haoshengxin/backend/controllers/AuthController.php

<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2017/10/9
 * Time: 1:21
 */

namespace backend\controllers;

use backend\models\PermissionForm;
use backend\models\RoleForm;
use backend\models\AuthItem;
use backend\models\AuthItemChild;
use yii\data\Pagination;
use yii\filters\AccessControl;
use yii\rbac\Item;

/**
 * 权限管理
 * @package backend\controllers
 */
class AuthController extends BaseController
{
    public $layout = 'iframe';
    const PAGESIZE = 20;

    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [
                    [
                        'actions' => [],
                        'allow' => true,
                        'roles' => ['@'],
                    ],
                ],
            ],
        ];
    }

    /**
     * 添加角色
     * @return string|\yii\web\Response
     */
    public function actionAddRoles()
    {
        if(\Yii::$app->request->isPost){
            $name = \Yii::$app->request->post('name');
            $description = \Yii::$app->request->post('description');
            if ((!empty($name)) && (!empty($description))) {
                self::createRole($name, $description);
                \Yii::$app->getSession()->setFlash('success', '创建角色成功！');
                return $this->redirect(['auth/roles']);
            } else {
                \Yii::$app->getSession()->setFlash('error', '创建角色失败！');
//                return $this->redirect(['auth/addroles']);
            }
        }
        return $this->render('addroles');
    }

    /**
     * 角色列表
     */
    public function actionRoles()
    {
        $model = AuthItem::find()->where(['type' => 1]);
        $pages = new Pagination(["totalCount" => $model->count(), "pageSize" => self::PAGESIZE]);
        $model = $model->offset($pages->offset)->limit($pages->pageSize)->all();
        return $this->render('roleslist', [
            'model' => $model, 'pages' => $pages
        ]);
    }

    /**
     * 生成角色
     */
    private static function createRole($roles, $description)
    {
        $auth = \Yii::$app->authManager;
        $role = $auth->createRole($roles);
        $role->description = $description;
        return $auth->add($role);
    }


    /**
     *  删除角色
     * @return string
     */
    public function actionDelRoles()
    {
        $name = \Yii::$app->request->post('name');
        $authManager = \Yii::$app->authManager;
        $role = $authManager->getRole($name);
        if (!$role) {
            return json_encode([
                "status" => 2,
                "msg" => '角色不存在'
            ]);
        } else {
            $result = $authManager->getUserIdsByRole($name);
            if(empty($result)){
                if ($authManager->remove($role)) {
                    return json_encode([
                        "status" => 1,
                        "msg" => '角色删除成功'
                    ]);
                } else {
                    return json_encode([
                        "status" => 3,
                        "msg" => '角色删除失败'
                    ]);
                }
            }else{
                return json_encode([
                    "status" => 0,
                    "msg" => '该角色有与用户绑定，请先解绑再删除'
                ]);
            }

        }
    }


    /**
     * 修改角色
     * @param null $userid
     * @return string|\yii\web\Response
     */
    public function actionRoleUpdate($userid = NULL)
    {
        $name = \Yii::$app->request->get('name');
        $authManager = \Yii::$app->authManager;
        $role = $authManager->getRole($name);
        if (!$role) {
            \Yii::$app->getSession()->setFlash('error', '角色不存在！');
            return $this->redirect(['auth/roles']);
        }

        if (\Yii::$app->request->isPost) {
            $rolemodel = AuthItem::find()->where('type =:type and name = :name', [':type' => Item::TYPE_ROLE, ':name' => $name])->one();
            $rolemodel->description = \Yii::$app->request->post('RoleForm')['description'];
            if ($rolemodel->validate() && $rolemodel->save()) {
                \Yii::$app->getSession()->setFlash('success', '修改成功！');
                return $this->redirect(['auth/roles']);
            } else {
                \Yii::$app->getSession()->setFlash('error', '修改失败！');
                return $this->redirect(['auth/roles']);
            }
        } else {
            $model = new RoleForm();
//                //角色名称
            $model->name = $role->name;
            $model->description = $role->description;
            return $this->render('updateroles', [
                'model' => $model,
                'uid' => $userid
            ]);
        }

    }

    /**
     * 初始化权限
     * @return string
     */
    public function actionCreateAll(){
        $cont=\Yii::$app->request->post('cont','');

        $list = [];
        if(empty($cont)){

            $FileArray = $this->getControllers();

            foreach ($FileArray as $file){
                if($file != 'SiteController.php') { //过滤Site
                    $method = $this->getMethodList('backend\\controllers\\' . strstr($file, '.', true));
                    $list[] = $method;
                }
            }
        }else{
            $list[] = $this->getMethodList('backend\\controllers\\'.$cont);
        }

        $authManager =\Yii::$app->authManager;
        foreach ($list as $data){
            $name = $data['name'];
            $description= $data['comment'];
            foreach ($data['method'] as $method){
                $per = $authManager->getPermission($name.'::'.$method['name']);
                if(!$per){
                    self::createPermission($data['name'] .'::'.$method['name'],$method['comment']);
                }
            }
        }
        return json_encode([
            "status" => 1,
            "msg" =>'创建成功'
        ]);
    }

    /**
     * 控制器列表
     * @return array
     */
    private function getControllers(){

        $Dir = \Yii::getAlias('@backend').'/controllers/';
        $fileArray = [];
        if( is_dir($Dir) ) {
            if (false != ($Handle = opendir($Dir))) {
                while (false != ($File = readdir($Handle))) {
                    if ($File != '.' && $File != '..' && strpos($File, '.')) {
                        $fileArray[] = $File;
                    }
                }
                closedir($Handle);
            }
        }
        return $fileArray;
    }

    /**
     * 权限列表
     */
    public function actionPermission()
    {
        $keyword = \Yii::$app->request->get('keyword');
        $datas = AuthItem::find()->where(['type' => 2]);
        if(!empty($keyword)){
            $datas->andWhere('description like :keyword',[':keyword'=>'%'.$keyword.'%']);
        }
        $pages = new Pagination(["totalCount" => $datas->count(), "pageSize" => self::PAGESIZE]);
        $datas = $datas->offset($pages->offset)->limit($pages->pageSize)->all();
        return $this->render('permissionlist', [
            'datas' => $datas, 'pages' => $pages
        ]);
    }

    /**
     * 创建权限
     * @return string
     */
    public function actionAddPermission()
    {
        $name = \Yii::$app->request->post('prename');
        $description = \Yii::$app->request->post('description');
        if ((!empty($name)) && (!empty($description))) {
            $authManager = \Yii::$app->authManager;
            $per = $authManager->getPermission($name);
            if ($per) {
                return json_encode([
                    "status" => 3,
                    "msg" => '该权限已创建'
                ]);
            } else {
                self::createPermission($name, $description);
                return json_encode([
                    "status" => 1,
                    "msg" => '创建成功'
                ]);
            }

        } else {
            return json_encode([
                "status" => 2,
                "msg" => '创建失败'
            ]);
        }
    }


    /**
     * 修改权限
     */
    public function actionUpdateper()
    {
        $cont = $this->getControllers();
        $name = \Yii::$app->request->get('name');
        $authManager = \Yii::$app->authManager;

        $per = $authManager->getPermission($name);
        if (!$per) {
            \Yii::$app->getSession()->setFlash('error', '修改失败，权限不存在！');
            return $this->redirect(['auth/permission']);
        }
        $model = new PermissionForm();
        $model->name = $per->name;
        $model->description = $per->description;
//            //权限表单
//            $model = new PermissionForm();
//            //权限名称
//            $model->name = $per->name;
//            //权限描述
//            $model->description = $per->description;
//            $contname = explode('::', $model->name);
//            if ($model->load(\Yii::$app->request->post())) {
//                $newname = \Yii::$app->request->post('PermissionForm')['name'];
//                if ($model->update($newname)) {
//                    \Yii::$app->getSession()->setFlash('success', '修改成功！');
//                    return $this->redirect(['auth/add-permission']);
//                } else {
//                    \Yii::$app->getSession()->setFlash('error', '修改失败！');
//                    return $this->redirect(['auth/add-permission']);
//                }
//
//            } else {
//                return $this->render('updateper', [
//                    'model' => $model,
//                ]);
//            }
            if(\Yii::$app->request->isPost){
                //只修改权限名称
                $description = \Yii::$app->request->post('PermissionForm')['description'];
                $row = AuthItem::updateAll(['description'=>$description],['type'=>2,'name'=>$name]);
                if ($row) {
                    \Yii::$app->getSession()->setFlash('success', '修改成功！');
                    return $this->redirect(['auth/permission']);
                } else {
                    \Yii::$app->getSession()->setFlash('error', '修改失败！');
                    return $this->redirect(['auth/add-permission']);
                }
            }

        return $this->render('updateper', [
                    'model' => $model,
                ]);
    }

    /**
     * 删除权限
     */
    public function actionDelPermission()
    {
        $name = \Yii::$app->request->post('name');
        $authManager = \Yii::$app->authManager;
        $per = $authManager->getPermission($name);
        if (!$per) {
            return json_encode([
                "status" => 2,
                "msg" => '权限不存在'
            ]);
        } else {
            if ($authManager->remove($per)) {
                return json_encode([
                    "status" => 0,
                    "msg" => '权限删除成功'
                ]);
            } else {
                return json_encode([
                    "status" => 3,
                    "msg" => '权限删除失败'
                ]);
            }
        }
    }

    /**
     * 角色赋予权限
     * @param $name
     * @param $userid
     * @return string
     */
    public function actionRoleNode($name, $userid = NULL)
    {
        /**
         * 1.根据提交的数据，先删除当前角色下的当前模块下选择取消的角色权限关联
         * 2.新增提交过来的角色与权限管理
         */
        $authManager = \Yii::$app->authManager;

        $role = $authManager->getRole($name);
        if (!$role) {
            \Yii::$app->getSession()->setFlash('error', '角色不存在！');
            return $this->redirect(['auth/roles']);
        }
        if (\Yii::$app->request->isPost) {

            $nodes = \Yii::$app->request->post('permission');
//            $authManager->removeChildren($role);
            $nodeArray = [];
            if ($nodes) {
                foreach ($nodes as $v) {
                    $node = $authManager->getPermission($v);
                    if (!empty($node) && !$authManager->hasChild($role,$node)){
                        $authManager->addChild($role, $node);
                    };
                    $nodeArray[] = $v;
                }
            }

            $roleNodes =
            //清除未选择中的权限绑定
            $datas = AuthItemChild::find()->where(['and',['parent'=>$name],['not in','child',$nodeArray]])->all();
            foreach($datas as $data){
                if(!in_array($data->child,$nodeArray)){
                    $node = $authManager->getPermission($data->child);
                    $authManager->removeChild($role,$node);
                }
            }

            if ($userid) {
                return $this->redirect(['auth/index']);
            } else {
                \Yii::$app->getSession()->setFlash('success', '成功添加权限！');
                return $this->redirect(['auth/roles']);
            }
        }

        $roleNodes = $authManager->getPermissionsByRole($name);
        $roleNodes = array_keys($roleNodes);
        $nodes = $authManager->getPermissions();
        $nodesList = [];
        foreach ($nodes as $node){
            $contname = strstr($node->name,'::',true);
            if(!isset($nodesList[$contname])){
                $class = new \ReflectionClass('backend\\controllers\\'.$contname);
                $nodesList[$contname]['name'] = $this->getComment($class);
            }
            $nodesList[$contname]['methods'][] = $node;
        }

        return $this->render('rolenode', [
            'nodes' => $nodesList,
            'roleNodes' => $roleNodes,
            'name' => $name,
            'uid' => $userid,
        ]);
    }


    /**
     * 用户赋予角色（单个）
     * @param $userid
     * @param $rolename
     * @return bool
     */
    public static function userRole($userid,$rolename){
        $auth = \Yii::$app->getAuthManager();
        $role = $auth->getRolesByUser($userid);
        if(!empty($role) && current($role)->name == $rolename){
            return true;
        }
        $role = $auth->getRole($rolename);
        if(empty($role)){
            return false;
        }
        $auth->revokeAll($userid); //清空绑定

        $auth->assign($role,$userid); //绑定

        return true;
    }

//    /**
//     * 用户赋予角色
//     */
//    public function actionRole()
//    {
//        //从用户跳转过来，目的获取用户id
//        $uid = \Yii::$app->request->get('uid');
//        $admin = User::find()->where(['id' => $uid])->one();
//        if (!$admin) {
//            \Yii::$app->getSession()->setFlash('error', '用户未找到！');
//        }
//        $authManager = \Yii::$app->authManager;
//        if (\Yii::$app->request->isPost) {
//            $roleNames = \Yii::$app->request->post('roles');
//            $authManager->revokeAll($uid);
//            if (!empty($roleNames) && is_array($roleNames)) {
//                foreach ($roleNames as $roleName) {
//                    $role = $authManager->getRole($roleName);
//                    if (!$role) {
//                        continue;
//                    }
//                    $authManager->assign($role, $uid);
//                }
//            }
//            if ($roleNames) {
//                $admin->role = implode(',', $roleNames);
//            }
//
//            if ($admin->update()) {
//                \Yii::$app->getSession()->setFlash('success', '更新成功！');
//                return $this->redirect(['auth/index']);
//            } else {
//                \Yii::$app->getSession()->setFlash('success', '更新失败！');
//                return $this->redirect(['auth/role', 'uid' => $uid]);
//            }
//        } else {
//            $userRoles = $authManager->getRolesByUser($uid);
//
//            $roleNames = ArrayHelper::getColumn(ArrayHelper::toArray($userRoles), 'name');
//            $roles = $authManager->getRoles();
//            return $this->render('role', ['roles' => $roles, 'roleNames' => $roleNames, 'uid' => $uid]);
//        }
//    }

    /**
     * 权限验证
     * @param $level
     * @return bool
     */
    static function checkPermission($level)
    {
        $level = 1;
        $role = \Yii::$app->user->identity->role;
        if ($level <= $role) {
            return true;
        } else {
            return false;
        }
    }


    /**
     * 创建权限
     */
    static function createPermission($name, $description)
    {
        $auth = \Yii::$app->authManager;
        $createPost = $auth->createPermission($name);
        $createPost->description = $description;
        $auth->add($createPost);
    }


    /**
     * 获取类中可访问方法及注释
     * @param $classname
     * @return array
     */
    private function getMethodList($classname){

        $class = new \ReflectionClass($classname);
        $methods = $class->getMethods(\ReflectionMethod::IS_PUBLIC);
        $classMap = [];
        $classMap['name'] = $class->getShortName();
        $classMap['comment'] = $this->getComment($class);
        $classMap['method'] = [];
        foreach ($methods as $method){

            if(strlen($method->name) > 7 && substr($method->name,0,6) == 'action'){

                $temp['name'] = $method->getName();
                $temp['comment'] = $this->getComment($method);
                $classMap['method'][] = $temp;
            }
        }
        return $classMap;
    }

    /**
     * 提取注释
     * @param $reflection
     * @return string
     */
    private function getComment($reflection){
        $comment = strtr(trim(preg_replace('/^\s*\**( |\t)?/m', '', trim($reflection->getDocComment(), '/'))), "\r", '');
        if (preg_match('/^\s*@\w+/m', $comment, $matches, PREG_OFFSET_CAPTURE)) {
            $comment = trim(substr($comment, 0, $matches[0][1]));
        }
        return $comment;
    }
}