//管理员表
CREATE TABLE `qz_admin` (
`admin_id` smallint(5) unsigned NOT NULL AUTO_INCREMENT COMMENT '用户id',
`admin_name` varchar(60) NOT NULL DEFAULT '' COMMENT '用户名',
`email` varchar(60) NOT NULL DEFAULT '' COMMENT 'email',
`password` varchar(32) NOT NULL DEFAULT '' COMMENT '密码',
`add_time` int(11) NOT NULL DEFAULT '0' COMMENT '添加时间',
`last_login` int(11) NOT NULL DEFAULT '0' COMMENT '最后登录时间',
`last_ip` varchar(15) NOT NULL DEFAULT '' COMMENT '最后登录ip',
`nav_list` text NOT NULL COMMENT '权限',
`role_id` smallint(5) DEFAULT NULL COMMENT '角色id',
PRIMARY KEY (`admin_id`),
KEY `user_name` (`user_name`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;
//角色表
CREATE TABLE `qz_admin_role` (
`role_id` smallint(6) unsigned NOT NULL AUTO_INCREMENT COMMENT '角色ID',
`role_name` varchar(30) DEFAULT NULL COMMENT '角色名称',
`act_list` text COMMENT '权限列表',
`role_desc` varchar(255) DEFAULT NULL COMMENT '角色描述',
PRIMARY KEY (`role_id`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
//功能菜单表
CREATE TABLE `qz_system_menu` (
`id` smallint(6) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(50) DEFAULT NULL COMMENT '权限名字',
`group` varchar(20) DEFAULT NULL COMMENT '所属分组',
`right` text COMMENT '权限码(控制器+动作)',
`is_del` tinyint(1) DEFAULT '0' COMMENT '删除状态 1删除,0正常',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=18 DEFAULT CHARSET=utf8;
function getMenuList($act_list){
//根据角色权限过滤菜单
$menu_list = getAllMenu();
if($act_list != 'all'){
$right = M('system_menu')->where("id in ($act_list)")->cache(false)->getField('right',true);
$role_right = "";
foreach ($right as $val){
$role_right .= $val.',';
}
$role_right = explode(',', $role_right);
foreach($menu_list as $k=>$mrr){
foreach ($mrr['sub_menu'] as $j=>$v){
if(!in_array($v['control'].'Controller@'.$v['act'], $role_right)){
unset($menu_list[$k]['sub_menu'][$j]);//过滤菜单
}
}
}
}
return $menu_list;
}
function getAllMenu(){
return array(
'system' => array('name'=>'系统设置','icon'=>'fa-cog','sub_menu'=>array(
array('name'=>'网站设置','act'=>'index','control'=>'System'),
array('name'=>'友情链接','act'=>'linkList','control'=>'Article'),
array('name'=>'自定义导航','act'=>'navigationList','control'=>'System'),
array('name'=>'区域管理','act'=>'region','control'=>'Tools'),
array('name'=>'权限资源列表','act'=>'right_list','control'=>'System'),
)),
'access' => array('name' => '权限管理', 'icon'=>'fa-gears', 'sub_menu' => array(
array('name' => '管理员列表', 'act'=>'index', 'control'=>'Admin'),
array('name' => '角色管理', 'act'=>'role', 'control'=>'Admin'),
array('name' => '供应商管理', 'act'=>'supplier', 'control'=>'Admin'),
array('name' => '管理员日志', 'act'=>'log', 'control'=>'Admin'),
)),
'member' => array('name'=>'会员管理','icon'=>'fa-user','sub_menu'=>array(
array('name'=>'会员列表','act'=>'index','control'=>'User'),
array('name'=>'会员等级','act'=>'levelList','control'=>'User'),
)),
'article' => array('name' => '文章管理', 'icon'=>'fa-comments', 'sub_menu' => array(
array('name' => '文章列表', 'act'=>'articleList', 'control'=>'Article'),
array('name' => '文章分类', 'act'=>'categoryList', 'control'=>'Article'),
array('name' => '专题列表', 'act'=>'topicList', 'control'=>'Topic'),
))
);
}
//权限验证函数(TP), 入口初始化执行
public function check_priv()
{
$ctl = CONTROLLER_NAME;
$act = ACTION_NAME;
$act_list = session('act_list');
//无需验证的操作
$uneed_check = array('login','logout','vertifyHandle','vertify','imageUp','upload','login_task');
if($ctl == 'Index' || $act_list == 'all'){
//后台首页控制器无需验证,超级管理员无需验证
return true;
}elseif(strpos('ajax',$act) || in_array($act,$uneed_check)){
//所有ajax请求不需要验证权限
return true;
}else{
$role_right = "";
$right = M('system_menu')->where("id in ($act_list)")->cache(true)->getField('right',true);
foreach ($right as $val){
$role_right .= $val.',';
}
$role_right = explode(',', $role_right);
//检查是否拥有此操作权限
if(!in_array($ctl.'Controller@'.$act, $role_right)){
$this->error('您没有操作权限,请联系超级管理员分配权限',U('Admin/Index/index'));
}
}
}
//权限分配,给角色添加、修改权限
public function role_info(){
$role_id = I('get.role_id');
$tree = $detail = array();
if($role_id){
$detail = M('admin_role')->where("role_id=$role_id")->find();
$detail['act_list'] = explode(',', $detail['act_list']);
$this->assign('detail',$detail);
}
$right = M('system_menu')->order('id')->select();
foreach ($right as $val){
if(!empty($detail)){
$val['enable'] = in_array($val['id'], $detail['act_list']);
}
$modules[$val['group']][] = $val;
}
//权限组(对应数据表里面的group字段)
$group = array('system'=>'系统管理','access'=>'权限管理',article'=>'文章管理','member'=>'会员管理');
$this->assign('group',$group);
$this->assign('modules',$modules);
$this->display();
}
//权限分配保存
public function roleSave(){
$data = I('post.');
$res = $data['data'];
$res['act_list'] = is_array($data['right']) ? implode(',', $data['right']) : '';
if(empty($data['role_id'])){
$r = D('admin_role')->add($res);
}else{
$r = D('admin_role')->where('role_id='.$data['role_id'])->save($res);
}
if($r){
adminLog('管理角色',__ACTION__);
$this->success("操作成功!",U('Admin/Admin/role_info',array('role_id'=>$data['role_id'])));
}else{
$this->success("操作失败!",U('Admin/Admin/role'));
}
}
