thinkPHP 3.1.3 Auth权限修改版
- WBOY原创
- 2016-06-07 11:41:291100浏览
thinkPHP 3.1.3 Auth权限修改版,支持只验证规则表有的数据!
这是我发布的问题:http://www.thinkphp.cn/topic/16890.html
视乎没什么好方法满足我的要求了,无奈打开Auth.class.php来修改!
我的QQ:171313244
我很无奈只能修改了,原作者我实在没办法啊!<?php <br />
// +----------------------------------------------------------------------<br>
// | ThinkPHP [ WE CAN DO IT JUST THINK IT ]<br>
// +----------------------------------------------------------------------<br>
// | Copyright (c) 2011 http://thinkphp.cn All rights reserved.<br>
// +----------------------------------------------------------------------<br>
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )<br>
// +----------------------------------------------------------------------<br>
// | Author: luofei614 <weibo.com> <br>
// +----------------------------------------------------------------------<br>
/**<br>
* 权限认证类<br>
* 功能特性:<br>
* 1,是对规则进行认证,不是对节点进行认证。用户可以把节点当作规则名称实现对节点进行认证。<br>
* $auth=new Auth(); $auth->check('规则名称','用户id')<br>
* 2,可以同时对多条规则进行认证,并设置多条规则的关系(or或者and)<br>
* $auth=new Auth(); $auth->check('规则1,规则2','用户id','and') <br>
* 第三个参数为and时表示,用户需要同时具有规则1和规则2的权限。 当第三个参数为or时,表示用户值需要具备其中一个条件即可。默认为or<br>
* 3,一个用户可以属于多个用户组(think_auth_group_access表 定义了用户所属用户组)。我们需要设置每个用户组拥有哪些规则(think_auth_group 定义了用户组权限)<br>
* <br>
* 4,支持规则表达式。<br>
* 在think_auth_rule 表中定义一条规则时,如果type为1, condition字段就可以定义规则表达式。 如定义{score}>5 and {score}
* @category ORG<br>
* @package ORG<br>
* @subpackage Util<br>
* @author luofei614<weibo.com><br>
*/<br>
<br>
//数据库<br>
/*<br>
-- ----------------------------<br>
-- think_auth_rule,规则表,<br>
-- id:主键,name:规则唯一标识, title:规则中文名称 status 状态:为1正常,为0禁用,condition:规则表达式,为空表示存在就验证,不为空表示按照条件验证<br>
-- ----------------------------<br>
DROP TABLE IF EXISTS `think_auth_rule`;<br>
CREATE TABLE `think_auth_rule` ( <br>
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT, <br>
`name` char(80) NOT NULL DEFAULT '', <br>
`title` char(20) NOT NULL DEFAULT '', <br>
`status` tinyint(1) NOT NULL DEFAULT '1', <br>
`condition` char(100) NOT NULL DEFAULT '', <br>
PRIMARY KEY (`id`), <br>
UNIQUE KEY `name` (`name`)<br>
) ENGINE=MyISAM DEFAULT CHARSET=utf8;<br>
-- ----------------------------<br>
-- think_auth_group 用户组表, <br>
-- id:主键, title:用户组中文名称, rules:用户组拥有的规则id, 多个规则","隔开,status 状态:为1正常,为0禁用<br>
-- ----------------------------<br>
DROP TABLE IF EXISTS `think_auth_group`;<br>
CREATE TABLE `think_auth_group` ( <br>
`id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT, <br>
`title` char(100) NOT NULL DEFAULT '', <br>
`status` tinyint(1) NOT NULL DEFAULT '1', <br>
`rules` char(80) NOT NULL DEFAULT '', <br>
PRIMARY KEY (`id`)<br>
) ENGINE=MyISAM DEFAULT CHARSET=utf8;<br>
-- ----------------------------<br>
-- think_auth_group_access 用户组明细表<br>
-- uid:用户id,group_id:用户组id<br>
-- ----------------------------<br>
DROP TABLE IF EXISTS `think_auth_group_access`;<br>
CREATE TABLE `think_auth_group_access` ( <br>
`uid` mediumint(8) unsigned NOT NULL, <br>
`group_id` mediumint(8) unsigned NOT NULL, <br>
UNIQUE KEY `uid_group_id` (`uid`,`group_id`), <br>
KEY `uid` (`uid`), <br>
KEY `group_id` (`group_id`)<br>
) ENGINE=MyISAM DEFAULT CHARSET=utf8;<br>
*/<br>
<br>
class Auth{<br>
<br>
//默认配置<br>
protected $_config = array(<br>
'AUTH_ON' => true, //认证开关<br>
'AUTH_TYPE' => 1, // 认证方式,1为时时认证;2为登录认证。<br>
'AUTH_GROUP' => 'think_auth_group', //用户组数据表名<br>
'AUTH_GROUP_ACCESS' => 'think_auth_group_access', //用户组明细表<br>
'AUTH_RULE' => 'think_auth_rule', //权限规则表<br>
'AUTH_USER' => 'think_members'//用户信息表<br>
);<br>
<br>
public function __construct() {<br>
if (C('AUTH_CONFIG')) {<br>
//可设置配置项 AUTH_CONFIG, 此配置项为数组。<br>
$this->_config = array_merge($this->_config, C('AUTH_CONFIG'));<br>
}<br>
}<br>
<br>
//获得权限$name 可以是字符串或数组或逗号分割, uid为 认证的用户id, $or 是否为or关系,为true是, name为数组,只要数组中有一个条件通过则通过,如果为false需要全部条件通过。<br>
public function check($name, $uid, $relation='or') {<br>
if (!$this->_config['AUTH_ON'])<br>
return true;<br>
$count = M()->table($this->_config['AUTH_RULE'])->where('name="'.$name.'"')->count();<br>
if ($count == 0) {<br>
return true;<br>
}<br>
$authList = $this->getAuthList($uid);<br>
if (is_string($name)) {<br>
if (strpos($name, ',') !== false) {<br>
$name = explode(',', $name);<br>
} else {<br>
$name = array($name);<br>
}<br>
}<br>
$list = array(); //有权限的name<br>
foreach ($authList as $val) {<br>
if (in_array($val, $name))<br>
$list[] = $val;<br>
}<br>
if ($relation=='or' and !empty($list)) {<br>
return true;<br>
}<br>
$diff = array_diff($name, $list);<br>
if ($relation=='and' and empty($diff)) {<br>
return true;<br>
}<br>
return false;<br>
}<br>
<br>
//获得用户组,外部也可以调用<br>
public function getGroups($uid) {<br>
static $groups = array();<br>
if (isset($groups[$uid]))<br>
return $groups[$uid];<br>
$user_groups = M()->table($this->_config['AUTH_GROUP_ACCESS'] . ' a')->where("a.uid='$uid' and g.status='1'")->join($this->_config['AUTH_GROUP']." g on a.group_id=g.id")->select();<br>
$groups[$uid]=$user_groups?$user_groups:array();<br>
return $groups[$uid];<br>
}<br>
<br>
//获得权限列表<br>
protected function getAuthList($uid) {<br>
static $_authList = array();<br>
if (isset($_authList[$uid])) {<br>
return $_authList[$uid];<br>
}<br>
if(isset($_SESSION['_AUTH_LIST_'.$uid])){<br>
return $_SESSION['_AUTH_LIST_'.$uid];<br>
}<br>
//读取用户所属用户组<br>
$groups = $this->getGroups($uid);<br>
$ids = array();<br>
foreach ($groups as $g) {<br>
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));<br>
}<br>
$ids = array_unique($ids);<br>
if (empty($ids)) {<br>
$_authList[$uid] = array();<br>
return array();<br>
}<br>
//读取用户组所有权限规则<br>
$map=array(<br>
'id'=>array('in',$ids),<br>
'status'=>1<br>
);<br>
$rules = M()->table($this->_config['AUTH_RULE'])->where($map)->select();<br>
//循环规则,判断结果。<br>
$authList = array();<br>
foreach ($rules as $r) {<br>
if (!empty($r['condition'])) {<br>
//条件验证<br>
$user = $this->getUserInfo($uid);<br>
$command = preg_replace('/\{(\w*?)\}/', '$user[\'\\1\']', $r['condition']);<br>
//dump($command);//debug<br>
@(eval('$condition=(' . $command . ');'));<br>
if ($condition) {<br>
$authList[] = $r['name'];<br>
}<br>
} else {<br>
//存在就通过<br>
$authList[] = $r['name'];<br>
}<br>
}<br>
$_authList[$uid] = $authList;<br>
if($this->_config['AUTH_TYPE']==2){<br>
//session结果<br>
$_SESSION['_AUTH_LIST_'.$uid]=$authList;<br>
}<br>
return $authList;<br>
}<br>
//获得用户资料,根据自己的情况读取数据库<br>
protected function getUserInfo($uid) {<br>
static $userinfo=array();<br>
if(!isset($userinfo[$uid])){<br>
$userinfo[$uid]=M()->table($this->_config['AUTH_USER'])->find($uid);<br>
}<br>
return $userinfo[$uid];<br>
}<br>
}</weibo.com></weibo.com>
AD:真正免费,域名+虚机+企业邮箱=0元