westdc-zf1/application/models/Users.php

456 lines
8.5 KiB
PHP
Raw Normal View History

<?php
/**
* Users 用户相关操作
2013-01-24 09:33:42 +00:00
* Users($db,Zend_Auth::getInstance())
*/
2013-01-24 09:33:42 +00:00
class Users extends Zend_Controller_Plugin_Abstract
{
2013-01-24 09:33:42 +00:00
private $db; //传入PDO对象.
private $auth = NULL; //Zend_Auth 对象
//使用到的公共变量
public $tbl_user = "users";
public $tbl_group = "groups";
public $tbl_userToGroup = "usergroup";
2013-01-24 09:33:42 +00:00
public $tbl_uAuth = "userauth";
public $tbl_gAuth = "groupauth";
//权限配置
private $def_auth_pass = false; //全局权限
private $def_GAuth_pass = true; //当用户没有组信息时是否承认他的个人权限
private $def_UAuth_pass = false; //当用户不存在时是否匹配全局权限
2013-01-24 09:33:42 +00:00
//默认权限控制器
private $def_auth_mvc = array(
'module' => 'default',
'controller'=>'error',
'action'=> 'authority'
);
//所有权限
public $AuthResource = NULL; //资源
2013-01-24 09:33:42 +00:00
function __construct($db,Zend_Auth $auth=NULL)
{
$this->db = $db;
2013-01-24 09:33:42 +00:00
$this->auth = $auth;
}
2013-01-24 09:33:42 +00:00
//检查权限仅在MVC模式中使用
public function CheckInMvc(Zend_Auth $auth,Zend_Controller_Request_Abstract $request,$special=""){
if(empty($auth) || empty($request))
{
return false;
}
$options = array(
'module' => $request->getModuleName(),
'controller' => $request->getControllerName(),
'action' => $request->getActionName(),
'special' => $special
);
//echo "<pre>";var_dump($options);echo "</pre>";exit();
$uid = 0;
$gid = 0;
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
if(isset($user->id))
{
$uid = $user->id;
}
if(isset($user->gid))
{
$gid = $user->gid;
}
}else{
return false;
}
if($this->Check($uid,$gid,$options) !== true)
{
$request->setModuleName($this->def_auth_mvc['module']);
$request->setControllerName($this->def_auth_mvc['controller']);
$request->setActionName($this->def_auth_mvc['action']);
}
return false;
}
//检查权限,通用
public function Check($uid,$gid,$options)
{
if(empty($options))
{
return false;
}
$options = $this->Options($options);
if($options == false)
{
return false;
}
$pass = false;
if($this->UAuth($uid,$options) == true)
{
return true;
}else{
$pass = false;
}
if($this->GAuth($gid,$options) == true)
{
return true;
}else{
$pass = false;
}
if($this->GlobalAuth() == true)
{
return true;
}else{
$pass = false;
}
return false;
}
//检查用户权限
private function UAuth($uid,$options)
{
if(empty($uid))
{
if($this->def_UAuth_pass == true)
{
return $this->GlobalAuth();
}else{
return false;
}
}
$wheresql = array();
$wheresql[] = " uid=$uid ";
foreach($options as $k=>$v)
{
if(!empty($v))
{
$wheresql[] = "$k='".$v."' ";
}
}
$wheresql = join(" AND ",$wheresql);
$sql = "SELECT allow FROM ".$this->tbl_uAuth."
WHERE $wheresql
LIMIT 1";
$sth = $this->db->query($sql);
$row = $sth->fetch();
if( $row['allow'] > 0 )
{
return true;
}else{
return false;
}
}
//检查用户组权限
private function GAuth($gid,$options)
{
if(empty($gid))
{
return $this->def_GAuth_pass;
}
$wheresql = array();
$wheresql[] = " gid=$gid ";
foreach($options as $k=>$v)
{
if(!empty($v))
{
$wheresql[] = "$k='".$v."' ";
}
}
$wheresql = join(" AND ",$wheresql);
$sql = "SELECT allow FROM ".$this->tbl_gAuth."
WHERE $wheresql
LIMIT 1";
$sth = $this->db->query($sql);
$row = $sth->fetch();
if( $row['allow'] > 0 )
{
return true;
}else{
return false;
}
}
//全局权限
private function GlobalAuth()
{
return $this->def_auth_pass;
}
//过滤Options
private function Options($options)
{
if(!is_array($options))
{
return false;
}
if(!isset($options['module']))
{
$options['module'] = "";
}
if(!isset($options['controller']))
{
$options['controller'] = "";
}
if(!isset($options['action']))
{
$options['action'] = "";
}
if(!isset($options['special']))
{
$options['special'] = "";
}
return $options;
}
//获取用户的组ID
public function getGroup($uid=0){
if(!empty($uid) && is_numeric($uid))
{
$sql = "SELECT gid FROM ".$this->tbl_userToGroup." WHERE uid=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
return $row['gid'];
}else{
$select = $this->db->select();
return $select ->from($this->tbl_group)
->order('groups.id desc');
}
}
2013-01-24 09:33:42 +00:00
//获取组名
public function getGroupName($gid){
if(!is_numeric($gid))
{
return false;
}
$sql = "SELECT * FROM ".$this->tbl_group." WHERE id=$gid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
return $row['name'];
}
//创建用户组
public function CreateGroup($name){
$groupTable = $this->tbl_group;
if(empty($name))
{
return false;
}
$data = array(
"name" => $name
);
return $this->db->insert($groupTable,$data);
}
//把用户移动到组
public function AddTo($uid,$gid){
if(!is_numeric($uid) || !is_numeric($gid))
{
return false;
}
$sql = "SELECT * FROM ".$this->tbl_userToGroup." WHERE uid=? AND gid=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($uid,$gid));
$row = $sth->fetch();
if(!empty($row['ts_created']))
{
$data = array(
"uid"=>$uid,
"gid"=>$gid
);
$whereSql = " uid=$uid AND gid=$gid ";
return $this->db->update($this->tbl_userToGroup,$data,$whereSql);
}else{
$data = array(
"uid"=>$uid,
"gid"=>$gid
);
return $this->db->insert($this->tbl_userToGroup,$data);
}
}
//初始化所有权限
public function _initAuth()
{
$this->AuthResource = array(
"default" => array(
"data"=> array(
"index","view"
)
),
"admin"=>array(
"data"=>array("index"),
"user"=>array("index","auth","group")
)
);
}
2013-02-27 08:55:56 +00:00
//获得用户的权限
public function UAuthFetch($uid)
{
$sql = "SELECT * FROM ".$this->tbl_uAuth." WHERE uid=$uid
ORDER BY module ASC,controller ASC,action ASC,id DESC";
$rs = $this->db->query($sql);
$rows = $rs->fetchAll();
return $rows;
}
//给用户添加权限
2013-02-27 08:55:56 +00:00
public function UAuthAdd($uid,$options,$allow)
{
2013-02-06 03:47:22 +00:00
foreach($options as $k=>$v)
{
if(empty($v))
{
unset($options[$k]);
}
}
2013-02-27 08:55:56 +00:00
$options['uid'] = $uid;
$options['allow'] = $allow;
return $this->db->insert($this->tbl_uAuth,$options);
}
//删除用户权限
public function UAuthDel($id,$uid=0)
{
if(empty($uid))
{
$sql = "DELETE FROM ".$this->tbl_uAuth." WHERE id=$id";
return $this->db->exec($sql);
}else if ($id<0 && $uid>0){
$sql = "DELETE FROM ".$this->tbl_uAuth." WHERE uid=$uid";
return $this->db->exec($sql);
}
}
//权限克隆
public function AuthClone($uid,$target)
{
if(empty($uid) || empty($target))
{
return false;
}
$permission = $this->UAuthFetch($uid);
$cc = 0;
foreach($permission as $k=>$v)
{
$options = $this->Options($permission[$k]);
$sql = "INSERT INTO ".$this->tbl_uAuth."
(uid,module,controller,action,special,allow)
VALUES
($target,'{$options['module']}','{$options['controller']}','{$options['action']}','{$options['special']}',{$v['allow']})
";
if($this->db->exec($sql))
{
$cc++;
}
}
2013-02-06 03:47:22 +00:00
2013-02-27 08:55:56 +00:00
return $cc;
}
2013-03-01 09:12:26 +00:00
//获得组的权限
public function GAuthFetch($gid)
{
$sql = "SELECT * FROM ".$this->tbl_gAuth." WHERE gid=$gid
ORDER BY module ASC,controller ASC,action ASC,id DESC";
$rs = $this->db->query($sql);
$rows = $rs->fetchAll();
return $rows;
}
//给用户组添加权限
2013-03-01 09:12:26 +00:00
public function GAuthAdd($gid,$options,$allow)
{
2013-03-01 09:12:26 +00:00
foreach($options as $k=>$v)
{
if(empty($v))
{
unset($options[$k]);
}
}
$options['gid'] = $gid;
$options['allow'] = $allow;
2013-03-01 09:12:26 +00:00
return $this->db->insert($this->tbl_gAuth,$options);
}
//删除组权限
public function GAuthDel($id,$gid=0)
{
if(empty($gid))
{
$sql = "DELETE FROM ".$this->tbl_gAuth." WHERE id=$id";
return $this->db->exec($sql);
}else if ($id<0 && $uid>0){
$sql = "DELETE FROM ".$this->tbl_gAuth." WHERE gid=$gid";
return $this->db->exec($sql);
}
}
}