12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 |
- <?php
- namespace App\Models;
- use Illuminate\Database\Eloquent\Model;
- use Illuminate\Support\Facades\DB;
- use Illuminate\Support\Facades\Log;
- const SUPER_ADMIN = 1; // 超级管理员,拥有所有权限
- const SYSTEM_ADMIN = 2; // 系统管理员,交付产品时可提供的最高管理员账号
- const GUEST_USER = 128; //普通用户
- class Permission extends Model
- {
- protected $table = "permission";
- public $timestamps = false;
- // 此时应该初始化需要的管理员账号
- function __construct(array $attributes = [])
- {
- parent::__construct($attributes);
- }
- /**
- * @param string $uid
- * @param int $rights
- * @return string
- */
- public function IsAccess(string $uid, int $rights)
- {
- // $this->where("uid",$uid)
- // ->where("is_del", false)
- // ->where("status", "normal")
- // ->where("role", "&");
- $data = DB::select("select uid from permission where uid = ? and is_del = false and status = normal and role & ? > 0;", [$uid, $rights]);
- if (!$data) {
- return "permission denied";
- }
- return $data->uid;
- }
- /**
- * @param string $adminUid
- * @param string $uid
- * @param string $rights
- * @return string
- */
- public function ModifyRole(string $adminUid, string $uid, string $rights)
- {
- // Verify that the current user has permission to modify permissions
- $data = DB::select("select uid, role from permission where uid = ? and is_del = false and status = ? and role & ? > 0;", [$adminUid, "normal", SUPER_ADMIN | SYSTEM_ADMIN]);
- log::debug($data);
- if (!$data) {
- log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but permission denied");
- return "permission denied";
- }
- if ($data->uid < 1) {
- log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but invalid admin uid: " . $adminUid);
- return "invalid admin uid: " . $adminUid;
- }
- if ($data->right >= $rights) {
- log::debug("ModifyRole with adminUid: " . $adminUid . ", admin role: ". $data->role . ", uid: " . $uid . ", rights: " . $rights . " but have no permission to grant higher rights");
- return "have no permission to grant higher rights";
- }
- // modify the user's rights
- $result = $this->where("uid", $uid)
- ->where("is_del", false)
- ->where("status", "normal")
- ->update(["role" => $rights]);
- if (!$result) {
- return "grant rights failed";
- }
- return "success";
- }
- }
|