test_lgq/niucloud/app/service/admin/auth/AuthService.php
2024-01-24 17:36:08 +08:00

174 lines
5.6 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
// +----------------------------------------------------------------------
// | Niucloud-admin 企业快速开发的saas管理平台
// +----------------------------------------------------------------------
// | 官方网址https://www.niucloud-admin.com
// +----------------------------------------------------------------------
// | niucloud团队 版权所有 开源版本可自由商用
// +----------------------------------------------------------------------
// | Author: Niucloud Team
// +----------------------------------------------------------------------
namespace app\service\admin\auth;
use app\dict\site\SiteDict;
use app\Request;
use app\service\admin\site\SiteUserService;
use app\service\admin\sys\MenuService;
use app\service\admin\sys\RoleService;
use app\service\admin\user\UserRoleService;
use app\service\admin\user\UserService;
use app\service\core\site\CoreSiteService;
use core\base\BaseAdminService;
use core\exception\AuthException;
use Exception;
/**
* 用户服务层
* Class AuthService
* @package app\service\admin\auth
*/
class AuthService extends BaseAdminService
{
/**
* 校验用户和传入站点是否存在从属关系
* @param Request $request
* @return true
*/
public function checkSiteAuth(Request $request){
$site_id = $request->adminSiteId();
//todo 将站点编号转化为站点id
$site_info = (new CoreSiteService())->getSiteCache($site_id);
//站点不存在
if(empty($site_info)) throw new AuthException('SITE_NOT_EXIST');
//没有当前站点的信息
if(!$this->getAuthRole($site_id)) throw new AuthException('NO_SITE_PERMISSION');
$request->siteId($site_id);
$request->appType($site_info['app_type']);
return true;
}
/**
* 校验权限
* @param Request $request
* @return bool
* @throws Exception
*/
public function checkRole(Request $request){
$rule = strtolower(trim($request->rule()->getRule()));
$method = strtolower(trim($request->method()));
$site_info = (new AuthSiteService())->getSiteInfo();
if($method != 'get'){
if($site_info['status'] == SiteDict::EXPIRE) throw new AuthException('SITE_EXPIRE_NOT_ALLOW');
if($site_info['status'] == SiteDict::CLOSE) throw new AuthException('SITE_CLOSE_NOT_ALLOW');
}
$menu_service = new MenuService();
$all_menu_list = $menu_service->getAllApiList($this->app_type);
//先判断当前访问的接口是否收到权限的限制
$method_menu_list = $all_menu_list[$method] ?? [];
if(!in_array($rule, $method_menu_list))
return true;
$auth_role_list = $this->getAuthApiList();
if(!empty($auth_role_list[$method]) && in_array($rule, $auth_role_list[$method]))
return true;
throw new AuthException('NO_PERMISSION');
}
/**
* 获取授权用户的权限信息
* @return mixed
*/
public function getAuthRole(int $site_id){
$user_role_service = new UserRoleService();
return $user_role_service->getUserRole($site_id, $this->uid);
}
/**
* 当前授权用户接口权限
* @return array
*/
public function getAuthApiList(){
$user_role_info = $this->getAuthRole($this->site_id);
if(empty($user_role_info))
return [];
$is_admin = $user_role_info['is_admin'];//是否是超级管理员组
$menu_service = new MenuService();
if($is_admin){//查询全部启用的权限
//获取站点信息
return (new AuthSiteService())->getApiList(1);
}else{
$user_role_ids = $user_role_info['role_ids'];
$role_service = new RoleService();
$menu_keys = $role_service->getMenuIdsByRoleIds($this->site_id, $user_role_ids);
return $menu_service->getApiListByMenuKeys($menu_keys, $this->app_type);
}
}
/**
* 当前授权用户菜单权限
* @return array
*/
public function getAuthMenuList(int $is_tree = 0, $addon = 'all'){
$user_role_info = $this->getAuthRole($this->site_id);
if(empty($user_role_info))
return [];
$is_admin = $user_role_info['is_admin'];//是否是超级管理员组
$menu_service = new MenuService();
if($is_admin){//查询全部启用的权限
return (new AuthSiteService())->getMenuList($is_tree, 1, $addon);
}else{
$user_role_ids = $user_role_info['role_ids'];
$role_service = new RoleService();
$menu_keys = $role_service->getMenuIdsByRoleIds($this->site_id, $user_role_ids);
return $menu_service->getMenuListByMenuKeys($this->site_id, $menu_keys, $this->app_type, $is_tree, $addon);
}
}
/**
* 获取授权用户信息
*/
public function getAuthInfo(){
return (new SiteUserService())->getInfo($this->uid);
}
/**
* 修改用户权限
* @param string $field
* @param $data
* @return bool
*/
public function modifyAuth(string $field, $data){
return (new SiteUserService())->modify($this->uid, $field, $data);
}
/**
* 修改用户
* @param array $data
* @return true
*/
public function editAuth(array $data){
if(!empty($data['password'])){
//检测原始密码是否正确
$user = (new UserService())->find($this->uid);
if(!check_password($data['original_password'], $user->password))
throw new AuthException('OLD_PASSWORD_ERROR');
}
return (new UserService())->edit($this->uid, $data);
}
}