[ 'class' => AccessControl::className(), 'rules' => [ [ 'actions' => [], 'allow' => true, 'roles' => ['@'], ], ], ], ]; } /** * 添加角色 * @return string|\yii\web\Response */ public function actionAddRoles() { if(\Yii::$app->request->isPost){ $name = \Yii::$app->request->post('name'); $description = \Yii::$app->request->post('description'); if ((!empty($name)) && (!empty($description))) { self::createRole($name, $description); \Yii::$app->getSession()->setFlash('success', '创建角色成功！'); return $this->redirect(['auth/roles']); } else { \Yii::$app->getSession()->setFlash('error', '创建角色失败！'); // return $this->redirect(['auth/addroles']); } } return $this->render('addroles'); } /** * 角色列表 */ public function actionRoles() { $model = AuthItem::find()->where(['type' => 1]); $pages = new Pagination(["totalCount" => $model->count(), "pageSize" => self::PAGESIZE]); $model = $model->offset($pages->offset)->limit($pages->pageSize)->all(); return $this->render('roleslist', [ 'model' => $model, 'pages' => $pages ]); } /** * 生成角色 */ private static function createRole($roles, $description) { $auth = \Yii::$app->authManager; $role = $auth->createRole($roles); $role->description = $description; return $auth->add($role); } /** * 删除角色 * @return string */ public function actionDelRoles() { $name = \Yii::$app->request->post('name'); $authManager = \Yii::$app->authManager; $role = $authManager->getRole($name); if (!$role) { return json_encode([ "status" => 2, "msg" => '角色不存在' ]); } else { $result = $authManager->getUserIdsByRole($name); if(empty($result)){ if ($authManager->remove($role)) { return json_encode([ "status" => 1, "msg" => '角色删除成功' ]); } else { return json_encode([ "status" => 3, "msg" => '角色删除失败' ]); } }else{ return json_encode([ "status" => 0, "msg" => '该角色有与用户绑定，请先解绑再删除' ]); } } } /** * 修改角色 * @param null $userid * @return string|\yii\web\Response */ public function actionRoleUpdate($userid = NULL) { $name = \Yii::$app->request->get('name'); $authManager = \Yii::$app->authManager; $role = $authManager->getRole($name); if (!$role) { \Yii::$app->getSession()->setFlash('error', '角色不存在！'); return $this->redirect(['auth/roles']); } if (\Yii::$app->request->isPost) { $rolemodel = AuthItem::find()->where('type =:type and name = :name', [':type' => Item::TYPE_ROLE, ':name' => $name])->one(); $rolemodel->description = \Yii::$app->request->post('RoleForm')['description']; if ($rolemodel->validate() && $rolemodel->save()) { \Yii::$app->getSession()->setFlash('success', '修改成功！'); return $this->redirect(['auth/roles']); } else { \Yii::$app->getSession()->setFlash('error', '修改失败！'); return $this->redirect(['auth/roles']); } } else { $model = new RoleForm(); // //角色名称 $model->name = $role->name; $model->description = $role->description; return $this->render('updateroles', [ 'model' => $model, 'uid' => $userid ]); } } /** * 初始化权限 * @return string */ public function actionCreateAll(){ $cont=\Yii::$app->request->post('cont',''); $list = []; if(empty($cont)){ $FileArray = $this->getControllers(); foreach ($FileArray as $file){ if($file != 'SiteController.php') { //过滤Site $method = $this->getMethodList('backend\\controllers\\' . strstr($file, '.', true)); $list[] = $method; } } }else{ $list[] = $this->getMethodList('backend\\controllers\\'.$cont); } $authManager =\Yii::$app->authManager; foreach ($list as $data){ $name = $data['name']; $description= $data['comment']; foreach ($data['method'] as $method){ $per = $authManager->getPermission($name.'::'.$method['name']); if(!$per){ self::createPermission($data['name'] .'::'.$method['name'],$method['comment']); } } } return json_encode([ "status" => 1, "msg" =>'创建成功' ]); } /** * 控制器列表 * @return array */ private function getControllers(){ $Dir = \Yii::getAlias('@backend').'/controllers/'; $fileArray = []; if( is_dir($Dir) ) { if (false != ($Handle = opendir($Dir))) { while (false != ($File = readdir($Handle))) { if ($File != '.' && $File != '..' && strpos($File, '.')) { $fileArray[] = $File; } } closedir($Handle); } } return $fileArray; } /** * 权限列表 */ public function actionPermission() { $keyword = \Yii::$app->request->get('keyword'); $datas = AuthItem::find()->where(['type' => 2]); if(!empty($keyword)){ $datas->andWhere('description like :keyword',[':keyword'=>'%'.$keyword.'%']); } $pages = new Pagination(["totalCount" => $datas->count(), "pageSize" => self::PAGESIZE]); $datas = $datas->offset($pages->offset)->limit($pages->pageSize)->all(); return $this->render('permissionlist', [ 'datas' => $datas, 'pages' => $pages ]); } /** * 创建权限 * @return string */ public function actionAddPermission() { $name = \Yii::$app->request->post('prename'); $description = \Yii::$app->request->post('description'); if ((!empty($name)) && (!empty($description))) { $authManager = \Yii::$app->authManager; $per = $authManager->getPermission($name); if ($per) { return json_encode([ "status" => 3, "msg" => '该权限已创建' ]); } else { self::createPermission($name, $description); return json_encode([ "status" => 1, "msg" => '创建成功' ]); } } else { return json_encode([ "status" => 2, "msg" => '创建失败' ]); } } /** * 修改权限 */ public function actionUpdateper() { $cont = $this->getControllers(); $name = \Yii::$app->request->get('name'); $authManager = \Yii::$app->authManager; $per = $authManager->getPermission($name); if (!$per) { \Yii::$app->getSession()->setFlash('error', '修改失败，权限不存在！'); return $this->redirect(['auth/permission']); } $model = new PermissionForm(); $model->name = $per->name; $model->description = $per->description; // //权限表单 // $model = new PermissionForm(); // //权限名称 // $model->name = $per->name; // //权限描述 // $model->description = $per->description; // $contname = explode('::', $model->name); // if ($model->load(\Yii::$app->request->post())) { // $newname = \Yii::$app->request->post('PermissionForm')['name']; // if ($model->update($newname)) { // \Yii::$app->getSession()->setFlash('success', '修改成功！'); // return $this->redirect(['auth/add-permission']); // } else { // \Yii::$app->getSession()->setFlash('error', '修改失败！'); // return $this->redirect(['auth/add-permission']); // } // // } else { // return $this->render('updateper', [ // 'model' => $model, // ]); // } if(\Yii::$app->request->isPost){ //只修改权限名称 $description = \Yii::$app->request->post('PermissionForm')['description']; $row = AuthItem::updateAll(['description'=>$description],['type'=>2,'name'=>$name]); if ($row) { \Yii::$app->getSession()->setFlash('success', '修改成功！'); return $this->redirect(['auth/permission']); } else { \Yii::$app->getSession()->setFlash('error', '修改失败！'); return $this->redirect(['auth/add-permission']); } } return $this->render('updateper', [ 'model' => $model, ]); } /** * 删除权限 */ public function actionDelPermission() { $name = \Yii::$app->request->post('name'); $authManager = \Yii::$app->authManager; $per = $authManager->getPermission($name); if (!$per) { return json_encode([ "status" => 2, "msg" => '权限不存在' ]); } else { if ($authManager->remove($per)) { return json_encode([ "status" => 0, "msg" => '权限删除成功' ]); } else { return json_encode([ "status" => 3, "msg" => '权限删除失败' ]); } } } /** * 角色赋予权限 * @param $name * @param $userid * @return string */ public function actionRoleNode($name, $userid = NULL) { /** * 1.根据提交的数据，先删除当前角色下的当前模块下选择取消的角色权限关联 * 2.新增提交过来的角色与权限管理 */ $authManager = \Yii::$app->authManager; $role = $authManager->getRole($name); if (!$role) { \Yii::$app->getSession()->setFlash('error', '角色不存在！'); return $this->redirect(['auth/roles']); } if (\Yii::$app->request->isPost) { $nodes = \Yii::$app->request->post('permission'); // $authManager->removeChildren($role); $nodeArray = []; if ($nodes) { foreach ($nodes as $v) { $node = $authManager->getPermission($v); if (!empty($node) && !$authManager->hasChild($role,$node)){ $authManager->addChild($role, $node); }; $nodeArray[] = $v; } } $roleNodes = //清除未选择中的权限绑定 $datas = AuthItemChild::find()->where(['and',['parent'=>$name],['not in','child',$nodeArray]])->all(); foreach($datas as $data){ if(!in_array($data->child,$nodeArray)){ $node = $authManager->getPermission($data->child); $authManager->removeChild($role,$node); } } if ($userid) { return $this->redirect(['auth/index']); } else { \Yii::$app->getSession()->setFlash('success', '成功添加权限！'); return $this->redirect(['auth/roles']); } } $roleNodes = $authManager->getPermissionsByRole($name); $roleNodes = array_keys($roleNodes); $nodes = $authManager->getPermissions(); $nodesList = []; foreach ($nodes as $node){ $contname = strstr($node->name,'::',true); if(!isset($nodesList[$contname])){ $class = new \ReflectionClass('backend\\controllers\\'.$contname); $nodesList[$contname]['name'] = $this->getComment($class); } $nodesList[$contname]['methods'][] = $node; } return $this->render('rolenode', [ 'nodes' => $nodesList, 'roleNodes' => $roleNodes, 'name' => $name, 'uid' => $userid, ]); } /** * 用户赋予角色（单个） * @param $userid * @param $rolename * @return bool */ public static function userRole($userid,$rolename){ $auth = \Yii::$app->getAuthManager(); $role = $auth->getRolesByUser($userid); if(!empty($role) && current($role)->name == $rolename){ return true; } $role = $auth->getRole($rolename); if(empty($role)){ return false; } $auth->revokeAll($userid); //清空绑定 $auth->assign($role,$userid); //绑定 return true; } // /** // * 用户赋予角色 // */ // public function actionRole() // { // //从用户跳转过来，目的获取用户id // $uid = \Yii::$app->request->get('uid'); // $admin = User::find()->where(['id' => $uid])->one(); // if (!$admin) { // \Yii::$app->getSession()->setFlash('error', '用户未找到！'); // } // $authManager = \Yii::$app->authManager; // if (\Yii::$app->request->isPost) { // $roleNames = \Yii::$app->request->post('roles'); // $authManager->revokeAll($uid); // if (!empty($roleNames) && is_array($roleNames)) { // foreach ($roleNames as $roleName) { // $role = $authManager->getRole($roleName); // if (!$role) { // continue; // } // $authManager->assign($role, $uid); // } // } // if ($roleNames) { // $admin->role = implode(',', $roleNames); // } // // if ($admin->update()) { // \Yii::$app->getSession()->setFlash('success', '更新成功！'); // return $this->redirect(['auth/index']); // } else { // \Yii::$app->getSession()->setFlash('success', '更新失败！'); // return $this->redirect(['auth/role', 'uid' => $uid]); // } // } else { // $userRoles = $authManager->getRolesByUser($uid); // // $roleNames = ArrayHelper::getColumn(ArrayHelper::toArray($userRoles), 'name'); // $roles = $authManager->getRoles(); // return $this->render('role', ['roles' => $roles, 'roleNames' => $roleNames, 'uid' => $uid]); // } // } /** * 权限验证 * @param $level * @return bool */ static function checkPermission($level) { $level = 1; $role = \Yii::$app->user->identity->role; if ($level <= $role) { return true; } else { return false; } } /** * 创建权限 */ static function createPermission($name, $description) { $auth = \Yii::$app->authManager; $createPost = $auth->createPermission($name); $createPost->description = $description; $auth->add($createPost); } /** * 获取类中可访问方法及注释 * @param $classname * @return array */ private function getMethodList($classname){ $class = new \ReflectionClass($classname); $methods = $class->getMethods(\ReflectionMethod::IS_PUBLIC); $classMap = []; $classMap['name'] = $class->getShortName(); $classMap['comment'] = $this->getComment($class); $classMap['method'] = []; foreach ($methods as $method){ if(strlen($method->name) > 7 && substr($method->name,0,6) == 'action'){ $temp['name'] = $method->getName(); $temp['comment'] = $this->getComment($method); $classMap['method'][] = $temp; } } return $classMap; } /** * 提取注释 * @param $reflection * @return string */ private function getComment($reflection){ $comment = strtr(trim(preg_replace('/^\s*\**( |\t)?/m', '', trim($reflection->getDocComment(), '/'))), "\r", ''); if (preg_match('/^\s*@\w+/m', $comment, $matches, PREG_OFFSET_CAPTURE)) { $comment = trim(substr($comment, 0, $matches[0][1])); } return $comment; } }