'default', 'controller'=>'error', 'action'=> 'authority' ); //所有权限 public $AuthResource = NULL; //资源 function __construct($db,Zend_Auth $auth=NULL) { $this->db = $db; $this->auth = $auth; } //检查权限,仅在MVC模式中使用 public function CheckInMvc(Zend_Auth $auth,Zend_Controller_Request_Abstract $request,$special=""){ if(empty($auth) || empty($request)) { return false; } $options = array( 'module' => $request->getModuleName(), 'controller' => $request->getControllerName(), 'action' => $request->getActionName(), 'special' => $special ); //echo "
";var_dump($options);echo "";exit(); $uid = 0; $gid = 0; if($auth->hasIdentity()) { $user = $auth->getIdentity(); if(isset($user->id)) { $uid = $user->id; } if(isset($user->gid)) { $gid = $user->gid; } }else{ return false; } if($this->Check($uid,$gid,$options) !== true) { $request->setModuleName($this->def_auth_mvc['module']); $request->setControllerName($this->def_auth_mvc['controller']); $request->setActionName($this->def_auth_mvc['action']); } return false; } //检查权限,通用 public function Check($uid,$gid,$options) { if(empty($options)) { return false; } $options = $this->Options($options); if($options == false) { return false; } $pass = false; if($this->UAuth($uid,$options) == true) { return true; }else{ $pass = false; } if($this->GAuth($gid,$options) == true) { return true; }else{ $pass = false; } if($this->GlobalAuth() == true) { return true; }else{ $pass = false; } return false; } //检查用户权限 private function UAuth($uid,$options) { if(empty($uid)) { if($this->def_UAuth_pass == true) { return $this->GlobalAuth(); }else{ return false; } } $wheresql = array(); $wheresql[] = " uid=$uid "; foreach($options as $k=>$v) { if(!empty($v)) { $wheresql[] = "$k='".$v."' "; } } $wheresql = join(" AND ",$wheresql); $sql = "SELECT allow FROM ".$this->tbl_uAuth." WHERE $wheresql LIMIT 1"; $sth = $this->db->query($sql); $row = $sth->fetch(); if( $row['allow'] > 0 ) { return true; }else{ return false; } } //检查用户组权限 private function GAuth($gid,$options) { if(empty($gid)) { return $this->def_GAuth_pass; } $wheresql = array(); $wheresql[] = " gid=$gid "; foreach($options as $k=>$v) { if(!empty($v)) { $wheresql[] = "$k='".$v."' "; } } $wheresql = join(" AND ",$wheresql); $sql = "SELECT allow FROM ".$this->tbl_gAuth." WHERE $wheresql LIMIT 1"; $sth = $this->db->query($sql); $row = $sth->fetch(); if( $row['allow'] > 0 ) { return true; }else{ return false; } } //全局权限 private function GlobalAuth() { return $this->def_auth_pass; } //过滤Options private function Options($options) { if(!is_array($options)) { return false; } if(!isset($options['module'])) { $options['module'] = ""; } if(!isset($options['controller'])) { $options['controller'] = ""; } if(!isset($options['action'])) { $options['action'] = ""; } if(!isset($options['special'])) { $options['special'] = ""; } return $options; } //获取用户的组ID public function getGroup($uid=0){ if(!empty($uid) && is_numeric($uid)) { $sql = "SELECT gid FROM ".$this->tbl_userToGroup." WHERE uid=$uid"; $rs = $this->db->query($sql); $row = $rs->fetch(); return $row['gid']; }else{ $select = $this->db->select(); return $select ->from($this->tbl_group) ->order('groups.id desc'); } } //获取组名 public function getGroupName($gid){ if(!is_numeric($gid)) { return false; } $sql = "SELECT * FROM ".$this->tbl_group." WHERE id=$gid"; $rs = $this->db->query($sql); $row = $rs->fetch(); return $row['name']; } //创建用户组 public function CreateGroup($name){ $groupTable = $this->tbl_group; if(empty($name)) { return false; } $data = array( "name" => $name ); return $this->db->insert($groupTable,$data); } //把用户移动到组 public function AddTo($uid,$gid){ if(!is_numeric($uid) || !is_numeric($gid)) { return false; } $sql = "SELECT * FROM ".$this->tbl_userToGroup." WHERE uid=? AND gid=?"; $sth = $this->db->prepare($sql); $sth->execute(array($uid,$gid)); $row = $sth->fetch(); if(!empty($row['ts_created'])) { $data = array( "uid"=>$uid, "gid"=>$gid ); $whereSql = " uid=$uid AND gid=$gid "; return $this->db->update($this->tbl_userToGroup,$data,$whereSql); }else{ $data = array( "uid"=>$uid, "gid"=>$gid ); return $this->db->insert($this->tbl_userToGroup,$data); } } //初始化所有权限 public function _initAuth() { $this->AuthResource = array( "default" => array( "data"=> array( "index","view" ) ), "admin"=>array( "data"=>array("index"), "user"=>array("index","auth","group") ) ); } //获得用户的权限 public function UAuthFetch($uid) { $sql = "SELECT * FROM ".$this->tbl_uAuth." WHERE uid=$uid ORDER BY module ASC,controller ASC,action ASC,id DESC"; $rs = $this->db->query($sql); $rows = $rs->fetchAll(); return $rows; } //给用户添加权限 public function UAuthAdd($uid,$options,$allow) { foreach($options as $k=>$v) { if(empty($v)) { unset($options[$k]); } } $options['uid'] = $uid; $options['allow'] = $allow; return $this->db->insert($this->tbl_uAuth,$options); } //删除用户权限 public function UAuthDel($id,$uid=0) { if(empty($uid)) { $sql = "DELETE FROM ".$this->tbl_uAuth." WHERE id=$id"; return $this->db->exec($sql); }else if ($id<0 && $uid>0){ $sql = "DELETE FROM ".$this->tbl_uAuth." WHERE uid=$uid"; return $this->db->exec($sql); } } //权限克隆 public function AuthClone($uid,$target) { if(empty($uid) || empty($target)) { return false; } $permission = $this->UAuthFetch($uid); $cc = 0; foreach($permission as $k=>$v) { $options = $this->Options($permission[$k]); $sql = "INSERT INTO ".$this->tbl_uAuth." (uid,module,controller,action,special,allow) VALUES ($target,'{$options['module']}','{$options['controller']}','{$options['action']}','{$options['special']}',{$v['allow']}) "; if($this->db->exec($sql)) { $cc++; } } return $cc; } //获得组的权限 public function GAuthFetch($gid) { $sql = "SELECT * FROM ".$this->tbl_gAuth." WHERE gid=$gid ORDER BY module ASC,controller ASC,action ASC,id DESC"; $rs = $this->db->query($sql); $rows = $rs->fetchAll(); return $rows; } //给用户组添加权限 public function GAuthAdd($gid,$options,$allow) { foreach($options as $k=>$v) { if(empty($v)) { unset($options[$k]); } } $options['gid'] = $gid; $options['allow'] = $allow; return $this->db->insert($this->tbl_gAuth,$options); } //删除组权限 public function GAuthDel($id,$gid=0) { if(empty($gid)) { $sql = "DELETE FROM ".$this->tbl_gAuth." WHERE id=$id"; return $this->db->exec($sql); }else if ($id<0 && $uid>0){ $sql = "DELETE FROM ".$this->tbl_gAuth." WHERE gid=$gid"; return $this->db->exec($sql); } } }