Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
zhengchengwu
/
renren
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Activity
人人商城
11 Commitit
1 Branchit
Haara: master
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
renren/web/source/user/permission.ctrl.php

permission.ctrl.php 9.0KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284 
  1. <?php

  2. /**

  3.  * [WeEngine System] Copyright (c) 2014 WE7.CC

  4.  * WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details.

  5.  */

  6. defined('IN_IA') or exit('Access Denied');

  7. 

  8. $_W['page']['title'] = '查看用户权限 - 用户管理 - 用户管理';

  9. load()->model('setting');

  10. 

  11. $uid = intval($_GPC['uid']);

  12. $user = user_single($uid);

  13. if(empty($user)) {

  14. 	message('访问错误, 未找到指定操作用户.');

  15. }

  16. 

  17. $founders = explode(',', $_W['config']['setting']['founder']);

  18. $isfounder = in_array($user['uid'], $founders);

  19. if($isfounder) {

  20. 	message('访问错误, 无法编辑站长.');

  21. }

  22. 

  23. $do = $_GPC['do'];

  24. $dos = array('deny', 'delete', 'auth', 'revo', 'revos', 'select', 'role', 'menu', 'edit', 'module');

  25. $do = in_array($do, $dos) ? $do: 'edit';

  26. 

  27. if($do == 'edit') {

  28. 		if (!empty($user['groupid'])) {

  29. 		$group = pdo_fetch("SELECT * FROM ".tablename('users_group')." WHERE id = '{$user['groupid']}'");

  30. 		if (!empty($group)) {

  31. 			$package = iunserializer($group['package']);

  32. 			$group['package'] = uni_groups($package);

  33. 		}

  34. 	}

  35. 	$weids = pdo_fetchall("SELECT uniacid, role FROM ".tablename('uni_account_users')." WHERE uid = '$uid'", array(), 'uniacid');

  36. 	if (!empty($weids)) {

  37. 		$wechats = pdo_fetchall("SELECT * FROM ".tablename('uni_account')." WHERE uniacid IN (".implode(',', array_keys($weids)).")");

  38. 	}

  39. 	template('user/permission');

  40. }

  41. 

  42. if($do == 'deny') {

  43. 	if($_W['ispost'] && $_W['isajax']) {

  44. 		$founders = explode(',', $_W['config']['setting']['founder']);

  45. 		if(in_array($uid, $founders)) {

  46. 			exit('管理员用户不能禁用.');

  47. 		}

  48. 		$somebody = array();

  49. 		$somebody['uid'] = $uid;

  50. 		

  51. 		if (intval($user['status']) == 2) {

  52. 			$somebody['status'] = 1;

  53. 		} else {

  54. 			$somebody['status'] = 2;

  55. 		}

  56. 		if(user_update($somebody)) {

  57. 			exit('success');

  58. 		}

  59. 	}

  60. }

  61. 

  62. if ($do == 'select') {

  63. 	$uid = intval($_GPC['uid']);

  64. 	$condition = '';

  65. 	$params = array();

  66. 	if(!empty($_GPC['keyword'])) {

  67. 		$condition = ' AND `name` LIKE :name';

  68. 		$params[':name'] = "%{$_GPC['keyword']}%";

  69. 	}

  70. 	$pindex = max(1, intval($_GPC['page']));

  71. 	$psize = 10;

  72. 	$total = 0;

  73. 	

  74. 	$list = pdo_fetchall("SELECT * FROM ".tablename('uni_account')." WHERE 1 $condition LIMIT ".(($pindex - 1) * $psize).",{$psize}");

  75. 	$total = pdo_fetchcolumn("SELECT COUNT(*) FROM ".tablename('uni_account')." WHERE 1 $condition");

  76. 	$pager = pagination($total, $pindex, $psize, '', array('ajaxcallback'=>'null'));

  77. 	

  78. 	$permission = pdo_fetchall("SELECT uniacid FROM ".tablename('uni_account_users')." WHERE uid = '$uid'", array(), 'uniacid');

  79. 	template('user/select');

  80. }

  81. 

  82. if($do == 'module') {

  83. 	if($_W['isajax']) {

  84. 		load()->model('module');

  85. 		$m = trim($_GPC['m']);

  86. 		$uniacid = intval($_GPC['uniacid']);

  87. 		$uid = intval($_GPC['uid']);

  88. 		$module = pdo_fetch('SELECT * FROM ' . tablename('modules') . ' WHERE name = :m', array(':m' => $m));

  89. 				$purview = pdo_fetch('SELECT * FROM ' . tablename('users_permission') . ' WHERE uniacid = :aid AND uid = :uid AND type = :type', array(':aid' => $uniacid, ':uid' => $uid, ':type' => $m));

  90. 		if(!empty($purview['permission'])) {

  91. 			$purview['permission'] = explode('|', $purview['permission']);

  92. 		} else {

  93. 			$purview['permission'] = array();

  94. 		}

  95. 

  96. 		$mineurl = array();

  97. 		$all = 0;

  98. 		if(!empty($mods)) {

  99. 			foreach($mods as $mod) {

  100. 				if($mod['url'] == 'all') {

  101. 					$all = 1;

  102. 					break;

  103. 				} else {

  104. 					$mineurl[] = $mod['url'];

  105. 				}

  106. 			}

  107. 		}

  108. 		$data = array();

  109. 		if($module['settings']) {

  110. 			$data[] = array('title' => '参数设置', 'permission' => $m.'_settings');

  111. 		}

  112. 		if($module['isrulefields']) {

  113. 			$data[] = array('title' => '回复规则列表', 'permission' => $m.'_rule');

  114. 		}

  115. 		$entries = module_entries($m);

  116. 		if(!empty($entries['home'])) {

  117. 			$data[] = array('title' => '微站首页导航', 'permission' => $m.'_home');

  118. 		}

  119. 		if(!empty($entries['profile'])) {

  120. 			$data[] = array('title' => '个人中心导航', 'permission' => $m.'_profile');

  121. 		}

  122. 		if(!empty($entries['shortcut'])) {

  123. 			$data[] = array('title' => '快捷菜单', 'permission' => $m.'_shortcut');

  124. 		}

  125. 		if(!empty($entries['cover'])) {

  126. 			foreach($entries['cover'] as $cover) {

  127. 				$data[] = array('title' => $cover['title'], 'permission' => $m.'_cover_'.$cover['do']);

  128. 			}

  129. 		}

  130. 		if(!empty($entries['menu'])) {

  131. 			foreach($entries['menu'] as $menu) {

  132. 				$data[] = array('title' => $menu['title'], 'permission' => $m.'_menu_'.$menu['do']);

  133. 			}

  134. 		}

  135. 		unset($entries);

  136. 		if(!empty($module['permissions'])) {

  137. 			$module['permissions'] = (array)iunserializer($module['permissions']);

  138. 			$data = array_merge($data, $module['permissions']);

  139. 		}

  140. 		foreach($data as &$da) {

  141. 			$da['checked'] = 0;

  142. 			if(in_array($da['permission'], $purview['permission']) || in_array('all', $purview['permission'])) {

  143. 				$da['checked'] = 1;

  144. 			}

  145. 		}

  146. 		$out['errno'] = 0;

  147. 		$out['errmsg'] = '';

  148. 		if(empty($data)) {

  149. 			$out['errno'] = 1;

  150. 		} else {

  151. 			$out['errmsg'] = $data;

  152. 		}

  153. 		exit(json_encode($out));

  154. 	}

  155. }

  156. 

  157. if ($do == 'menu') {

  158. 	$uniacid = intval($_GPC['uniacid']);

  159. 	$uid = intval($_GPC['uid']);

  160. 	load()->model('user');

  161. 	load()->model('module');

  162. 	load()->model('frame');

  163. 

  164. 	$user = user_single(array('uid' => $uid));

  165. 	if (empty($user)) {

  166. 		message('您操作的用户不存在或是已经被删除!');

  167. 	}

  168. 	if (!pdo_fetchcolumn("SELECT id FROM ".tablename('uni_account_users')." WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid))) {

  169. 		message('此用户没有操作该统一公众号的权限,请选指派“管理者”权限!');

  170. 	}

  171. 		$system_permission = pdo_fetch('SELECT * FROM ' . tablename('users_permission') . ' WHERE uniacid = :aid AND uid = :uid AND type = :type', array(':aid' => $uniacid, ':uid' => $uid, ':type' => 'system'));

  172. 	if(!empty($system_permission['permission'])) {

  173. 		$system_permission['permission'] = explode('|', $system_permission['permission']);

  174. 	} else {

  175. 		$system_permission['permission'] = array();

  176. 	}

  177. 

  178. 		$mods = pdo_fetchall('SELECT * FROM ' . tablename('users_permission') . ' WHERE uniacid = :aid AND uid = :uid AND type != :type', array(':aid' => $uniacid, ':uid' => $uid, ':type' => 'system'), 'type');

  179. 	$mod_keys = array_keys($mods);

  180. 

  181. 	if (checksubmit('submit')) {

  182. 				$system_temp = array();

  183. 		if(!empty($_GPC['system'])) {

  184. 			foreach($_GPC['system'] as $li) {

  185. 				$li = trim($li);

  186. 				if(!empty($li)) {

  187. 					$system_temp[] = $li;

  188. 				}

  189. 			}

  190. 		}

  191. 		if(!empty($system_temp)) {

  192. 			if(empty($system_permission['id'])) {

  193. 				$insert = array(

  194. 					'uniacid' => $uniacid,

  195. 					'uid' => $uid,

  196. 					'type' => 'system',

  197. 				);

  198. 				$insert['permission'] = implode('|', $_GPC['system']);

  199. 				pdo_insert('users_permission', $insert);

  200. 			} else {

  201. 				$update = array(

  202. 					'permission' => implode('|', $_GPC['system'])

  203. 				);

  204. 				pdo_update('users_permission', $update, array('uniacid' => $uniacid, 'uid' => $uid));

  205. 			}

  206. 		} else {

  207. 			pdo_delete('users_permission', array('uniacid' => $uniacid, 'uid' => $uid));

  208. 		}

  209. 		pdo_query('DELETE FROM ' . tablename('users_permission') . ' WHERE uniacid = :uniacid AND uid = :uid AND type != :type', array(':uniacid' => $uniacid, ':uid' => $uid, ':type' => 'system'));

  210. 				if(!empty($_GPC['module'])) {

  211. 						$arr = array();

  212. 			foreach($_GPC['module'] as $li) {

  213. 				$insert = array(

  214. 					'uniacid' => $uniacid,

  215. 					'uid' => $uid,

  216. 					'type' => $li,

  217. 				);

  218. 				if(empty($_GPC['module_'. $li]) || $_GPC[$li . '_select'] == 1) {

  219. 					$insert['permission'] = 'all';

  220. 					pdo_insert('users_permission', $insert);

  221. 					continue;

  222. 				} else {

  223. 					$data = array();

  224. 					foreach($_GPC['module_'. $li] as $v) {

  225. 						$data[] = $v;

  226. 					}

  227. 					if(!empty($data)) {

  228. 						$insert['permission'] = implode('|', $data);

  229. 						pdo_insert('users_permission', $insert);

  230. 					}

  231. 				}

  232. 			}

  233. 		}

  234. 		message('操作菜单权限成功!', url('user/permission/menu', array('uid' => $uid, 'uniacid' => $uniacid)), 'success');

  235. 	}

  236. 

  237. 	$menus = frame_lists();

  238. 	foreach($menus as &$li) {

  239. 		$li['childs'] = array();

  240. 		if(!empty($li['child'])) {

  241. 			foreach($li['child'] as $da) {

  242. 				if(!empty($da['grandchild'])) {

  243. 					foreach($da['grandchild'] as &$ca) {

  244. 						$li['childs'][] = $ca;

  245. 					}

  246. 				}

  247. 			}

  248. 			unset($li['child']);

  249. 		}

  250. 	}

  251. 	$_W['uniacid'] = $uniacid;

  252. 	$module = uni_modules();

  253. 	template('user/menu');

  254. }

  255. 

  256. if ($do == 'auth') {

  257. 	$uniacid = intval($_GPC['uniacid']);

  258. 	$uid = intval($uid);

  259. 	

  260. 	$isexists = pdo_fetch("SELECT * FROM ".tablename('uni_account_users')." WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid));

  261. 	if (empty($isexists)) {

  262. 		pdo_insert('uni_account_users', array('uniacid' => $uniacid, 'uid' => $uid));

  263. 	}

  264. 	exit('success');

  265. }

  266. 

  267. if ($do == 'revo') {

  268. 	$uniacid = intval($_GPC['uniacid']);

  269. 	$uid = intval($uid);

  270. 	

  271. 	$isexists = pdo_fetch("SELECT * FROM ".tablename('uni_account_users')." WHERE uid = :uid AND uniacid = :uniacid", array(':uid' => $uid, ':uniacid' => $uniacid));

  272. 	if (!empty($isexists)) {

  273. 		pdo_delete('uni_account_users', array('uniacid' => $uniacid, 'uid' => $uid));

  274. 	}

  275. 	exit('success');

  276. }

  277. 

  278. if ($do == 'role') {

  279. 	$uid = intval($_GPC['uid']);

  280. 	$uniacid = intval($_GPC['uniacid']);

  281. 	$role = !empty($_GPC['role']) && in_array($_GPC['role'], array('operator', 'manager')) ? $_GPC['role'] : 'operator';

  282. 	pdo_update('uni_account_users', array('role' => $role), array('uid' => $uid, 'uniacid' => $uniacid));

  283. }