357 lines
6.3 KiB
PHP
357 lines
6.3 KiB
PHP
<?php
|
||
/**
|
||
* Users 用户相关操作
|
||
* Users($db,Zend_Auth::getInstance())
|
||
*/
|
||
|
||
class Users extends Zend_Controller_Plugin_Abstract
|
||
{
|
||
|
||
private $db; //传入PDO对象.
|
||
private $auth = NULL; //Zend_Auth 对象
|
||
|
||
//使用到的公共变量
|
||
public $tbl_user = "users";
|
||
public $tbl_group = "groups";
|
||
public $tbl_userToGroup = "usergroup";
|
||
public $tbl_uAuth = "userauth";
|
||
public $tbl_gAuth = "groupauth";
|
||
|
||
//权限配置
|
||
private $def_auth_pass = false; //全局权限
|
||
private $def_GAuth_pass = true; //当用户没有组信息时是否承认他的个人权限
|
||
private $def_UAuth_pass = false; //当用户不存在时是否匹配全局权限
|
||
|
||
//默认权限控制器
|
||
private $def_auth_mvc = array(
|
||
'module' => 'default',
|
||
'controller'=>'error',
|
||
'action'=> 'authority'
|
||
);
|
||
|
||
//所有权限
|
||
public $AuthResource = NULL; //资源
|
||
|
||
function __construct($db,Zend_Auth $auth=NULL)
|
||
{
|
||
$this->db = $db;
|
||
$this->auth = $auth;
|
||
}
|
||
|
||
//检查权限,仅在MVC模式中使用
|
||
public function CheckInMvc(Zend_Auth $auth,Zend_Controller_Request_Abstract $request,$special=""){
|
||
|
||
if(empty($auth) || empty($request))
|
||
{
|
||
return false;
|
||
}
|
||
|
||
$options = array(
|
||
'module' => $request->getModuleName(),
|
||
'controller' => $request->getControllerName(),
|
||
'action' => $request->getActionName(),
|
||
'special' => $special
|
||
);
|
||
//echo "<pre>";var_dump($options);echo "</pre>";exit();
|
||
|
||
$uid = 0;
|
||
$gid = 0;
|
||
|
||
if($auth->hasIdentity())
|
||
{
|
||
$user = $auth->getIdentity();
|
||
if(isset($user->id))
|
||
{
|
||
$uid = $user->id;
|
||
}
|
||
if(isset($user->gid))
|
||
{
|
||
$gid = $user->gid;
|
||
}
|
||
|
||
}else{
|
||
return false;
|
||
}
|
||
|
||
if($this->Check($uid,$gid,$options) !== true)
|
||
{
|
||
$request->setModuleName($this->def_auth_mvc['module']);
|
||
$request->setControllerName($this->def_auth_mvc['controller']);
|
||
$request->setActionName($this->def_auth_mvc['action']);
|
||
}
|
||
|
||
return false;
|
||
}
|
||
|
||
//检查权限,通用
|
||
public function Check($uid,$gid,$options)
|
||
{
|
||
if(empty($options))
|
||
{
|
||
return false;
|
||
}
|
||
|
||
$options = $this->Options($options);
|
||
|
||
if($options == false)
|
||
{
|
||
return false;
|
||
}
|
||
|
||
$pass = false;
|
||
if($this->UAuth($uid,$options) == true)
|
||
{
|
||
return true;
|
||
}else{
|
||
$pass = false;
|
||
}
|
||
|
||
if($this->GAuth($gid,$options) == true)
|
||
{
|
||
return true;
|
||
}else{
|
||
$pass = false;
|
||
}
|
||
|
||
if($this->GlobalAuth() == true)
|
||
{
|
||
return true;
|
||
}else{
|
||
$pass = false;
|
||
}
|
||
|
||
return false;
|
||
}
|
||
|
||
//检查用户权限
|
||
private function UAuth($uid,$options)
|
||
{
|
||
if(empty($uid))
|
||
{
|
||
if($this->def_UAuth_pass == true)
|
||
{
|
||
return $this->GlobalAuth();
|
||
}else{
|
||
return false;
|
||
}
|
||
}
|
||
|
||
$wheresql = array();
|
||
|
||
$wheresql[] = " uid=$uid ";
|
||
|
||
foreach($options as $k=>$v)
|
||
{
|
||
if(!empty($v))
|
||
{
|
||
$wheresql[] = "$k='".$v."' ";
|
||
}
|
||
}
|
||
|
||
$wheresql = join(" AND ",$wheresql);
|
||
|
||
$sql = "SELECT allow FROM ".$this->tbl_uAuth."
|
||
WHERE $wheresql
|
||
LIMIT 1";
|
||
|
||
$sth = $this->db->query($sql);
|
||
$row = $sth->fetch();
|
||
|
||
if( $row['allow'] > 0 )
|
||
{
|
||
return true;
|
||
}else{
|
||
return false;
|
||
}
|
||
|
||
}
|
||
|
||
//检查用户组权限
|
||
private function GAuth($gid,$options)
|
||
{
|
||
|
||
if(empty($gid))
|
||
{
|
||
return $this->def_GAuth_pass;
|
||
}
|
||
|
||
$wheresql = array();
|
||
|
||
$wheresql[] = " gid=$gid ";
|
||
|
||
foreach($options as $k=>$v)
|
||
{
|
||
if(!empty($v))
|
||
{
|
||
$wheresql[] = "$k='".$v."' ";
|
||
}
|
||
}
|
||
|
||
$wheresql = join(" AND ",$wheresql);
|
||
|
||
$sql = "SELECT allow FROM ".$this->tbl_gAuth."
|
||
WHERE $wheresql
|
||
LIMIT 1";
|
||
|
||
$sth = $this->db->query($sql);
|
||
$row = $sth->fetch();
|
||
|
||
if( $row['allow'] > 0 )
|
||
{
|
||
return true;
|
||
}else{
|
||
return false;
|
||
}
|
||
}
|
||
|
||
//全局权限
|
||
private function GlobalAuth()
|
||
{
|
||
return $this->def_auth_pass;
|
||
}
|
||
|
||
//过滤Options
|
||
private function Options($options)
|
||
{
|
||
if(!is_array($options))
|
||
{
|
||
return false;
|
||
}
|
||
|
||
if(!isset($options['module']))
|
||
{
|
||
$options['module'] = "";
|
||
}
|
||
|
||
if(!isset($options['controller']))
|
||
{
|
||
$options['controller'] = "";
|
||
}
|
||
|
||
if(!isset($options['action']))
|
||
{
|
||
$options['action'] = "";
|
||
}
|
||
|
||
if(!isset($options['special']))
|
||
{
|
||
$options['special'] = "";
|
||
}
|
||
|
||
return $options;
|
||
|
||
}
|
||
|
||
//获取用户的组ID
|
||
public function getGroup($uid=0){
|
||
|
||
if(!empty($uid) && is_numeric($uid))
|
||
{
|
||
$sql = "SELECT gid FROM ".$this->tbl_userToGroup." WHERE uid=$uid";
|
||
$rs = $this->db->query($sql);
|
||
$row = $rs->fetch();
|
||
return $row['gid'];
|
||
}else{
|
||
$select = $this->db->select();
|
||
return $select ->from($this->tbl_group)
|
||
->order('groups.id desc');
|
||
}
|
||
|
||
}
|
||
|
||
//获取组名
|
||
public function getGroupName($gid){
|
||
|
||
if(!is_numeric($gid))
|
||
{
|
||
return false;
|
||
}
|
||
|
||
$sql = "SELECT * FROM ".$this->tbl_group." WHERE id=$gid";
|
||
$rs = $this->db->query($sql);
|
||
$row = $rs->fetch();
|
||
|
||
return $row['name'];
|
||
|
||
}
|
||
|
||
//创建用户组
|
||
public function CreateGroup($name){
|
||
|
||
$groupTable = $this->tbl_group;
|
||
|
||
if(empty($name))
|
||
{
|
||
return false;
|
||
}
|
||
|
||
$data = array(
|
||
"name" => $name
|
||
);
|
||
|
||
return $this->db->insert($groupTable,$data);
|
||
}
|
||
|
||
//把用户移动到组
|
||
public function AddTo($uid,$gid){
|
||
|
||
if(!is_numeric($uid) || !is_numeric($gid))
|
||
{
|
||
return false;
|
||
}
|
||
|
||
$sql = "SELECT * FROM ".$this->tbl_userToGroup." WHERE uid=? AND gid=?";
|
||
|
||
$sth = $this->db->prepare($sql);
|
||
|
||
$sth->execute(array($uid,$gid));
|
||
|
||
$row = $sth->fetch();
|
||
|
||
if(!empty($row['ts_created']))
|
||
{
|
||
$data = array(
|
||
"uid"=>$uid,
|
||
"gid"=>$gid
|
||
);
|
||
$whereSql = " uid=$uid AND gid=$gid ";
|
||
return $this->db->update($this->tbl_userToGroup,$data,$whereSql);
|
||
}else{
|
||
$data = array(
|
||
"uid"=>$uid,
|
||
"gid"=>$gid
|
||
);
|
||
return $this->db->insert($this->tbl_userToGroup,$data);
|
||
}
|
||
}
|
||
|
||
//初始化所有权限
|
||
public function _initAuth()
|
||
{
|
||
$this->AuthResource = array(
|
||
"default" => array(
|
||
"data"=> array(
|
||
"index","view"
|
||
)
|
||
),
|
||
"admin"=>array(
|
||
"data"=>array("index"),
|
||
"user"=>array("index","auth","group")
|
||
)
|
||
);
|
||
}
|
||
|
||
//给用户添加权限
|
||
public function UAuthAdd($uid,$options)
|
||
{
|
||
|
||
}
|
||
|
||
//给用户组添加权限
|
||
public function GAuthAdd($gid,$options)
|
||
{
|
||
|
||
}
|
||
|
||
}
|