wsq/nas_docker_compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nas_docker_compose/kodbox/site/app/controller/explorer/authUser.class.php
wsq e490daaee2 update
2024-08-31 01:03:37 +08:00

74 lines
3.1 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
/*
* @link http://kodcloud.com/
* @author warlee | e-mail:kodcloud@qq.com
* @copyright warlee 2014.(Shanghai)Co.,Ltd
* @license http://kodcloud.com/tools/license/license.txt
*/
/**
* 检测某人对某文档操作权限
*/
class explorerAuthUser extends Controller {
function __construct() {
parent::__construct();
}
/**
* 检测文档权限,是否支持$action动作
* path: 支持物理路径/io路径/source路径; (不支持其他路径)
* action: view,download,upload,edit,remove,share,comment,event,root
*/
public function can($path,$action,$userID){
$roleInfo = Action('user.authRole')->userRoleGet($userID);
if(!$roleInfo) return false;
$isRoot = $roleInfo['info']['administrator'] == 1;
if(!$isRoot && !Action('user.authRole')->canCheckRole($action)){return false;}
$parse = KodIO::parse($path);$ioType = $parse['type'];
// 物理路径 io路径拦截只有管理员且开启了访问才能做相关操作;
if( $ioType == KodIO::KOD_IO || $ioType == false ){
$allowIO = $isRoot || ($roleInfo['allowAction']['admin.storage.edit'] == 1);
if($allowIO && $this->config["ADMIN_ALLOW_IO"]) return true;
return false;
}
if($isRoot && $this->config["ADMIN_ALLOW_SOURCE"]) return true;
$pathInfo = Model('Source')->pathInfo($parse['id']);
$targetType = $pathInfo['targetType'];
if(!$pathInfo || $pathInfo['isDelete'] == '1') return false;//不存在,不判断文档权限;
if( $targetType != 'user' && $targetType != 'group' ) return false;// 不是个人或部门文档
if( $targetType == 'user' && $pathInfo['targetID'] != $userID ) return false; //个人文档但不是自己的文档
//部门文档:权限拦截;会自动匹配权限;我在的部门会有对应权限
if($targetType == 'group'){
$selfAuth = $this->makeUserAuth($userID,$parse['id']);
if(!$selfAuth || !Model("Auth")->authCheckAction($selfAuth['authValue'],$action)) return false;
}
return true;
}
public function canShare($shareInfo){
if(!$shareInfo) return false;
// 兼容早期版本,该字段为空的情况;
if(!$shareInfo['sourcePath'] && $shareInfo['sourceID'] != '0'){
$shareInfo['sourcePath'] = KodIO::make($shareInfo['sourceID']);
}
if($shareInfo['isLink'] == '0' && $shareInfo['isShareTo'] == '0'){return false;}
if($shareInfo['userID'] == '0'){return true;} // 系统分享,允许访问;
// 系统分享;则不检测;
$isSystemSource = '/systemPath/systemSource/';
$pathDisplay = _get($shareInfo,'sourceInfo.pathDisplay');
$isSystem = _get($shareInfo,'sourceInfo.targetType') == 'system';
if(substr($pathDisplay,0,strlen($isSystemSource)) == $isSystemSource && $isSystem) return true;
return $this->can($shareInfo['sourcePath'],'share',$shareInfo['userID']);
}
public function makeUserAuth($userID,$sourceID){
$pathInfo = Model('Source')->pathInfo($sourceID);
$authList = Model("SourceAuth")->getSourceList(array($sourceID),false,$userID);
if( $authList && isset($authList[$sourceID])) return $authList[$sourceID];
return Action('explorer.listGroup')->pathGroupAuthMake($pathInfo['targetID'],$userID);
}
}
Reference in New Issue View Git Blame Copy Permalink