YII2 无限级递归权限验证
YII2 无限级递归权限验证<?php
namespace backend\components;
use Yii;
use common\models\Department;
use common\models\DepartmentUser;
/**
* Description of CheckPermision
*
* @author user
*/
class CheckPermision {
public static function check($addUserId,$depId=0) {
//如果有高级权限,直接授权
if(Yii::$app->user->can('SeniorManagement')) {
return true;
}
if(!Yii::$app->user->can('checkUserQuisition')){
return false;
}
$user=Yii::$app->user;
if(!$depId) {
$dep= DepartmentUser::findOne(['user_id'=>$addUserId]);
if(!$dep) {
return false;
}else {
$depId= $dep->department_id;
}
}
if(DepartmentUser::findOne(['user_id'=>$user->id,'department_id'=>$depId])) {
return true;
}else {
$deppartment=Department::findOne(['id'=>$depId]);
if($deppartment->parent_id) {
return self::check($addUserId,$deppartment->parent_id);
}
return false;
}
}
public static function whoCan($userId=0,$depId=0) {
if(!$depId) {
$dep= DepartmentUser::findOne(['user_id'=>$userId]);
if(!$dep) {
return false;
}else {
$depId= $dep->department_id;
}
}
$depUsers= DepartmentUser::findAll(['department_id'=>$depId]);
foreach($depUsers as $userInfo) {
if(Yii::$app->authManager->checkAccess($userInfo->user_id, 'checkUserQuisition')) {
return $userInfo->user_id;
}
}
$deppartment=Department::findOne(['id'=>$depId]);
if($deppartment) {
if($deppartment->parent_id) {
return self::whoCan($userId,$deppartment->parent_id);
}
}
return false;
}
}
页:
[1]