/**
* 权限检查
*/
protected function check_auth() {
$controller = __CONTROLLER__;
$action = __ACTION__;
$authen = require CONF_PATH . 'authen.php';
if (!$this->admin_info) { //未登录
if (!in_array($action, $authen['no_login'][$controller])) { //当前需要登陆
$this->redirect_login();
exit();
}
} else {
$group_info = model('manager_group')->find($this->admin_info['gid']); //权限组信息
if (!$group_info['supper']) { //非超级管理员
$purview_id = string2array($group_info['purview']);
$this->purviews = model('purview')->fetch('*', "id in(" . implode(',', $purview_id) . ")");
if (!in_array($action, $authen['no_auth'][$controller])) { //当前操作需要验证
$in_purview = array(); //拥有的权限
foreach ($this->purviews as $purview) {
$in_purview = array_merge($in_purview, string2array($purview['purview']));
}
$cur_process = $controller . '.' . $action;
if (!in_array($cur_process, $in_purview)) { //无权限
if (IS_AJAX) {
ajax_return(0, '无权限');
} else {
include admin_template('/index/no_purview');
exit;
}
}
}
}
}
}---------------------------------------------------------------------下面是权限管理的代码
--------------------------------------------------
public function purview() {
$model = model('purview_module');
$result = $model->fetch('*', '', 'sort desc,id asc');
load_ext('unit/tree');
foreach ($result as $key => $val) {
if ($val['pid'] == 0) {
$result[$key]['icon'] = " <a href='manager/module_add/?pid={$val['id']}' class='add ajax-load' title='添加子模块' data-width='560px' data-height='360px'></a>";
} else {
$actions = model('purview')->fetch_field('id,name', 'mid=' . $val['id'], 'id asc');
if (!empty($actions)) {
foreach ($actions as $aid => $aname) {
$result[$key]['actions'] .= '<a href="javascript:;" data-id="' . $aid . '" class="addBtn processor">' . $aname . '</a>';
}
} else {
$result[$key]['actions'] = '';
}
$result[$key]['icon'] = " <a href='manager/purview_add/?mid={$val['id']}' class='add ajax-load' title='添加操作' data-width='510px' data-height='560px'></a>";
}
}
$tree = new tree($result);
$tree->icon = array(" ", " ├─ ", " └─ ");
$tree->nbsp = " ";
$html = "<tr>
<td><input type='checkbox' name='id[]' value='\$id' /></td>
<td><input type='text' size='1' name='sort[\$id]' style='text-align:center' value='\$sort' class='input' /></td>
<td class='left'><span class='spacer'>\$spacer</span>\$name \$icon</td>
<td>\$actions</td>
<td><a href='manager/module_edit/id/\$id' class='ajax-load' title='修改模块' data-width='560px' data-height='360px'>修改</a> | <a href='manager/module_delete/id/\$id' class='ajax-link confirm'>删除</a></td>
</tr>";
$result = $tree->get_tree(0, $html);
include admin_template('purview');
}public function purview_add() {
if (IS_POST) {
$purview = input('purview');
$name = input('name');
$mid = input('mid');
if (!$name) {
ajax_return('请填写操作名称');
}
if (!$mid) {
ajax_return('请选择操作模块');
}
if (empty($purview)) {
ajax_return(0, '请选择操作方法');
}
$model = model('purview');
$total = $model->count(array('name=%s AND mid=%d', $name, $mid));
if ($total) {
ajax_return(0, '操作名称已经存在');
}
$mpid = model('purview_module')->fetch_first('pid', 'id=' . $mid);
if ($mpid == 0) {
ajax_return(0, '操作模板不正确');
}
$data = array(
'mid' => $mid,
'name' => $name,
'purview' => array2string($purview),
);
if ($model->insert($data)) {
ajax_return(1);
} else {
ajax_return(0, '添加失败');
}
} else {
$mid = input('mid', 0, 'intval');
$category = $this->module_tree();
$actions = $this->get_action_list();
include admin_template('purview_add');
}
}-----------------------------------后台菜单..无权限的用户不显示菜单
/**
* 管理员菜单
*/
protected function admin_menu($all = false) {
static $admin_menu = array();
if (empty($admin_menu)) {
$admin_menu = model('admin_menu')->fetch('*', $all == false ? 'status=1' : '', 'sort desc,id desc');
foreach ($admin_menu as $key => $val) {
if (!$admin_menu[$key]['action']) {
$admin_menu[$key]['action'] = 'index';
}
$admin_menu[$key]['url'] = '/admin/' . $val['controller'] . '/' . ($val['action'] ? ($val['action'] . '/') : '' ) . ($val['paremeter'] ? '?' . trim($val['paremeter'], '?') : '');
}
if (!$this->admin_info['supper']) {
foreach ($this->purviews as $pur) {
$module_ids[] = $pur['mid']; //所有权限ID
}
$module_ids = array_unique($module_ids);
$module_pids = model('purview_module')->fetch_field('pid', "id in (" . implode(',', $module_ids) . ")",'','pid');
$module_ids = array_merge($module_ids, $module_pids);
$check_menus = model('purview_module')->fetch_field('menus',"menus != ''");
$has_menus = model('purview_module')->fetch_field('menus',"id in(".implode(',', $module_ids).")");
$menu_list = array(); //权限菜单
foreach($has_menus as $has_menu){
$menu_list = array_merge($menu_list, string2array($has_menu));
}
$menus = array();
foreach($check_menus as $menu){
$menus = array_merge($menus, string2array($menu)); //所有对应的菜单
}
foreach($admin_menu as $key=>$val){
if(in_array($val['id'], $menus) && !in_array($val['id'], $menu_list)){
unset($admin_menu[$key]);
}
}
}
$admin_menu = tree_array($admin_menu);
}
return $admin_menu;
}----------------------------------------------------------------看代码什么的,感觉是不是跟TP 有点像,哈哈,是很像....TP
最佳答案
