model = model('AuthGroup'); $groups = $this->auth->getGroups(); // 取出所有分组 $grouplist = model('AuthGroup')->all(['status' => 'normal']); $objlist = []; $group_ids = []; foreach ($groups as $K => $v) { // 取出包含自己的所有子节点 $childrenlist = Tree::instance()->init($grouplist)->getChildren($v['id'], TRUE); $obj = Tree::instance()->init($childrenlist)->getTreeArray($v['pid']); $objlist = array_merge($objlist, Tree::instance()->getTreeList($obj)); $group_ids[] = (int) $v['group_id']; } $groupdata = []; foreach ($objlist as $k => $v) { $groupdata[$v['id']] = $v['name']; } $this->groupdata = $groupdata; $this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $group_ids]); $this->childrenIds = array_keys($groupdata); $this->view->assign('groupdata', $groupdata); } /** * 查看 */ public function index() { if ($this->request->isAjax()) { $list = []; foreach ($this->groupdata as $k => $v) { $data = $this->model->get($k); $data->name = $v; $list[] = $data; } $total = count($list); $result = array("total" => $total, "rows" => $list); return json($result); } return $this->view->fetch(); } /** * 添加 */ public function add() { if ($this->request->isPost()) { $params = $this->request->post("row/a", [], 'strip_tags'); $params['rules'] = explode(',', $params['rules']); if (!in_array($params['pid'], $this->childrenIds)) { $this->error(__('The parent group can not be its own child')); } $parentmodel = model("AuthGroup")->get($params['pid']); if (!$parentmodel) { $this->error(__('The parent group can not found')); } // 父级别的规则节点 $parentrules = explode(',', $parentmodel->rules); // 当前组别的规则节点 $currentrules = $this->auth->getRuleIds(); $rules = $params['rules']; // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限 $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules); // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限 $rules = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules); $params['rules'] = implode(',', $rules); if ($params) { $this->model->create($params); $this->success(); } $this->error(); } return $this->view->fetch(); } /** * 编辑 */ public function edit($ids = NULL) { $row = $this->model->get(['id' => $ids]); if (!$row) $this->error(__('No Results were found')); if ($this->request->isPost()) { $params = $this->request->post("row/a", [], 'strip_tags'); // 父节点不能是它自身的子节点 if (!in_array($params['pid'], $this->childrenIds)) { $this->error(__('The parent group can not be its own child')); } $params['rules'] = explode(',', $params['rules']); $parentmodel = model("AuthGroup")->get($params['pid']); if (!$parentmodel) { $this->error(__('The parent group can not found')); } // 父级别的规则节点 $parentrules = explode(',', $parentmodel->rules); // 当前组别的规则节点 $currentrules = $this->auth->getRuleIds(); $rules = $params['rules']; // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限 $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules); // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限 $rules = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules); $params['rules'] = implode(',', $rules); if ($params) { $row->save($params); $this->success(); } $this->error(); return; } $this->view->assign("row", $row); return $this->view->fetch(); } /** * 删除 */ public function del($ids = "") { if ($ids) { $ids = explode(',', $ids); $grouplist = $this->auth->getGroups(); $group_ids = array_map(function($group) { return $group['id']; }, $grouplist); // 移除掉当前管理员所在组别 $ids = array_diff($ids, $group_ids); // 循环判断每一个组别是否可删除 $grouplist = $this->model->where('id', 'in', $ids)->select(); $groupaccessmodel = model('AuthGroupAccess'); foreach ($grouplist as $k => $v) { // 当前组别下有管理员 $groupone = $groupaccessmodel->get(['group_id' => $v['id']]); if ($groupone) { $ids = array_diff($ids, [$v['id']]); continue; } // 当前组别下有子组别 $groupone = $this->model->get(['pid' => $v['id']]); if ($groupone) { $ids = array_diff($ids, [$v['id']]); continue; } } if (!$ids) { $this->error(__('You can not delete group that contain child group and administrators')); } $count = $this->model->where('id', 'in', $ids)->delete(); if ($count) { $this->success(); } } $this->error(); } /** * 批量更新 * @internal */ public function multi($ids = "") { // 组别禁止批量操作 $this->error(); } /** * 读取角色权限树 * * @internal */ public function roletree() { $this->loadlang('auth/group'); $model = model('AuthGroup'); $id = $this->request->post("id"); $pid = $this->request->post("pid"); $parentgroupmodel = $model->get($pid); $currentgroupmodel = NULL; if ($id) { $currentgroupmodel = $model->get($id); } if (($pid || $parentgroupmodel) && (!$id || $currentgroupmodel)) { $id = $id ? $id : NULL; $ruleList = collection(model('AuthRule')->order('weigh', 'desc')->select())->toArray(); //读取父类角色所有节点列表 $parentRuleList = []; if (in_array('*', explode(',', $parentgroupmodel->rules))) { $parentRuleList = $ruleList; } else { $parent_rule_ids = explode(',', $parentgroupmodel->rules); foreach ($ruleList as $k => $v) { if (in_array($v['id'], $parent_rule_ids)) { $parentRuleList[] = $v; } } } //当前所有正常规则列表 Tree::instance()->init($ruleList); //读取当前角色下规则ID集合 $admin_rule_ids = $this->auth->getRuleIds(); //是否是超级管理员 $superadmin = $this->auth->isSuperAdmin(); //当前拥有的规则ID集合 $current_rule_ids = $id ? explode(',', $currentgroupmodel->rules) : []; if (!$id || !in_array($pid, Tree::instance()->getChildrenIds($id, TRUE))) { $ruleList = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0), 'name'); $hasChildrens = []; foreach ($ruleList as $k => $v) { if ($v['haschild']) $hasChildrens[] = $v['id']; } $nodelist = []; foreach ($parentRuleList as $k => $v) { if (!$superadmin && !in_array($v['id'], $admin_rule_ids)) continue; $state = array('selected' => in_array($v['id'], $current_rule_ids) && !in_array($v['id'], $hasChildrens)); $nodelist[] = array('id' => $v['id'], 'parent' => $v['pid'] ? $v['pid'] : '#', 'text' => $v['title'], 'type' => 'menu', 'state' => $state); } $this->success('', null, $nodelist); } else { $this->error(__('Can not change the parent to child')); } } else { $this->error(__('Group not found')); } } }