Home Explore Help
Sign In
tangmz
/
repair_lite
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6648b69c17
Branches Tags
repair_lite
/
app
/
Models
/
Permission.php

Permission.php 2.9 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. <?php
    2. 

  2. 

  3. namespace App\Models;
    4. 

  4. 

  5. use Illuminate\Database\Eloquent\Model;
    6. 

  6. use Illuminate\Support\Facades\DB;
    7. 

  7. use Illuminate\Support\Facades\Log;
    8. 

  8. 

  9. const SUPER_ADMIN = 1; // 超级管理员,拥有所有权限
    10. 

  10. const SYSTEM_ADMIN = 2; // 系统管理员,交付产品时可提供的最高管理员账号
    11. 

  11. const GUEST_USER = 128; //普通用户
    12. 

  12. 

  13. class Permission extends Model
    14. 

  14. {
    15. 

  15.     protected $table = "permission";
    16. 

  16.     public $timestamps = false;
    17. 

  17. 

  18.     // 此时应该初始化需要的管理员账号
    19. 

  19.     function __construct(array $attributes = [])
    20. 

  20.     {
    21. 

  21.         parent::__construct($attributes);
    22. 

  22.     }
    23. 

  23. 

  24.     /**
    25. 

  25.      * @param string $uid
    26. 

  26.      * @param int $rights
    27. 

  27.      * @return string
    28. 

  28.      */
    29. 

  29.     public function IsAccess(string $uid, int $rights)
    30. 

  30.     {
    31. 

  31. //        $this->where("uid",$uid)
    32. 

  32. //            ->where("is_del", false)
    33. 

  33. //            ->where("status", "normal")
    34. 

  34. //            ->where("role", "&");
    35. 

  35.         $data = DB::select("select uid from permission where uid = ? and is_del = false and status = normal and role & ? > 0;", [$uid, $rights]);
    36. 

  36.         if (!$data) {
    37. 

  37.             return "permission denied";
    38. 

  38.         }
    39. 

  39.         return $data->uid;
    40. 

  40.     }
    41. 

  41. 

  42.     /**
    43. 

  43.      * @param string $adminUid
    44. 

  44.      * @param string $uid
    45. 

  45.      * @param string $rights
    46. 

  46.      * @return string
    47. 

  47.      */
    48. 

  48.     public function ModifyRole(string $adminUid, string $uid, string $rights)
    49. 

  49.     {
    50. 

  50.         // Verify that the current user has permission to modify permissions
    51. 

  51.         $rows = DB::select("select uid, role from permission where uid = ? and is_del = false and status = ? and role & ? > 0;", [$adminUid, "normal", SUPER_ADMIN | SYSTEM_ADMIN]);
    52. 

  52.         if (!$rows) {
    53. 

  53.             log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but permission denied");
    54. 

  54.             return "permission denied";
    55. 

  55.         }
    56. 

  56. 

  57.         $data = null;
    58. 

  58.         foreach ($rows as $d){
    59. 

  59.             $data = $d;
    60. 

  60.             break;
    61. 

  61.         }
    62. 

  62. 

  63.         if (!$data) {
    64. 

  64.             log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but permission denied");
    65. 

  65.             return "permission denied";
    66. 

  66.         }
    67. 

  67. 

  68.         if ($data->uid < 1) {
    69. 

  69.             log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but invalid admin uid: " . $adminUid);
    70. 

  70.             return "invalid admin uid: " . $adminUid;
    71. 

  71.         }
    72. 

  72. 

  73.         if ($data->role >= $rights) {
    74. 

  74.             log::debug("ModifyRole with adminUid: " . $adminUid . ", admin role: ". $data->uid . ", uid: " . $uid . ", rights: " . $rights . " but have no permission to grant higher rights");
    75. 

  75.             return "have no permission to grant higher rights";
    76. 

  76.         }
    77. 

  77. 

  78.         // modify the user's rights
    79. 

  79.         $result = $this->where("uid", $uid)
    80. 

  80.             ->where("is_del", false)
    81. 

  81.             ->where("status", "normal")
    82. 

  82.             ->update(["role" => $rights]);
    83. 

  83.         if (!$result) {
    84. 

  84.             return "grant rights failed";
    85. 

  85.         }
    86. 

  86.         return "success";
    87. 

  87.     }
    88. 

  88. }
    89. 

  89.