搜索

RBAC验证为什么总是返回false(没有权限)

浏览:567 发布日期:2013/12/20 分类:求助交流 关键字: RBAC
<?php 
class CommonAction extends Action {
    
    public function _initialize(){
    
        if(!isset($_SESSION[C('USER_AUTH_KEY')])){
            $this->redirect(C("USER_AUTH_GATEWAY"));
        }
        
        $notAuth = in_array(MODULE_NAME, explode(',', C("NOT_AUTH_MODULE"))) || 
                   in_array(ACTION_NAME, explode(',', C("NOT_AUTH_ACTION")));
        
        if (C("USER_AUTH_ON") && !$notAuth){
            import("ORG.Util.RBAC");
            if (!RBAC::AccessDecision()){
                echo "没有权限!";
            }
        }
    }
}
?>登陆<?php
class IndexAction extends Action{
    public function index(){
        $this->display('index');
    }
    
    public function verification()
    {
        $name    = $_GET['id'];
        $pwd    = $_GET['pwd'];
        $user = M('user');
        $where['account'] = $name;
        $where['password'] = md5($pwd);
        $arr = $user->where($where)->find();
        if($arr)
        {
            if($arr['status']=='1')
            {
                
                $_SESSION['uname']=$arr[account];
                $_SESSION['id']=$arr[id];
                
                session('account',$name);
                session(C('USER_AUTH_KEY'),$arr['id']);
                if($_SESSION['account']==C('RBAC_SUPERADMIN'))
                {
                    session(C('ADMIN_AUTH_KEY'),true);
                }
                
                //RBAC
                import('ORG.Util.RBAC');
                RBAC::saveAccessList();
                $this->success('登陆成功!',__URL__.'/body');
            }
            else 
            {
                $this->success('账号不可用',__APP__.'/Index/index');
            }
        }
        else
        {
            $this->success('登陆失败',__APP__.'/Index/index');
        }
    }
    
    public  function menu()
    {
        //创始人账户
        if(session(C('ADMIN_AUTH_KEY')))
        {
            $node = D('Node')->where('level=2 and pid = '.$_GET['id'])->order('sort')->relation(true)->select();
        }
        //其他账户
        else 
        {
            $node = D('Node')->where('level=2 and pid = '.$_GET['id'])->order('sort')->relation(true)->select();
            $module = ''; 
            $node_id = '';
            $accessList = $_SESSION['_ACCESS_LIST'];
            foreach ($accessList as $key => $value)
            {
                foreach ($value as $key1 => $value1)
                {
                    $module = $module.','.$key1;
                    foreach ($value1 as $key2 => $value2)
                    {
                        $node_id = $node_id.','.$value2;
                    }
                }    
            }
            
            foreach($node as $key => $value)
            {
                if(!in_array(strtoupper($value['name']),explode(',',$module)))
                {
                    unset($node[$key]);
                }
                else
                {
                    foreach ($value['node'] as $key1 => $value1)
                    {
                        if(!in_array($value1['id'],explode(',',$node_id)))
                        {
                            unset($node[$key]['node'][$key1]);
                        }
                    }
                }
            }
            
        }
        $this->assign('node',$node);
        $a = M('node')->where('id = '.$_GET['id'])->find();
        $this->assign('a',$a);
        $this->display();
    }
    
    public function top()
    {
        $this->node = M('node')->where('level = 1')->order('sort')->select();
        $this->display();
    }
    
    
}
最佳答案
评论( 相关
后面还有条评论,点击查看>>
收藏
评论
guo2205
积分:125 等级:LV1
热点推荐
最新更新

我们

合作

网站

信息