mkm/work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

权限管理优化

Browse Source 
Signed-off-by: vilson <545522390@qq.com>
This commit is contained in:
vilson 2020-05-10 15:10:31 +08:00
parent 3b7a33e9aa
commit c31892056d
8 changed files with 60 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
application/common.php
View File

@ -49,7 +49,7 @@ function getCurrentMember()
function setCurrentMember($data) function setCurrentMember($data)
{ {
$key = 'member:info:' . $data['code']; $key = 'member:info:' . $data['code'];//Member 里的 code
if (!$data) { if (!$data) {
Cache::rm($key); Cache::rm($key);
}else{ }else{

1
application/common/Model/Member.php
View File

@ -59,6 +59,7 @@ class Member extends CommonModel
$member['authorize'] = $list[0]['authorize']; $member['authorize'] = $list[0]['authorize'];
$member['position'] = $list[0]['position']; $member['position'] = $list[0]['position'];
$member['department'] = $list[0]['department']; $member['department'] = $list[0]['department'];
$member['organization_code'] = $list[0]['organization_code'];
setCurrentMember($member); setCurrentMember($member);
!empty($member['authorize']) && NodeService::applyProjectAuthNode(); !empty($member['authorize']) && NodeService::applyProjectAuthNode();

3
application/common/Model/MemberAccount.php
View File

@ -26,8 +26,7 @@ class MemberAccount extends CommonModel
{ {
NodeService::applyProjectAuthNode(); NodeService::applyProjectAuthNode();
$menuModel = new ProjectMenu(); $menuModel = new ProjectMenu();
$list = $menuModel->listForUser($isTree); return $menuModel->listForUser($isTree);
return $list;
} }
/** /**

2
application/project/controller/Auth.php
View File

@ -81,6 +81,7 @@ class Auth extends BasicApi
*/ */
protected function _apply_save($auth) protected function _apply_save($auth)
{ {
//todo 优化
list($data, $post) = [[], Request::only('action,id,nodes')]; list($data, $post) = [[], Request::only('action,id,nodes')];
isset($post['nodes']) && $post['nodes'] = json_decode($post['nodes']); isset($post['nodes']) && $post['nodes'] = json_decode($post['nodes']);
foreach (isset($post['nodes']) ? $post['nodes'] : [] as $node) { foreach (isset($post['nodes']) ? $post['nodes'] : [] as $node) {
@ -88,6 +89,7 @@ class Auth extends BasicApi
} }
ProjectAuthNode::where(['auth' => $auth])->delete(); ProjectAuthNode::where(['auth' => $auth])->delete();
ProjectAuthNode::insertAll($data); ProjectAuthNode::insertAll($data);
NodeService::clearMemberNodes(getCurrentOrganizationCode());
$this->success('节点授权更新成功!', ''); $this->success('节点授权更新成功!', '');
} }

1
application/project/controller/Index.php
View File

@ -77,6 +77,7 @@ class Index extends BasicApi
$member['account_id'] = $memberAccount['id']; $member['account_id'] = $memberAccount['id'];
$member['is_owner'] = $memberAccount['is_owner']; $member['is_owner'] = $memberAccount['is_owner'];
$member['authorize'] = $memberAccount['authorize']; $member['authorize'] = $memberAccount['authorize'];
$member['organization_code'] = $memberAccount['organization_code'];
setCurrentMember($member); setCurrentMember($member);
!empty($member['authorize']) && NodeService::applyProjectAuthNode(); !empty($member['authorize']) && NodeService::applyProjectAuthNode();
setCurrentOrganizationCode($organizationCode); setCurrentOrganizationCode($organizationCode);

4
application/project/controller/Project.php
View File

@ -44,7 +44,7 @@ class Project extends BasicApi
* @return void * @return void
* @throws DbException * @throws DbException
*/ */
public function index11() /* public function index11()
{ {
$prefix = config('database.prefix'); $prefix = config('database.prefix');
$type = Request::post('type'); $type = Request::post('type');
@ -94,7 +94,7 @@ class Project extends BasicApi
} }
} }
$this->success('', ['list' => $newList, 'total' => $list['total']]); $this->success('', ['list' => $newList, 'total' => $list['total']]);
} }*/
public function index() public function index()
{ {

2
application/project/middleware/Auth.php
View File

@ -68,6 +68,8 @@ class Auth
} }
} }
// 访问权限检查 // 访问权限检查
// var_dump(auth($node, 'project'));
// die;
if (!empty($access['is_auth']) && !auth($node, 'project')) { if (!empty($access['is_auth']) && !auth($node, 'project')) {
$nodeInfo = ProjectNode::where('node', $node)->find(); $nodeInfo = ProjectNode::where('node', $node)->find();
return json(['code' => 403, 'msg' => '无权限操作资源['. $nodeInfo['title'] . '],访问被拒绝']); return json(['code' => 403, 'msg' => '无权限操作资源['. $nodeInfo['title'] . '],访问被拒绝']);

65
extend/service/NodeService.php
View File

@ -3,7 +3,9 @@
namespace service; namespace service;
use app\common\Model\MemberAccount;
use think\Db; use think\Db;
use think\facade\Cache;
/** /**
* 系统权限节点读取器 * 系统权限节点读取器
@ -19,23 +21,54 @@ class NodeService
*/ */
public static function applyProjectAuthNode() public static function applyProjectAuthNode()
{ {
cache('member_need_access_node', null); // cache('member_need_access_node', null);
$member = getCurrentMember(); $member = getCurrentMember();
$member['nodes'] = []; // $member['nodes'] = [];
if (($authorize = $member['authorize'])) { // if (($authorize = $member['authorize'])) {
$where = ['status' => '1']; // $where = ['status' => '1'];
$authorizeIds = Db::name('ProjectAuth')->whereIn('id', explode(',', $authorize))->where($where)->column('id'); // $authorizeIds = Db::name('ProjectAuth')->whereIn('id', explode(',', $authorize))->where($where)->column('id');
if (empty($authorizeIds)) { // if (empty($authorizeIds)) {
$member['nodes'] = []; // $member['nodes'] = [];
return setCurrentMember($member); // return setCurrentMember($member);
} // }
$nodes = Db::name('ProjectAuthNode')->whereIn('auth', $authorizeIds)->column('node'); // $nodes = Db::name('ProjectAuthNode')->whereIn('auth', $authorizeIds)->column('node');
$member['nodes'] = $nodes; // $member['nodes'] = $nodes;
return setCurrentMember($member); // return setCurrentMember($member);
} // }
return setCurrentMember($member); // return setCurrentMember($member);
$nodes = self::getMemberNodes($member['organization_code'], $member['account_id']);
$member['nodes'] = $nodes;
setCurrentMember($member);
return $nodes;
} }
public static function getMemberNodes($orgCode, $memberAccountId)
{
$cacheKey = 'member:nodes:' . $memberAccountId;
$tagKey = 'member:codes:' . $orgCode;
// self::clearMemberNodes($orgCode);
$nodes = Cache::tag($tagKey)->get($cacheKey);
if (!$nodes) {
$member = MemberAccount::get($memberAccountId);
$authorize = $member['authorize'];
$authorizeIds = Db::name('ProjectAuth')->whereIn('id', explode(',', $authorize))->where(['status' => '1'])->column('id');
if (empty($authorizeIds)) {
$nodes = [];
} else {
$nodes = Db::name('ProjectAuthNode')->whereIn('auth', $authorizeIds)->column('node');
}
Cache::tag($tagKey)->set($cacheKey, $nodes, 3600 * 24 * 7);
}
return $nodes;
}
public static function clearMemberNodes($orgCode)
{
$tagKey = 'member:codes:' . $orgCode;
return Cache::clear($tagKey);
}
/** /**
* 获取项目账号授权节点 * 获取项目账号授权节点
* @return array * @return array
@ -50,6 +83,7 @@ class NodeService
return $nodes; return $nodes;
} }
/** /**
* 检查账号节点权限 * 检查账号节点权限
* @param string $node 节点 * @param string $node 节点
@ -69,7 +103,8 @@ class NodeService
if (!in_array($currentNode, self::getProjectAuthNode())) { if (!in_array($currentNode, self::getProjectAuthNode())) {
return true; return true;
} }
return in_array($currentNode, !empty($member['nodes']) ? (array)$member['nodes'] : []); $memberNodes = self::getMemberNodes($member['organization_code'], $member['account_id']);
return in_array($currentNode, !empty($memberNodes) ? (array)$memberNodes : $memberNodes);
} }
return false; return false;
} }