From d0a89dd141a4626cb485a748327afb64525da59d Mon Sep 17 00:00:00 2001 From: 15090180611 <215509543@qq.com> Date: Tue, 25 Mar 2025 18:05:33 +0800 Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BA=A4api=E6=8E=A7=E5=88=B6?= =?UTF-8?q?=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../admin/controller/auth/api/Adminlog.php | 149 ++++++++ .../admin/controller/auth/api/Group.php | 317 ++++++++++++++++++ .../admin/controller/auth/api/Rule.php | 159 +++++++++ 3 files changed, 625 insertions(+) create mode 100644 application/admin/controller/auth/api/Adminlog.php create mode 100644 application/admin/controller/auth/api/Group.php create mode 100644 application/admin/controller/auth/api/Rule.php diff --git a/application/admin/controller/auth/api/Adminlog.php b/application/admin/controller/auth/api/Adminlog.php new file mode 100644 index 0000000..f858d8b --- /dev/null +++ b/application/admin/controller/auth/api/Adminlog.php @@ -0,0 +1,149 @@ +model = model('AdminLog'); + + $this->childrenAdminIds = $this->auth->getChildrenAdminIds(true); + $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true); + + $groupName = AuthGroup::where('id', 'in', $this->childrenGroupIds) + ->column('id,name'); + + $this->view->assign('groupdata', $groupName); + +// var_dump(XcAdminSessionUtils::getManystoreToken());die; + } + + /** + * 查看 + */ + public function index() + { + //设置过滤方法 + $this->request->filter(['strip_tags', 'trim']); + if ($this->request->isAjax()) { + list($where, $sort, $order, $offset, $limit) = $this->buildparams(); + $isSuperAdmin = $this->auth->isSuperAdmin(); + $childrenAdminIds = $this->childrenAdminIds; + $list = $this->model + ->where($where) + ->where(function ($query) use ($isSuperAdmin, $childrenAdminIds) { + if (!$isSuperAdmin) { + $query->where('admin_id', 'in', $childrenAdminIds); + } + }) + ->field('content,useragent', true) + ->order($sort, $order) + ->paginate($limit); + + $result = array("total" => $list->total(), "rows" => $list->items()); + + return json($result); + } + return $this->view->fetch(); + } + + /** + * 详情 + */ + public function detail($ids) + { + $row = $this->model->get(['id' => $ids]); + if (!$row) { + $this->error(__('No Results were found')); + } + if (!$this->auth->isSuperAdmin()) { + if (!$row['admin_id'] || !in_array($row['admin_id'], $this->childrenAdminIds)) { + $this->error(__('You have no permission')); + } + } + $this->view->assign("row", $row->toArray()); + return $this->view->fetch(); + } + + /** + * 添加 + * @internal + */ + public function add() + { + $this->error(); + } + + /** + * 编辑 + * @internal + */ + public function edit($ids = null) + { + $this->error(); + } + + /** + * 删除 + */ + public function del($ids = "") + { + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $ids = $ids ? $ids : $this->request->post("ids"); + if ($ids) { + $isSuperAdmin = $this->auth->isSuperAdmin(); + $childrenAdminIds = $this->childrenAdminIds; + $adminList = $this->model->where('id', 'in', $ids) + ->where(function ($query) use ($isSuperAdmin, $childrenAdminIds) { + if (!$isSuperAdmin) { + $query->where('admin_id', 'in', $childrenAdminIds); + } + }) + ->select(); + if ($adminList) { + $deleteIds = []; + foreach ($adminList as $k => $v) { + $deleteIds[] = $v->id; + } + if ($deleteIds) { + $this->model->destroy($deleteIds); + $this->success(); + } + } + } + $this->error(); + } + + /** + * 批量更新 + * @internal + */ + public function multi($ids = "") + { + // 管理员禁止批量操作 + $this->error(); + } + +} diff --git a/application/admin/controller/auth/api/Group.php b/application/admin/controller/auth/api/Group.php new file mode 100644 index 0000000..9fb0350 --- /dev/null +++ b/application/admin/controller/auth/api/Group.php @@ -0,0 +1,317 @@ +model = model('AuthGroup'); + + $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true); + + $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray(); + + Tree::instance()->init($groupList); + $groupList = []; + if ($this->auth->isSuperAdmin()) { + $groupList = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0)); + } else { + $groups = $this->auth->getGroups(); + $groupIds = []; + foreach ($groups as $m => $n) { + if (in_array($n['id'], $groupIds) || in_array($n['pid'], $groupIds)) { + continue; + } + $groupList = array_merge($groupList, Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['pid']))); + foreach ($groupList as $index => $item) { + $groupIds[] = $item['id']; + } + } + } + $groupName = []; + foreach ($groupList as $k => $v) { + $groupName[$v['id']] = $v['name']; + } + + $this->grouplist = $groupList; + $this->groupdata = $groupName; + $this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $this->auth->getGroupIds()]); + + $this->view->assign('groupdata', $this->groupdata); + } + + /** + * 查看 + */ + public function index() + { + if ($this->request->isAjax()) { + $list = $this->grouplist; + $total = count($list); + $result = array("total" => $total, "rows" => $list); + + return json($result); + } + return $this->view->fetch(); + } + + /** + * 添加 + */ + public function add() + { + if ($this->request->isPost()) { + $this->token(); + $params = $this->request->post("row/a", [], 'strip_tags'); + $params['rules'] = explode(',', $params['rules']); + if (!in_array($params['pid'], $this->childrenGroupIds)) { + $this->error(__('The parent group exceeds permission limit')); + } + $parentmodel = model("AuthGroup")->get($params['pid']); + if (!$parentmodel) { + $this->error(__('The parent group can not found')); + } + // 父级别的规则节点 + $parentrules = explode(',', $parentmodel->rules); + // 当前组别的规则节点 + $currentrules = $this->auth->getRuleIds(); + $rules = $params['rules']; + // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限 + $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules); + // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限 + $rules = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules); + $params['rules'] = implode(',', $rules); + if ($params) { + $this->model->create($params); + $this->success(); + } + $this->error(); + } + return $this->view->fetch(); + } + + /** + * 编辑 + */ + public function edit($ids = null) + { + if (!in_array($ids, $this->childrenGroupIds)) { + $this->error(__('You have no permission')); + } + $row = $this->model->get(['id' => $ids]); + if (!$row) { + $this->error(__('No Results were found')); + } + if ($this->request->isPost()) { + $this->token(); + $params = $this->request->post("row/a", [], 'strip_tags'); + //父节点不能是非权限内节点 + if (!in_array($params['pid'], $this->childrenGroupIds)) { + $this->error(__('The parent group exceeds permission limit')); + } + // 父节点不能是它自身的子节点或自己本身 + if (in_array($params['pid'], Tree::instance()->getChildrenIds($row->id, true))) { + $this->error(__('The parent group can not be its own child or itself')); + } + $params['rules'] = explode(',', $params['rules']); + + $parentmodel = model("AuthGroup")->get($params['pid']); + if (!$parentmodel) { + $this->error(__('The parent group can not found')); + } + // 父级别的规则节点 + $parentrules = explode(',', $parentmodel->rules); + // 当前组别的规则节点 + $currentrules = $this->auth->getRuleIds(); + $rules = $params['rules']; + // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限 + $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules); + // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限 + $rules = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules); + $params['rules'] = implode(',', $rules); + if ($params) { + Db::startTrans(); + try { + $row->save($params); + $children_auth_groups = model("AuthGroup")->all(['id' => ['in', implode(',', (Tree::instance()->getChildrenIds($row->id)))]]); + $childparams = []; + foreach ($children_auth_groups as $key => $children_auth_group) { + $childparams[$key]['id'] = $children_auth_group->id; + $childparams[$key]['rules'] = implode(',', array_intersect(explode(',', $children_auth_group->rules), $rules)); + } + model("AuthGroup")->saveAll($childparams); + Db::commit(); + $this->success(); + } catch (Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); + } + } + $this->error(); + return; + } + $this->view->assign("row", $row); + return $this->view->fetch(); + } + + /** + * 删除 + */ + public function del($ids = "") + { + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $ids = $ids ? $ids : $this->request->post("ids"); + if ($ids) { + $ids = explode(',', $ids); + $grouplist = $this->auth->getGroups(); + $group_ids = array_map(function ($group) { + return $group['id']; + }, $grouplist); + // 移除掉当前管理员所在组别 + $ids = array_diff($ids, $group_ids); + + // 循环判断每一个组别是否可删除 + $grouplist = $this->model->where('id', 'in', $ids)->select(); + $groupaccessmodel = model('AuthGroupAccess'); + foreach ($grouplist as $k => $v) { + // 当前组别下有管理员 + $groupone = $groupaccessmodel->get(['group_id' => $v['id']]); + if ($groupone) { + $ids = array_diff($ids, [$v['id']]); + continue; + } + // 当前组别下有子组别 + $groupone = $this->model->get(['pid' => $v['id']]); + if ($groupone) { + $ids = array_diff($ids, [$v['id']]); + continue; + } + } + if (!$ids) { + $this->error(__('You can not delete group that contain child group and administrators')); + } + $count = $this->model->where('id', 'in', $ids)->delete(); + if ($count) { + $this->success(); + } + } + $this->error(); + } + + /** + * 批量更新 + * @internal + */ + public function multi($ids = "") + { + // 组别禁止批量操作 + $this->error(); + } + + /** + * 读取角色权限树 + * + * @internal + */ + public function roletree() + { + $this->loadlang('auth/group'); + + $model = model('AuthGroup'); + $id = $this->request->post("id"); + $pid = $this->request->post("pid"); + $parentGroupModel = $model->get($pid); + $currentGroupModel = null; + if ($id) { + $currentGroupModel = $model->get($id); + } + if (($pid || $parentGroupModel) && (!$id || $currentGroupModel)) { + $id = $id ? $id : null; + $ruleList = collection(model('AuthRule')->order('weigh', 'desc')->order('id', 'asc')->select())->toArray(); + //读取父类角色所有节点列表 + $parentRuleList = []; + if (in_array('*', explode(',', $parentGroupModel->rules))) { + $parentRuleList = $ruleList; + } else { + $parentRuleIds = explode(',', $parentGroupModel->rules); + foreach ($ruleList as $k => $v) { + if (in_array($v['id'], $parentRuleIds)) { + $parentRuleList[] = $v; + } + } + } + + $ruleTree = new Tree(); + $groupTree = new Tree(); + //当前所有正常规则列表 + $ruleTree->init($parentRuleList); + //角色组列表 + $groupTree->init(collection(model('AuthGroup')->where('id', 'in', $this->childrenGroupIds)->select())->toArray()); + + //读取当前角色下规则ID集合 + $adminRuleIds = $this->auth->getRuleIds(); + //是否是超级管理员 + $superadmin = $this->auth->isSuperAdmin(); + //当前拥有的规则ID集合 + $currentRuleIds = $id ? explode(',', $currentGroupModel->rules) : []; + + if (!$id || !in_array($pid, $this->childrenGroupIds) || !in_array($pid, $groupTree->getChildrenIds($id, true))) { + $parentRuleList = $ruleTree->getTreeList($ruleTree->getTreeArray(0), 'name'); + $hasChildrens = []; + foreach ($parentRuleList as $k => $v) { + if ($v['haschild']) { + $hasChildrens[] = $v['id']; + } + } + $parentRuleIds = array_map(function ($item) { + return $item['id']; + }, $parentRuleList); + $nodeList = []; + foreach ($parentRuleList as $k => $v) { + if (!$superadmin && !in_array($v['id'], $adminRuleIds)) { + continue; + } + if ($v['pid'] && !in_array($v['pid'], $parentRuleIds)) { + continue; + } + $state = array('selected' => in_array($v['id'], $currentRuleIds) && !in_array($v['id'], $hasChildrens)); + $nodeList[] = array('id' => $v['id'], 'parent' => $v['pid'] ? $v['pid'] : '#', 'text' => __($v['title']), 'type' => 'menu', 'state' => $state); + } + $this->success('', null, $nodeList); + } else { + $this->error(__('Can not change the parent to child')); + } + } else { + $this->error(__('Group not found')); + } + } +} diff --git a/application/admin/controller/auth/api/Rule.php b/application/admin/controller/auth/api/Rule.php new file mode 100644 index 0000000..cd1da31 --- /dev/null +++ b/application/admin/controller/auth/api/Rule.php @@ -0,0 +1,159 @@ +auth->isSuperAdmin()) { + $this->error(__('Access is allowed only to the super management group')); + } + $this->model = model('AuthRule'); + // 必须将结果集转换为数组 + $ruleList = \think\Db::name("auth_rule")->field('type,condition,remark,createtime,updatetime', true)->order('weigh DESC,id ASC')->select(); + foreach ($ruleList as $k => &$v) { + $v['title'] = __($v['title']); + } + unset($v); + Tree::instance()->init($ruleList)->icon = ['    ', '    ', '    ']; + $this->rulelist = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0), 'title'); + $ruledata = [0 => __('None')]; + foreach ($this->rulelist as $k => &$v) { + if (!$v['ismenu']) { + continue; + } + $ruledata[$v['id']] = $v['title']; + unset($v['spacer']); + } + unset($v); + $this->view->assign('ruledata', $ruledata); + $this->view->assign("menutypeList", $this->model->getMenutypeList()); + } + + /** + * 查看 + */ + public function index() + { + if ($this->request->isAjax()) { + $list = $this->rulelist; + $total = count($this->rulelist); + $result = array("total" => $total, "rows" => $list); + + return json($result); + } + return $this->view->fetch(); + } + + /** + * 添加 + */ + public function add() + { + if ($this->request->isPost()) { + $this->token(); + $params = $this->request->post("row/a", [], 'strip_tags'); + if ($params) { + if (!$params['ismenu'] && !$params['pid']) { + $this->error(__('The non-menu rule must have parent')); + } + $result = $this->model->validate()->save($params); + if ($result === false) { + $this->error($this->model->getError()); + } + Cache::rm('__menu__'); + $this->success(); + } + $this->error(); + } + return $this->view->fetch(); + } + + /** + * 编辑 + */ + public function edit($ids = null) + { + $row = $this->model->get(['id' => $ids]); + if (!$row) { + $this->error(__('No Results were found')); + } + if ($this->request->isPost()) { + $this->token(); + $params = $this->request->post("row/a", [], 'strip_tags'); + if ($params) { + if (!$params['ismenu'] && !$params['pid']) { + $this->error(__('The non-menu rule must have parent')); + } + if ($params['pid'] == $row['id']) { + $this->error(__('Can not change the parent to self')); + } + if ($params['pid'] != $row['pid']) { + $childrenIds = Tree::instance()->init(collection(AuthRule::select())->toArray())->getChildrenIds($row['id']); + if (in_array($params['pid'], $childrenIds)) { + $this->error(__('Can not change the parent to child')); + } + } + //这里需要针对name做唯一验证 + $ruleValidate = \think\Loader::validate('AuthRule'); + $ruleValidate->rule([ + 'name' => 'require|unique:AuthRule,name,' . $row->id, + ]); + $result = $row->validate()->save($params); + if ($result === false) { + $this->error($row->getError()); + } + Cache::rm('__menu__'); + $this->success(); + } + $this->error(); + } + $this->view->assign("row", $row); + return $this->view->fetch(); + } + + /** + * 删除 + */ + public function del($ids = "") + { + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $ids = $ids ? $ids : $this->request->post("ids"); + if ($ids) { + $delIds = []; + foreach (explode(',', $ids) as $k => $v) { + $delIds = array_merge($delIds, Tree::instance()->getChildrenIds($v, true)); + } + $delIds = array_unique($delIds); + $count = $this->model->where('id', 'in', $delIds)->delete(); + if ($count) { + Cache::rm('__menu__'); + $this->success(); + } + } + $this->error(); + } +}