CheckRightController.class.php
3.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
/**
* Created by PhpStorm.
* User: liyifei2012it
* Date: 17/6/26
* Time: 16:14
*/
namespace Frontend\Controller\Callback;
use Think\Log;
use Common\Common\Constant;
use Common\Common\ResAuth;
use Common\Service\ArticleService;
use Common\Service\ClassService;
use Common\Service\RightService;
class CheckRightController extends AbstractController
{
public function Index()
{
Log::record(sprintf('---%s %s CheckRight Start ---', QY_DOMAIN, APP_DIR), Log::INFO);
// 鉴权失败:缺少必传参数(用户信息、权限载体ID)
$auth = I('post.auth');
$id = I('post._id', 0, 'intval');
if (empty($auth)) {
Log::record(sprintf('---%s %s CheckRight FAIL : uc param missing---', QY_DOMAIN, APP_DIR), Log::INFO);
Log::record('post: ' . var_export($_POST, true), Log::INFO);
exit('FAIL');
}
// 用户信息(管理员 or 普通用户)
$resAuth = &ResAuth::instance();
$data = $resAuth->parseSecret($auth);
if (empty($data)) {
Log::record(sprintf('---%s %s CheckRight Fail : parseSecret empty---', QY_DOMAIN, APP_DIR), Log::INFO);
exit('FAIL');
}
switch ($data['user_type']) {
// 管理员
case ResAuth::USER_TYPE_ADMIN:
Log::record(sprintf('---%s %s CheckRight OK : admin logined---', QY_DOMAIN, APP_DIR), Log::INFO);
exit('OK');
// 手机端登录用户
case ResAuth::USER_TYPE_MOBILE:
// 鉴权失败:文章不存在
$articleServ = new ArticleService();
$article = $articleServ->get($id);
if (empty($article)) {
Log::record(sprintf('---%s %s CheckRight FAIL : article not found or news status error---', QY_DOMAIN, APP_DIR), Log::INFO);
exit('FAIL');
}
// 鉴权失败:课程分类不存在或未开启
$classServ = new ClassService();
$class = $classServ->get($article['class_id']);
if (empty($class) || $class['is_open'] != Constant::CLASS_IS_OPEN_TRUE) {
Log::record(sprintf('---%s %s CheckRight FAIL : class not found or already closed---', QY_DOMAIN, APP_DIR), Log::INFO);
exit('FAIL');
}
// 鉴权失败:手机端登录人员无查看权限
$rightServ = new RightService();
$checkRes = $rightServ->checkUserRight($data['user'], $id);
// 超过1S记录日志
if (time() * 1000 - MILLI_TIME >= 1000) {
Log::record('attach timeout', Log::ERR);
}
if (!$checkRes) {
Log::record(sprintf('---%s %s CheckRight FAIL : have not right---', QY_DOMAIN, APP_DIR), Log::INFO);
exit('FAIL');
}
break;
}
// 鉴权通过
Log::record(sprintf('---%s %s CheckRight END---', QY_DOMAIN, APP_DIR), Log::INFO);
exit('OK');
}
}