mkm/work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

权限管理优化

Browse Source 
Signed-off-by: vilson <545522390@qq.com>
This commit is contained in:
vilson 2020-05-10 15:10:31 +08:00
parent 3b7a33e9aa
commit c31892056d
8 changed files with 60 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
application/common.php
View File

@ -49,7 +49,7 @@ function getCurrentMember()
function setCurrentMember($data)
{
$key = 'member:info:' . $data['code'];
$key = 'member:info:' . $data['code'];//Member 里的 code
if (!$data) {
Cache::rm($key);
}else{

1
application/common/Model/Member.php
View File

@ -59,6 +59,7 @@ class Member extends CommonModel
$member['authorize'] = $list[0]['authorize'];
$member['position'] = $list[0]['position'];
$member['department'] = $list[0]['department'];
$member['organization_code'] = $list[0]['organization_code'];
setCurrentMember($member);
!empty($member['authorize']) && NodeService::applyProjectAuthNode();

3
application/common/Model/MemberAccount.php
View File

@ -26,8 +26,7 @@ class MemberAccount extends CommonModel
{
NodeService::applyProjectAuthNode();
$menuModel = new ProjectMenu();
$list = $menuModel->listForUser($isTree);
return $list;
return $menuModel->listForUser($isTree);
}
/**

2
application/project/controller/Auth.php
View File

@ -81,6 +81,7 @@ class Auth extends BasicApi
*/
protected function _apply_save($auth)
{
//todo 优化
list($data, $post) = [[], Request::only('action,id,nodes')];
isset($post['nodes']) && $post['nodes'] = json_decode($post['nodes']);
foreach (isset($post['nodes']) ? $post['nodes'] : [] as $node) {
@ -88,6 +89,7 @@ class Auth extends BasicApi
}
ProjectAuthNode::where(['auth' => $auth])->delete();
ProjectAuthNode::insertAll($data);
NodeService::clearMemberNodes(getCurrentOrganizationCode());
$this->success('节点授权更新成功!', '');
}

1
application/project/controller/Index.php
View File

@ -77,6 +77,7 @@ class Index extends BasicApi
$member['account_id'] = $memberAccount['id'];
$member['is_owner'] = $memberAccount['is_owner'];
$member['authorize'] = $memberAccount['authorize'];
$member['organization_code'] = $memberAccount['organization_code'];
setCurrentMember($member);
!empty($member['authorize']) && NodeService::applyProjectAuthNode();
setCurrentOrganizationCode($organizationCode);

4
application/project/controller/Project.php
View File

@ -44,7 +44,7 @@ class Project extends BasicApi
* @return void
* @throws DbException
*/
public function index11()
/* public function index11()
{
$prefix = config('database.prefix');
$type = Request::post('type');
@ -94,7 +94,7 @@ class Project extends BasicApi
}
}
$this->success('', ['list' => $newList, 'total' => $list['total']]);
}
}*/
public function index()
{

2
application/project/middleware/Auth.php
View File

@ -68,6 +68,8 @@ class Auth
}
}
// 访问权限检查
// var_dump(auth($node, 'project'));
// die;
if (!empty($access['is_auth']) && !auth($node, 'project')) {
$nodeInfo = ProjectNode::where('node', $node)->find();
return json(['code' => 403, 'msg' => '无权限操作资源['. $nodeInfo['title'] . '],访问被拒绝']);

65
extend/service/NodeService.php
View File

@ -3,7 +3,9 @@
namespace service;
use app\common\Model\MemberAccount;
use think\Db;
use think\facade\Cache;
/**
* 系统权限节点读取器
@ -19,23 +21,54 @@ class NodeService
*/
public static function applyProjectAuthNode()
{
cache('member_need_access_node', null);
// cache('member_need_access_node', null);
$member = getCurrentMember();
$member['nodes'] = [];
if (($authorize = $member['authorize'])) {
$where = ['status' => '1'];
$authorizeIds = Db::name('ProjectAuth')->whereIn('id', explode(',', $authorize))->where($where)->column('id');
if (empty($authorizeIds)) {
$member['nodes'] = [];
return setCurrentMember($member);
}
$nodes = Db::name('ProjectAuthNode')->whereIn('auth', $authorizeIds)->column('node');
$member['nodes'] = $nodes;
return setCurrentMember($member);
}
return setCurrentMember($member);
// $member['nodes'] = [];
// if (($authorize = $member['authorize'])) {
// $where = ['status' => '1'];
// $authorizeIds = Db::name('ProjectAuth')->whereIn('id', explode(',', $authorize))->where($where)->column('id');
// if (empty($authorizeIds)) {
// $member['nodes'] = [];
// return setCurrentMember($member);
// }
// $nodes = Db::name('ProjectAuthNode')->whereIn('auth', $authorizeIds)->column('node');
// $member['nodes'] = $nodes;
// return setCurrentMember($member);
// }
// return setCurrentMember($member);
$nodes = self::getMemberNodes($member['organization_code'], $member['account_id']);
$member['nodes'] = $nodes;
setCurrentMember($member);
return $nodes;
}
public static function getMemberNodes($orgCode, $memberAccountId)
{
$cacheKey = 'member:nodes:' . $memberAccountId;
$tagKey = 'member:codes:' . $orgCode;
// self::clearMemberNodes($orgCode);
$nodes = Cache::tag($tagKey)->get($cacheKey);
if (!$nodes) {
$member = MemberAccount::get($memberAccountId);
$authorize = $member['authorize'];
$authorizeIds = Db::name('ProjectAuth')->whereIn('id', explode(',', $authorize))->where(['status' => '1'])->column('id');
if (empty($authorizeIds)) {
$nodes = [];
} else {
$nodes = Db::name('ProjectAuthNode')->whereIn('auth', $authorizeIds)->column('node');
}
Cache::tag($tagKey)->set($cacheKey, $nodes, 3600 * 24 * 7);
}
return $nodes;
}
public static function clearMemberNodes($orgCode)
{
$tagKey = 'member:codes:' . $orgCode;
return Cache::clear($tagKey);
}
/**
* 获取项目账号授权节点
* @return array
@ -50,6 +83,7 @@ class NodeService
return $nodes;
}
/**
* 检查账号节点权限
* @param string $node 节点
@ -69,7 +103,8 @@ class NodeService
if (!in_array($currentNode, self::getProjectAuthNode())) {
return true;
}
return in_array($currentNode, !empty($member['nodes']) ? (array)$member['nodes'] : []);
$memberNodes = self::getMemberNodes($member['organization_code'], $member['account_id']);
return in_array($currentNode, !empty($memberNodes) ? (array)$memberNodes : $memberNodes);
}
return false;
}