test_lgq/niucloud/app/service/admin/auth/AuthService.php

174 lines
5.6 KiB
PHP
Raw Normal View History

2024-01-24 17:36:08 +08:00
<?php
// +----------------------------------------------------------------------
// | Niucloud-admin 企业快速开发的saas管理平台
// +----------------------------------------------------------------------
// | 官方网址https://www.niucloud-admin.com
// +----------------------------------------------------------------------
// | niucloud团队 版权所有 开源版本可自由商用
// +----------------------------------------------------------------------
// | Author: Niucloud Team
// +----------------------------------------------------------------------
namespace app\service\admin\auth;
use app\dict\site\SiteDict;
use app\Request;
use app\service\admin\site\SiteUserService;
use app\service\admin\sys\MenuService;
use app\service\admin\sys\RoleService;
use app\service\admin\user\UserRoleService;
use app\service\admin\user\UserService;
use app\service\core\site\CoreSiteService;
use core\base\BaseAdminService;
use core\exception\AuthException;
use Exception;
/**
* 用户服务层
* Class AuthService
* @package app\service\admin\auth
*/
class AuthService extends BaseAdminService
{
/**
* 校验用户和传入站点是否存在从属关系
* @param Request $request
* @return true
*/
public function checkSiteAuth(Request $request){
$site_id = $request->adminSiteId();
//todo 将站点编号转化为站点id
$site_info = (new CoreSiteService())->getSiteCache($site_id);
//站点不存在
if(empty($site_info)) throw new AuthException('SITE_NOT_EXIST');
//没有当前站点的信息
if(!$this->getAuthRole($site_id)) throw new AuthException('NO_SITE_PERMISSION');
$request->siteId($site_id);
$request->appType($site_info['app_type']);
return true;
}
/**
* 校验权限
* @param Request $request
* @return bool
* @throws Exception
*/
public function checkRole(Request $request){
$rule = strtolower(trim($request->rule()->getRule()));
$method = strtolower(trim($request->method()));
$site_info = (new AuthSiteService())->getSiteInfo();
if($method != 'get'){
if($site_info['status'] == SiteDict::EXPIRE) throw new AuthException('SITE_EXPIRE_NOT_ALLOW');
if($site_info['status'] == SiteDict::CLOSE) throw new AuthException('SITE_CLOSE_NOT_ALLOW');
}
$menu_service = new MenuService();
$all_menu_list = $menu_service->getAllApiList($this->app_type);
//先判断当前访问的接口是否收到权限的限制
$method_menu_list = $all_menu_list[$method] ?? [];
if(!in_array($rule, $method_menu_list))
return true;
$auth_role_list = $this->getAuthApiList();
if(!empty($auth_role_list[$method]) && in_array($rule, $auth_role_list[$method]))
return true;
throw new AuthException('NO_PERMISSION');
}
/**
* 获取授权用户的权限信息
* @return mixed
*/
public function getAuthRole(int $site_id){
$user_role_service = new UserRoleService();
return $user_role_service->getUserRole($site_id, $this->uid);
}
/**
* 当前授权用户接口权限
* @return array
*/
public function getAuthApiList(){
$user_role_info = $this->getAuthRole($this->site_id);
if(empty($user_role_info))
return [];
$is_admin = $user_role_info['is_admin'];//是否是超级管理员组
$menu_service = new MenuService();
if($is_admin){//查询全部启用的权限
//获取站点信息
return (new AuthSiteService())->getApiList(1);
}else{
$user_role_ids = $user_role_info['role_ids'];
$role_service = new RoleService();
$menu_keys = $role_service->getMenuIdsByRoleIds($this->site_id, $user_role_ids);
return $menu_service->getApiListByMenuKeys($menu_keys, $this->app_type);
}
}
/**
* 当前授权用户菜单权限
* @return array
*/
public function getAuthMenuList(int $is_tree = 0, $addon = 'all'){
$user_role_info = $this->getAuthRole($this->site_id);
if(empty($user_role_info))
return [];
$is_admin = $user_role_info['is_admin'];//是否是超级管理员组
$menu_service = new MenuService();
if($is_admin){//查询全部启用的权限
return (new AuthSiteService())->getMenuList($is_tree, 1, $addon);
}else{
$user_role_ids = $user_role_info['role_ids'];
$role_service = new RoleService();
$menu_keys = $role_service->getMenuIdsByRoleIds($this->site_id, $user_role_ids);
return $menu_service->getMenuListByMenuKeys($this->site_id, $menu_keys, $this->app_type, $is_tree, $addon);
}
}
/**
* 获取授权用户信息
*/
public function getAuthInfo(){
return (new SiteUserService())->getInfo($this->uid);
}
/**
* 修改用户权限
* @param string $field
* @param $data
* @return bool
*/
public function modifyAuth(string $field, $data){
return (new SiteUserService())->modify($this->uid, $field, $data);
}
/**
* 修改用户
* @param array $data
* @return true
*/
public function editAuth(array $data){
if(!empty($data['password'])){
//检测原始密码是否正确
$user = (new UserService())->find($this->uid);
if(!check_password($data['original_password'], $user->password))
throw new AuthException('OLD_PASSWORD_ERROR');
}
return (new UserService())->edit($this->uid, $data);
}
}