mirror of
https://github.com/Oreolek/ifhub.club.git
synced 2024-06-16 23:00:51 +03:00
Новый модуль Rbac для продвинутого управления правами на основе ролей и разрешений. Модуль заменит собой старый модуль ACL.
This commit is contained in:
parent
3203910ec8
commit
6185d99c9b
172
application/classes/modules/rbac/Rbac.class.php
Normal file
172
application/classes/modules/rbac/Rbac.class.php
Normal file
|
@ -0,0 +1,172 @@
|
|||
<?php
|
||||
/**
|
||||
* LiveStreet CMS
|
||||
* Copyright © 2013 OOO "ЛС-СОФТ"
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* Official site: www.livestreetcms.com
|
||||
* Contact e-mail: office@livestreetcms.com
|
||||
*
|
||||
* GNU General Public License, version 2:
|
||||
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* @link http://www.livestreetcms.com
|
||||
* @copyright 2013 OOO "ЛС-СОФТ"
|
||||
* @author Maxim Mzhelskiy <rus.engine@gmail.com>
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Модуль управления правами на основе ролей и разрешений
|
||||
*/
|
||||
class ModuleRbac extends ModuleORM {
|
||||
|
||||
const ROLE_CODE_GUEST='guest';
|
||||
|
||||
const PERMISSION_STATE_ACTIVE=1;
|
||||
const PERMISSION_STATE_INACTIVE=0;
|
||||
|
||||
const ROLE_STATE_ACTIVE=1;
|
||||
const ROLE_STATE_INACTIVE=0;
|
||||
|
||||
protected $aUserRoleCache=array();
|
||||
protected $aRoleCache=array();
|
||||
protected $aRulePermissionCache=array();
|
||||
protected $aPermissionCache=array();
|
||||
|
||||
protected $sMessageLast=null;
|
||||
|
||||
protected $oMapper=null;
|
||||
|
||||
public function Init() {
|
||||
parent::Init();
|
||||
$this->oMapper=Engine::GetMapper(__CLASS__);
|
||||
}
|
||||
/**
|
||||
* Проверяет разрешение для текущего авторизованного пользователя
|
||||
*
|
||||
* @param string $sPermissionCode
|
||||
* @param array $aParams
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function IsAllow($sPermissionCode,$aParams=array()) {
|
||||
return $this->IsAllowUser($this->User_GetUserCurrent(),$sPermissionCode,$aParams);
|
||||
}
|
||||
|
||||
public function IsAllowUser($oUser,$sPermissionCode,$aParams=array()) {
|
||||
if (!$sPermissionCode) {
|
||||
return false;
|
||||
}
|
||||
/**
|
||||
* Загружаем все роли и пермишены
|
||||
*/
|
||||
$this->LoadRoleAndPermissions();
|
||||
$sUserId=self::ROLE_CODE_GUEST;
|
||||
if ($oUser) {
|
||||
$sUserId=$oUser->getId();
|
||||
}
|
||||
/**
|
||||
* Смотрим роли в кеше
|
||||
*/
|
||||
if (!isset($this->aUserRoleCache[$sUserId])) {
|
||||
if ($sUserId==self::ROLE_CODE_GUEST) {
|
||||
$aRoles=$this->GetRoleByCodeAndState(self::ROLE_CODE_GUEST,self::ROLE_STATE_ACTIVE);
|
||||
$aRoles=$aRoles ? array($aRoles) : array();
|
||||
} else {
|
||||
$aRoles=$oUser->getRolesActive();
|
||||
}
|
||||
$this->aUserRoleCache[$sUserId]=$aRoles;
|
||||
} else {
|
||||
$aRoles=$this->aUserRoleCache[$sUserId];
|
||||
}
|
||||
/**
|
||||
* Получаем пермишены для ролей
|
||||
*/
|
||||
$sPermissionCode=func_underscore($sPermissionCode);
|
||||
foreach($aRoles as $oRole) {
|
||||
if ($this->CheckPermissionByRole($oRole,$sPermissionCode)) {
|
||||
/**
|
||||
* У роли есть необходимый пермишен, теперь проверим на возможную кастомную обработку с параметрами
|
||||
*/
|
||||
$sMethod='CheckCustom'.func_camelize($sPermissionCode);
|
||||
if (method_exists($this,$sMethod)) {
|
||||
if (call_user_func(array($this,$sMethod),$oUser,$aParams)) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (isset($this->aPermissionCache[$sPermissionCode])) {
|
||||
$aPerm=$this->aPermissionCache[$sPermissionCode];
|
||||
if ($aPerm['msg_error']) {
|
||||
$sMsg=$aPerm['msg_error'];
|
||||
} else {
|
||||
$sMsg='У вас нет прав на "'.($aPerm['title'] ? $aPerm['title'] : $aPerm['code']).'"';
|
||||
}
|
||||
} else {
|
||||
$sMsg='У вас нет прав на "'.$sPermissionCode.'"';
|
||||
}
|
||||
$this->sMessageLast=$sMsg;
|
||||
return false;
|
||||
}
|
||||
|
||||
protected function LoadRoleAndPermissions() {
|
||||
/**
|
||||
* Роли
|
||||
*/
|
||||
$this->LoadRoles();
|
||||
/**
|
||||
* Пермишены
|
||||
*/
|
||||
$this->LoadPermissions();
|
||||
}
|
||||
|
||||
protected function LoadPermissions() {
|
||||
if ($this->aRulePermissionCache) {
|
||||
return;
|
||||
}
|
||||
$aResult=$this->oMapper->GetRoleWithPermissions();
|
||||
foreach($aResult as $aRow) {
|
||||
$this->aRulePermissionCache[$aRow['role_id']][]=$aRow['code'];
|
||||
$this->aPermissionCache[$aRow['code']]=$aRow;
|
||||
}
|
||||
}
|
||||
|
||||
protected function LoadRoles() {
|
||||
if ($this->aRoleCache) {
|
||||
return;
|
||||
}
|
||||
$aRoles=$this->GetRoleItemsByState(self::ROLE_STATE_ACTIVE);
|
||||
foreach($aRoles as $oRole) {
|
||||
$this->aRoleCache[$oRole->getId()]=$oRole;
|
||||
}
|
||||
}
|
||||
|
||||
protected function CheckPermissionByRole($oRole,$sPermissionCode) {
|
||||
/**
|
||||
* Проверяем наличие пермишена в текущей роли
|
||||
*/
|
||||
if (isset($this->aRulePermissionCache[$oRole->getId()])) {
|
||||
if (in_array($sPermissionCode,$this->aRulePermissionCache[$oRole->getId()])) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* Смотрим родительскую роль
|
||||
*/
|
||||
if ($oRole->getPid() and isset($this->aRoleCache[$oRole->getPid()])) {
|
||||
return $this->CheckPermissionByRole($this->aRoleCache[$oRole->getPid()],$sPermissionCode);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function GetMsgLast() {
|
||||
return $this->sMessageLast;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
<?php
|
||||
/**
|
||||
* LiveStreet CMS
|
||||
* Copyright © 2013 OOO "ЛС-СОФТ"
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* Official site: www.livestreetcms.com
|
||||
* Contact e-mail: office@livestreetcms.com
|
||||
*
|
||||
* GNU General Public License, version 2:
|
||||
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* @link http://www.livestreetcms.com
|
||||
* @copyright 2013 OOO "ЛС-СОФТ"
|
||||
* @author Maxim Mzhelskiy <rus.engine@gmail.com>
|
||||
*
|
||||
*/
|
||||
|
||||
class ModuleRbac_EntityPermission extends EntityORM {
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
/**
|
||||
* LiveStreet CMS
|
||||
* Copyright © 2013 OOO "ЛС-СОФТ"
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* Official site: www.livestreetcms.com
|
||||
* Contact e-mail: office@livestreetcms.com
|
||||
*
|
||||
* GNU General Public License, version 2:
|
||||
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* @link http://www.livestreetcms.com
|
||||
* @copyright 2013 OOO "ЛС-СОФТ"
|
||||
* @author Maxim Mzhelskiy <rus.engine@gmail.com>
|
||||
*
|
||||
*/
|
||||
|
||||
class ModuleRbac_EntityRole extends EntityORM {
|
||||
|
||||
protected $aRelations=array(
|
||||
'permissions' => array(self::RELATION_TYPE_MANY_TO_MANY,'ModuleRbac_EntityPermission', 'permission_id', 'db.table.rbac_role_permission', 'role_id'),
|
||||
);
|
||||
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
<?php
|
||||
/**
|
||||
* LiveStreet CMS
|
||||
* Copyright © 2013 OOO "ЛС-СОФТ"
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* Official site: www.livestreetcms.com
|
||||
* Contact e-mail: office@livestreetcms.com
|
||||
*
|
||||
* GNU General Public License, version 2:
|
||||
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* @link http://www.livestreetcms.com
|
||||
* @copyright 2013 OOO "ЛС-СОФТ"
|
||||
* @author Maxim Mzhelskiy <rus.engine@gmail.com>
|
||||
*
|
||||
*/
|
||||
|
||||
class ModuleRbac_EntityRolePermission extends EntityORM {
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
<?php
|
||||
/**
|
||||
* LiveStreet CMS
|
||||
* Copyright © 2013 OOO "ЛС-СОФТ"
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* Official site: www.livestreetcms.com
|
||||
* Contact e-mail: office@livestreetcms.com
|
||||
*
|
||||
* GNU General Public License, version 2:
|
||||
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* @link http://www.livestreetcms.com
|
||||
* @copyright 2013 OOO "ЛС-СОФТ"
|
||||
* @author Maxim Mzhelskiy <rus.engine@gmail.com>
|
||||
*
|
||||
*/
|
||||
|
||||
class ModuleRbac_EntityUserRole extends EntityORM {
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
<?php
|
||||
/**
|
||||
* LiveStreet CMS
|
||||
* Copyright © 2013 OOO "ЛС-СОФТ"
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* Official site: www.livestreetcms.com
|
||||
* Contact e-mail: office@livestreetcms.com
|
||||
*
|
||||
* GNU General Public License, version 2:
|
||||
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
|
||||
*
|
||||
* ------------------------------------------------------
|
||||
*
|
||||
* @link http://www.livestreetcms.com
|
||||
* @copyright 2013 OOO "ЛС-СОФТ"
|
||||
* @author Maxim Mzhelskiy <rus.engine@gmail.com>
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Маппер для работы с БД
|
||||
*
|
||||
* @package modules.rbac
|
||||
* @since 1.0
|
||||
*/
|
||||
class ModuleRbac_MapperRbac extends Mapper {
|
||||
|
||||
|
||||
public function GetRoleWithPermissions() {
|
||||
$sql = "SELECT
|
||||
r.role_id,
|
||||
p.code,
|
||||
p.title,
|
||||
p.msg_error
|
||||
FROM
|
||||
".Config::Get('db.table.rbac_role_permission')." as r
|
||||
LEFT JOIN ".Config::Get('db.table.rbac_permission')." as p ON r.permission_id=p.id
|
||||
WHERE
|
||||
p.state = ?d ; ";
|
||||
if ($aRows=$this->oDb->select($sql,ModuleRbac::PERMISSION_STATE_ACTIVE)) {
|
||||
return $aRows;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
|
@ -295,8 +295,12 @@ $config['db']['table']['property_select'] = '___db.table.prefix___property_se
|
|||
$config['db']['table']['property_value'] = '___db.table.prefix___property_value';
|
||||
$config['db']['table']['property_value_tag'] = '___db.table.prefix___property_value_tag';
|
||||
$config['db']['table']['property_value_select'] = '___db.table.prefix___property_value_select';
|
||||
$config['db']['table']['media'] = '___db.table.prefix___media';
|
||||
$config['db']['table']['media_target'] = '___db.table.prefix___media_target';
|
||||
$config['db']['table']['media'] = '___db.table.prefix___media';
|
||||
$config['db']['table']['media_target'] = '___db.table.prefix___media_target';
|
||||
$config['db']['table']['rbac_role'] = '___db.table.prefix___rbac_role';
|
||||
$config['db']['table']['rbac_permission'] = '___db.table.prefix___rbac_permission';
|
||||
$config['db']['table']['rbac_role_permission']= '___db.table.prefix___rbac_role_permission';
|
||||
$config['db']['table']['rbac_user_role'] = '___db.table.prefix___rbac_user_role';
|
||||
|
||||
$config['db']['tables']['engine'] = 'InnoDB'; // InnoDB или MyISAM
|
||||
|
||||
|
|
|
@ -274,3 +274,100 @@ CREATE TABLE IF NOT EXISTS `prefix_user_complaint` (
|
|||
ALTER TABLE `prefix_user_complaint`
|
||||
ADD CONSTRAINT `prefix_user_complaint_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `prefix_user` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
|
||||
ADD CONSTRAINT `prefix_user_complaint_ibfk_1` FOREIGN KEY (`target_user_id`) REFERENCES `prefix_user` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
|
||||
|
||||
-- 27.01.2014
|
||||
--
|
||||
-- Структура таблицы `prefix_rbac_permission`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `prefix_rbac_permission` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`code` varchar(50) NOT NULL,
|
||||
`title` varchar(250) NOT NULL,
|
||||
`msg_error` varchar(250) NOT NULL,
|
||||
`date_create` datetime NOT NULL,
|
||||
`state` tinyint(1) NOT NULL DEFAULT '1',
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `code` (`code`),
|
||||
KEY `date_create` (`date_create`),
|
||||
KEY `state` (`state`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Структура таблицы `prefix_rbac_role`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `prefix_rbac_role` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`pid` int(11) DEFAULT NULL,
|
||||
`code` varchar(50) NOT NULL,
|
||||
`title` varchar(250) NOT NULL,
|
||||
`date_create` datetime NOT NULL,
|
||||
`state` tinyint(1) NOT NULL DEFAULT '1',
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `pid` (`pid`),
|
||||
KEY `state` (`state`),
|
||||
KEY `date_create` (`date_create`),
|
||||
KEY `code` (`code`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
--
|
||||
-- Дамп данных таблицы `prefix_rbac_role`
|
||||
--
|
||||
|
||||
INSERT INTO `prefix_rbac_role` (`id`, `pid`, `code`, `title`, `date_create`, `state`) VALUES
|
||||
(1, NULL, 'guest', 'Гость', '2014-01-27 00:00:00', 1);
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Структура таблицы `prefix_rbac_role_permission`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `prefix_rbac_role_permission` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`role_id` int(11) NOT NULL,
|
||||
`permission_id` int(11) NOT NULL,
|
||||
`date_create` datetime NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `role_id` (`role_id`),
|
||||
KEY `permission_id` (`permission_id`),
|
||||
KEY `date_create` (`date_create`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Структура таблицы `prefix_rbac_user_role`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `prefix_rbac_user_role` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`user_id` int(11) unsigned NOT NULL,
|
||||
`role_id` int(11) NOT NULL,
|
||||
`date_create` datetime NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
KEY `user_id` (`user_id`),
|
||||
KEY `role_id` (`role_id`),
|
||||
KEY `date_create` (`date_create`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
--
|
||||
-- Ограничения внешнего ключа сохраненных таблиц
|
||||
--
|
||||
|
||||
--
|
||||
-- Ограничения внешнего ключа таблицы `prefix_rbac_role_permission`
|
||||
--
|
||||
ALTER TABLE `prefix_rbac_role_permission`
|
||||
ADD CONSTRAINT `prefix_rbac_role_permission_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `prefix_rbac_role` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
|
||||
--
|
||||
-- Ограничения внешнего ключа таблицы `prefix_rbac_user_role`
|
||||
--
|
||||
ALTER TABLE `prefix_rbac_user_role`
|
||||
ADD CONSTRAINT `prefix_rbac_user_role_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `prefix_user` (`user_id`) ON DELETE CASCADE ON UPDATE CASCADE,
|
||||
ADD CONSTRAINT `prefix_rbac_user_role_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `prefix_rbac_role` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
|
||||
|
|
Loading…
Reference in a new issue