Auth.php
3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
// +---------------------------------------------------------------------
// | ThinkCMF [ WE CAN DO IT MORE SIMPLE ]
// +---------------------------------------------------------------------
// | Copyright (c) 2013-2014 http://www.thinkcmf.com All rights reserved.
// +---------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +---------------------------------------------------------------------
// | Author: Dean <zxxjjforever@163.com>
// +---------------------------------------------------------------------
namespace cmf\lib;
use think\Db;
/**
* ThinkCMF权限认证类
*/
class Auth
{
//默认配置
protected $_config = [];
public function __construct()
{
}
/**
* 检查权限
* @param $name string|array 需要验证的规则列表,支持逗号分隔的权限规则或索引数组
* @param $uid int 认证用户的id
* @param $relation string 如果为 'or' 表示满足任一条规则即通过验证;如果为 'and'则表示需满足所有规则才能通过验证
* @return boolean 通过验证返回true;失败返回false
*/
public function check($uid, $name, $relation = 'or')
{
if (empty($uid)) {
return false;
}
if ($uid == 1) {
return true;
}
if (is_string($name)) {
$name = strtolower($name);
if (strpos($name, ',') !== false) {
$name = explode(',', $name);
} else {
$findAuthRuleCount = Db::name('auth_rule')->where([
'name' => $name
])->count();
if ($findAuthRuleCount == 0) {//没有规则时,不验证!
return true;
}
$name = [$name];
}
}
$list = []; //保存验证通过的规则名
$groups = Db::name('RoleUser')
->alias("a")
->join('__ROLE__ r', 'a.role_id = r.id')
->where(["a.user_id" => $uid, "r.status" => 1])
->column("role_id");
if (in_array(1, $groups)) {
return true;
}
if (empty($groups)) {
return false;
}
$rules = Db::name('AuthAccess')
->alias("a")
->join('__AUTH_RULE__ b ', ' a.rule_name = b.name')
->where(["a.role_id" => ["in", $groups], "b.name" => ["in", $name]])
->select();
foreach ($rules as $rule) {
if (!empty($rule['condition'])) { //根据condition进行验证
$user = $this->getUserInfo($uid);//获取用户信息,一维数组
$command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $rule['condition']);
//dump($command);//debug
@(eval('$condition=(' . $command . ');'));
if ($condition) {
$list[] = strtolower($rule['name']);
}
} else {
$list[] = strtolower($rule['name']);
}
}
if ($relation == 'or' and !empty($list)) {
return true;
}
$diff = array_diff($name, $list);
if ($relation == 'and' and empty($diff)) {
return true;
}
return false;
}
/**
* 获得用户资料
* @param $uid
* @return mixed
*/
private function getUserInfo($uid)
{
static $userInfo = [];
if (!isset($userInfo[$uid])) {
$userInfo[$uid] = Db::name('user')->where(['id' => $uid])->find();
}
return $userInfo[$uid];
}
}