db->query($sql);
|
|
|
|
|
|
$row = $sth->fetch();
|
|
|
|
|
|
|
|
|
|
|
|
if( $row['allow'] > 0 )
|
|
|
|
|
|
{
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}else{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//全局权限
|
|
|
|
|
|
private function GlobalAuth()
|
|
|
|
|
|
{
|
|
|
|
|
|
return $this->def_auth_pass;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//过滤Options
|
|
|
|
|
|
private function Options($options)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(!is_array($options))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!isset($options['module']))
|
|
|
|
|
|
{
|
|
|
|
|
|
$options['module'] = "";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!isset($options['controller']))
|
|
|
|
|
|
{
|
|
|
|
|
|
$options['controller'] = "";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!isset($options['action']))
|
|
|
|
|
|
{
|
|
|
|
|
|
$options['action'] = "";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if(!isset($options['special']))
|
|
|
|
|
|
{
|
|
|
|
|
|
$options['special'] = "";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return $options;
|
|
|
|
|
|
|
|
|
|
|
|
}
|
2013-01-25 09:34:52 +00:00
|
|
|
|
|
|
|
|
|
|
//获取用户的组ID
|
|
|
|
|
|
public function getGroup($uid=0){
|
|
|
|
|
|
|
|
|
|
|
|
if(!empty($uid) && is_numeric($uid))
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = "SELECT gid FROM ".$this->tbl_userToGroup." WHERE uid=$uid";
|
|
|
|
|
|
$rs = $this->db->query($sql);
|
|
|
|
|
|
$row = $rs->fetch();
|
|
|
|
|
|
return $row['gid'];
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$select = $this->db->select();
|
|
|
|
|
|
return $select ->from($this->tbl_group)
|
|
|
|
|
|
->order('groups.id desc');
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}
|
2013-01-24 09:33:42 +00:00
|
|
|
|
|
2013-01-16 08:09:14 +00:00
|
|
|
|
//获取组名
|
|
|
|
|
|
public function getGroupName($gid){
|
|
|
|
|
|
|
|
|
|
|
|
if(!is_numeric($gid))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT * FROM ".$this->tbl_group." WHERE id=$gid";
|
|
|
|
|
|
$rs = $this->db->query($sql);
|
|
|
|
|
|
$row = $rs->fetch();
|
|
|
|
|
|
|
|
|
|
|
|
return $row['name'];
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//创建用户组
|
|
|
|
|
|
public function CreateGroup($name){
|
|
|
|
|
|
|
|
|
|
|
|
$groupTable = $this->tbl_group;
|
|
|
|
|
|
|
|
|
|
|
|
if(empty($name))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$data = array(
|
|
|
|
|
|
"name" => $name
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
return $this->db->insert($groupTable,$data);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//把用户移动到组
|
|
|
|
|
|
public function AddTo($uid,$gid){
|
|
|
|
|
|
|
|
|
|
|
|
if(!is_numeric($uid) || !is_numeric($gid))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT * FROM ".$this->tbl_userToGroup." WHERE uid=? AND gid=?";
|
|
|
|
|
|
|
|
|
|
|
|
$sth = $this->db->prepare($sql);
|
|
|
|
|
|
|
|
|
|
|
|
$sth->execute(array($uid,$gid));
|
|
|
|
|
|
|
|
|
|
|
|
$row = $sth->fetch();
|
|
|
|
|
|
|
|
|
|
|
|
if(!empty($row['ts_created']))
|
|
|
|
|
|
{
|
|
|
|
|
|
$data = array(
|
|
|
|
|
|
"uid"=>$uid,
|
|
|
|
|
|
"gid"=>$gid
|
|
|
|
|
|
);
|
|
|
|
|
|
$whereSql = " uid=$uid AND gid=$gid ";
|
|
|
|
|
|
return $this->db->update($this->tbl_userToGroup,$data,$whereSql);
|
|
|
|
|
|
}else{
|
|
|
|
|
|
$data = array(
|
|
|
|
|
|
"uid"=>$uid,
|
|
|
|
|
|
"gid"=>$gid
|
|
|
|
|
|
);
|
|
|
|
|
|
return $this->db->insert($this->tbl_userToGroup,$data);
|
|
|
|
|
|
}
|
2013-01-25 09:34:52 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//初始化所有权限
|
|
|
|
|
|
public function _initAuth()
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->AuthResource = array(
|
|
|
|
|
|
"default" => array(
|
|
|
|
|
|
"data"=> array(
|
|
|
|
|
|
"index","view"
|
|
|
|
|
|
)
|
|
|
|
|
|
),
|
|
|
|
|
|
"admin"=>array(
|
|
|
|
|
|
"data"=>array("index"),
|
|
|
|
|
|
"user"=>array("index","auth","group")
|
|
|
|
|
|
)
|
|
|
|
|
|
);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-02-27 08:55:56 +00:00
|
|
|
|
//获得用户的权限
|
|
|
|
|
|
public function UAuthFetch($uid)
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = "SELECT * FROM ".$this->tbl_uAuth." WHERE uid=$uid
|
|
|
|
|
|
ORDER BY module ASC,controller ASC,action ASC,id DESC";
|
|
|
|
|
|
$rs = $this->db->query($sql);
|
|
|
|
|
|
$rows = $rs->fetchAll();
|
|
|
|
|
|
return $rows;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-01-25 09:34:52 +00:00
|
|
|
|
//给用户添加权限
|
2013-02-27 08:55:56 +00:00
|
|
|
|
public function UAuthAdd($uid,$options,$allow)
|
2013-01-25 09:34:52 +00:00
|
|
|
|
{
|
2013-02-06 03:47:22 +00:00
|
|
|
|
foreach($options as $k=>$v)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($v))
|
|
|
|
|
|
{
|
|
|
|
|
|
unset($options[$k]);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-02-27 08:55:56 +00:00
|
|
|
|
$options['uid'] = $uid;
|
|
|
|
|
|
$options['allow'] = $allow;
|
|
|
|
|
|
|
|
|
|
|
|
return $this->db->insert($this->tbl_uAuth,$options);
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//删除用户权限
|
|
|
|
|
|
public function UAuthDel($id,$uid=0)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($uid))
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = "DELETE FROM ".$this->tbl_uAuth." WHERE id=$id";
|
|
|
|
|
|
return $this->db->exec($sql);
|
|
|
|
|
|
}else if ($id<0 && $uid>0){
|
|
|
|
|
|
$sql = "DELETE FROM ".$this->tbl_uAuth." WHERE uid=$uid";
|
|
|
|
|
|
return $this->db->exec($sql);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//权限克隆
|
|
|
|
|
|
public function AuthClone($uid,$target)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($uid) || empty($target))
|
|
|
|
|
|
{
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$permission = $this->UAuthFetch($uid);
|
|
|
|
|
|
|
|
|
|
|
|
$cc = 0;
|
|
|
|
|
|
|
|
|
|
|
|
foreach($permission as $k=>$v)
|
|
|
|
|
|
{
|
|
|
|
|
|
$options = $this->Options($permission[$k]);
|
|
|
|
|
|
$sql = "INSERT INTO ".$this->tbl_uAuth."
|
|
|
|
|
|
(uid,module,controller,action,special,allow)
|
|
|
|
|
|
VALUES
|
|
|
|
|
|
($target,'{$options['module']}','{$options['controller']}','{$options['action']}','{$options['special']}',{$v['allow']})
|
|
|
|
|
|
";
|
|
|
|
|
|
if($this->db->exec($sql))
|
|
|
|
|
|
{
|
|
|
|
|
|
$cc++;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2013-02-06 03:47:22 +00:00
|
|
|
|
|
2013-02-27 08:55:56 +00:00
|
|
|
|
return $cc;
|
2013-01-25 09:34:52 +00:00
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-03-01 09:12:26 +00:00
|
|
|
|
//获得组的权限
|
|
|
|
|
|
public function GAuthFetch($gid)
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = "SELECT * FROM ".$this->tbl_gAuth." WHERE gid=$gid
|
|
|
|
|
|
ORDER BY module ASC,controller ASC,action ASC,id DESC";
|
|
|
|
|
|
$rs = $this->db->query($sql);
|
|
|
|
|
|
$rows = $rs->fetchAll();
|
|
|
|
|
|
return $rows;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-01-25 09:34:52 +00:00
|
|
|
|
//给用户组添加权限
|
2013-03-01 09:12:26 +00:00
|
|
|
|
public function GAuthAdd($gid,$options,$allow)
|
2013-01-25 09:34:52 +00:00
|
|
|
|
{
|
2013-03-01 09:12:26 +00:00
|
|
|
|
foreach($options as $k=>$v)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($v))
|
|
|
|
|
|
{
|
|
|
|
|
|
unset($options[$k]);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$options['gid'] = $gid;
|
|
|
|
|
|
$options['allow'] = $allow;
|
2013-01-16 08:09:14 +00:00
|
|
|
|
|
2013-03-01 09:12:26 +00:00
|
|
|
|
return $this->db->insert($this->tbl_gAuth,$options);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//删除组权限
|
|
|
|
|
|
public function GAuthDel($id,$gid=0)
|
|
|
|
|
|
{
|
|
|
|
|
|
if(empty($gid))
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = "DELETE FROM ".$this->tbl_gAuth." WHERE id=$id";
|
|
|
|
|
|
return $this->db->exec($sql);
|
|
|
|
|
|
}else if ($id<0 && $uid>0){
|
|
|
|
|
|
$sql = "DELETE FROM ".$this->tbl_gAuth." WHERE gid=$gid";
|
|
|
|
|
|
return $this->db->exec($sql);
|
|
|
|
|
|
}
|
2013-01-16 08:09:14 +00:00
|
|
|
|
}
|
2013-03-15 04:16:07 +00:00
|
|
|
|
|
|
|
|
|
|
//获得某个用户的所有信息
|
|
|
|
|
|
public function getUserInfo($id)
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = "SELECT * FROM ".$this->tbl_user. " WHERE id=$id";
|
|
|
|
|
|
$rs = $this->db->query($sql);
|
|
|
|
|
|
$row = $rs->fetch();
|
|
|
|
|
|
return $row;
|
|
|
|
|
|
}
|
2013-01-16 08:09:14 +00:00
|
|
|
|
|
|
|
|
|
|
}
|
