waimai
/
crm


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
							<?php
/**
 * Controller is the customized base controller class.
 * All controller classes for this application should extend from this base class.
 */
class Controller extends CController
{
	/**
	 * @var string the default layout for the controller view. Defaults to '//layouts/column1',
	 * meaning using a single column layout. See 'protected/views/layouts/column1.php'.
	 */
	public $layout='//layouts/column1';

    public array $authIds = [];
    public array $companyIds = [];
    public array $schoolIds = [];
    private int $_userId = 0;

    /**
     * 检查请求方是否合法
     * @return void
     * @throws CHttpException
     */
    public function checkRequest(): void
    {
        if (LWM_ENV == 'dev') {
            header("Access-Control-Allow-Origin: *");
        } else {
            if (!str_contains(Yii::app()->request->hostInfo, Yii::app()->params['url'])) {
                throw new CHttpException(403, '非法访问');
            }
            header("Access-Control-Allow-Origin:" . Yii::app()->request->hostInfo);
        }
        
        header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
        header("Access-Control-Allow-Headers: Content-Type, Authorization, Cookie");
        if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
            exit(0); // 预检请求直接返回
        }
    }

    public function checkSign()
    {
        if (!\Yii::app()->request->isPostRequest) {
            return true;
        }
        if (!isset($_POST['sign'])) {
            return false;
        }
        $paramArray = [];
        unset($paramArray['sign']); // 签名不计算sign
        $stringArray = []; // 对参与签名的参数进行排序
        foreach ($_POST as $k => $v) {
            $stringArray[] = "{$k}={$v}";
        }
        sort($stringArray, SORT_STRING);
        $query = implode('&', $stringArray) . 'v1wqe21wmjhop';
        $sign = strtoupper(hash('sha256', $query));
        Logger::errorMult($query, $sign, $sign == $_POST['sign']);
        return $_POST['sign'] == $sign;
    }

    /**
     * @throws CHttpException
     */
    public function beforeAction($action): bool
    {
        $this->checkRequest();

        $token = $_SERVER['HTTP_AUTHORIZATION']?? '';
        $data = RedisInstance::getInstance()->get('user_token:'.$token);
        $this->_userId = $data['id']?? 0;

        Yii::app()->language = 'zh_cn';
		$controller = Yii::app()->controller->id;
		$action = $this->getAction()->getId();
        $path = strtolower($controller . '/'. $action);
		if( !in_array($controller, ['site'])
            &&!in_array($path, LewaimaiAdminPingtaiAuth::$noLoginRouters)
            && !$this->_userId
        ){
            Helper::error('请先登入', 401);
		}

        // 获取权限相关数据
        $this->_formatAuth();

		if (!LewaimaiAdminPingtaiAuth::adminAuth($controller, $action)
            && (!$this->_userId && $this->_userId != 1)
        ) {
            Helper::error('您没有相应的权限');
		}

		return true;
	}

    private function _formatAuth(): void
    {
        $key = 'user_auth_' . $this->_userId;
        $data = RedisInstance::getInstance()->get($key);
        if (!$data) {
            $model = Useradmin::model()->findByPk($this->_userId);
            $authIds = DB::getScalerWithCriteria(
                'role',
                DbCriteria::simpleCompare(['id' => $model->role_id])->setSelect('auth_ids')
            );
            $this->authIds = $authIds ? explode(',', $authIds) : [];
            $this->companyIds = $model->company_ids ? explode(',', $model->company_ids) : [];
            $this->schoolIds = $model->school_ids ? explode(',', $model->school_ids) : [];
            $json = json_encode([
                'authIds' => $this->authIds,
                'companyIds' => $this->companyIds,
                'schoolIds' => $this->schoolIds,
            ]);
            RedisInstance::getInstance()->set($key, $json, 86400);
        } else {
            $data = json_decode($data, true);
            $this->authIds = $data['authIds'];
            $this->companyIds = $data['companyIds'];
            $this->schoolIds = $data['schoolIds'];
        }
        LewaimaiAdminPingtaiAuth::$authIds = $this->authIds;
    }

    public function clearAuth($id = 0)
    {
        $id = $id ? : $this->_userId;
        RedisInstance::getInstance()->delete('user_auth_' . $id);
    }

    public function getUserId()
    {
        return $this->_userId;
    }

    public function getSchoolFilter($filed = 'school_id'):?array
    {
        if ($this->_userId == 1 || in_array(-1, $this->companyIds)) {
            return null;
        }
        return $this->schoolIds;
    }

    public function checkSchoolId(int $id):bool
    {
        if ($this->_userId == 1 || in_array(-1, $this->schoolIds)) {
            return true;
        }
        return in_array($id, $this->schoolIds);
    }

    public function getCompanyFilter():?array
    {
        if ($this->_userId == 1 || in_array(-1, $this->companyIds)) {
            return null;
        }
        return $this->companyIds;
    }

    public function checkCompanyId(int $id):bool
    {
        if ($this->_userId == 1 || in_array(-1, $this->companyIds)) {
            return true;
        }
        return in_array($id, $this->companyIds);
    }
}