westdc-zf1/application/models/Users.php

357 lines
6.3 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/**
* Users 用户相关操作
* Users($db,Zend_Auth::getInstance())
*/
class Users extends Zend_Controller_Plugin_Abstract
{
private $db; //传入PDO对象.
private $auth = NULL; //Zend_Auth 对象
//使用到的公共变量
public $tbl_user = "users";
public $tbl_group = "groups";
public $tbl_userToGroup = "usergroup";
public $tbl_uAuth = "userauth";
public $tbl_gAuth = "groupauth";
//权限配置
private $def_auth_pass = false; //全局权限
private $def_GAuth_pass = true; //当用户没有组信息时是否承认他的个人权限
private $def_UAuth_pass = false; //当用户不存在时是否匹配全局权限
//默认权限控制器
private $def_auth_mvc = array(
'module' => 'default',
'controller'=>'error',
'action'=> 'authority'
);
//所有权限
public $AuthResource = NULL; //资源
function __construct($db,Zend_Auth $auth=NULL)
{
$this->db = $db;
$this->auth = $auth;
}
//检查权限仅在MVC模式中使用
public function CheckInMvc(Zend_Auth $auth,Zend_Controller_Request_Abstract $request,$special=""){
if(empty($auth) || empty($request))
{
return false;
}
$options = array(
'module' => $request->getModuleName(),
'controller' => $request->getControllerName(),
'action' => $request->getActionName(),
'special' => $special
);
//echo "<pre>";var_dump($options);echo "</pre>";exit();
$uid = 0;
$gid = 0;
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
if(isset($user->id))
{
$uid = $user->id;
}
if(isset($user->gid))
{
$gid = $user->gid;
}
}else{
return false;
}
if($this->Check($uid,$gid,$options) !== true)
{
$request->setModuleName($this->def_auth_mvc['module']);
$request->setControllerName($this->def_auth_mvc['controller']);
$request->setActionName($this->def_auth_mvc['action']);
}
return false;
}
//检查权限,通用
public function Check($uid,$gid,$options)
{
if(empty($options))
{
return false;
}
$options = $this->Options($options);
if($options == false)
{
return false;
}
$pass = false;
if($this->UAuth($uid,$options) == true)
{
return true;
}else{
$pass = false;
}
if($this->GAuth($gid,$options) == true)
{
return true;
}else{
$pass = false;
}
if($this->GlobalAuth() == true)
{
return true;
}else{
$pass = false;
}
return false;
}
//检查用户权限
private function UAuth($uid,$options)
{
if(empty($uid))
{
if($this->def_UAuth_pass == true)
{
return $this->GlobalAuth();
}else{
return false;
}
}
$wheresql = array();
$wheresql[] = " uid=$uid ";
foreach($options as $k=>$v)
{
if(!empty($v))
{
$wheresql[] = "$k='".$v."' ";
}
}
$wheresql = join(" AND ",$wheresql);
$sql = "SELECT allow FROM ".$this->tbl_uAuth."
WHERE $wheresql
LIMIT 1";
$sth = $this->db->query($sql);
$row = $sth->fetch();
if( $row['allow'] > 0 )
{
return true;
}else{
return false;
}
}
//检查用户组权限
private function GAuth($gid,$options)
{
if(empty($gid))
{
return $this->def_GAuth_pass;
}
$wheresql = array();
$wheresql[] = " gid=$gid ";
foreach($options as $k=>$v)
{
if(!empty($v))
{
$wheresql[] = "$k='".$v."' ";
}
}
$wheresql = join(" AND ",$wheresql);
$sql = "SELECT allow FROM ".$this->tbl_gAuth."
WHERE $wheresql
LIMIT 1";
$sth = $this->db->query($sql);
$row = $sth->fetch();
if( $row['allow'] > 0 )
{
return true;
}else{
return false;
}
}
//全局权限
private function GlobalAuth()
{
return $this->def_auth_pass;
}
//过滤Options
private function Options($options)
{
if(!is_array($options))
{
return false;
}
if(!isset($options['module']))
{
$options['module'] = "";
}
if(!isset($options['controller']))
{
$options['controller'] = "";
}
if(!isset($options['action']))
{
$options['action'] = "";
}
if(!isset($options['special']))
{
$options['special'] = "";
}
return $options;
}
//获取用户的组ID
public function getGroup($uid=0){
if(!empty($uid) && is_numeric($uid))
{
$sql = "SELECT gid FROM ".$this->tbl_userToGroup." WHERE uid=$uid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
return $row['gid'];
}else{
$select = $this->db->select();
return $select ->from($this->tbl_group)
->order('groups.id desc');
}
}
//获取组名
public function getGroupName($gid){
if(!is_numeric($gid))
{
return false;
}
$sql = "SELECT * FROM ".$this->tbl_group." WHERE id=$gid";
$rs = $this->db->query($sql);
$row = $rs->fetch();
return $row['name'];
}
//创建用户组
public function CreateGroup($name){
$groupTable = $this->tbl_group;
if(empty($name))
{
return false;
}
$data = array(
"name" => $name
);
return $this->db->insert($groupTable,$data);
}
//把用户移动到组
public function AddTo($uid,$gid){
if(!is_numeric($uid) || !is_numeric($gid))
{
return false;
}
$sql = "SELECT * FROM ".$this->tbl_userToGroup." WHERE uid=? AND gid=?";
$sth = $this->db->prepare($sql);
$sth->execute(array($uid,$gid));
$row = $sth->fetch();
if(!empty($row['ts_created']))
{
$data = array(
"uid"=>$uid,
"gid"=>$gid
);
$whereSql = " uid=$uid AND gid=$gid ";
return $this->db->update($this->tbl_userToGroup,$data,$whereSql);
}else{
$data = array(
"uid"=>$uid,
"gid"=>$gid
);
return $this->db->insert($this->tbl_userToGroup,$data);
}
}
//初始化所有权限
public function _initAuth()
{
$this->AuthResource = array(
"default" => array(
"data"=> array(
"index","view"
)
),
"admin"=>array(
"data"=>array("index"),
"user"=>array("index","auth","group")
)
);
}
//给用户添加权限
public function UAuthAdd($uid,$options)
{
}
//给用户组添加权限
public function GAuthAdd($gid,$options)
{
}
}