AbstractController.class.php
4.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
/**
* AbstractController.class.php
* $author$
*/
namespace Apicp\Controller\AdminManager;
use Common\Common\Cache;
use Common\Common\ShortUrl;
use Common\Common\Sms;
use VcySDK\Adminer;
use VcySDK\AdminerRole;
use VcySDK\Service;
abstract class AbstractController extends \Common\Controller\Apicp\AbstractController
{
/**
* @type Adminer
*/
protected $_sdkAdminer = null;
protected $needCheckThePayment = false;
public function before_action($action = '')
{
if (!parent::before_action($action)) {
return false;
}
// 调用UC接口,查询管理员详情
$this->_sdkAdminer = new Adminer(Service::instance());
// 调用UC接口,查询管理员角色详情
$this->_sdkRole = new AdminerRole(Service::instance());
return true;
}
/**
* 发送 邮箱&短信 邀请
* @return bool
*/
protected function inviteMsgSend($eaId)
{
try {
$enterpriseData = Cache::instance()->get(
'Common.EnterpriseDetail',
'',
['expire' => cfg('ENTERPRISE_DETAIL_CACHE_EXPIRE')]
);
$adminerSdk = new Adminer(Service::instance());
$adminer = $adminerSdk->fetch(['eaId' => $eaId]);
$sdk = new Adminer(Service::instance());
$aiaToken = md5(NOW_TIME . QY_DOMAIN . $eaId . random(8));
$mobileFrontUrl = oaUrl('Frontend/Index/InviteEmail/Index', ['aiaToken' => $aiaToken]) . '?_identifier=common';
$eaMobile = substr($this->_login->user['eaMobile'], 0, 3) . '****' . substr($this->_login->user['eaMobile'], -4);
$inviteEmailData = [
'eaId' => $eaId,
'mcTplName' => Adminer::INVITE_EMAIL_TYPE_INVITE,
'aiaToken' => $aiaToken,
'mcSubject' => '畅移员圈管理员邀请',
'mcVars' => [
"%adminer_name%" => $adminer['eaRealname'],
"%qy_name%" => $enterpriseData['epName'],
"%user_name%" => $this->_login->user['eaRealname'],
"%adminer_mobile%" => $eaMobile,
"%qrcode%" => $enterpriseData['corpWxqrcode'],
"%date%" => rgmdate(NOW_TIME, 'Y-m-d'),
"%url%" => $mobileFrontUrl
],
'smsChannel' => Sms::CHANNEL_SENDCLOUD,
'smsMessage' => json_encode([
'username' => $adminer['eaRealname'],
'adminname' => $this->_login->user['eaRealname'],
'epname' => $enterpriseData['epName'],
'url' => ShortUrl::create($mobileFrontUrl)
]),
'smsTemplateId' => Sms::SMS_TMP_ID_ADMINCP_ADMINER_INVITE
];
$sdk->inviteSendInvitation($inviteEmailData);
} catch (\Exception $e) {
// 不做报错处理
}
return true;
}
/**
* 校验当前管理员是否有权限设置管理级别、角色组
* @author liyifei
* @param Int $eaLevel
* @param string $earId
* @return mixed
*/
protected function checkAdminRole($eaLevel, $earId)
{
$user = $this->_login->user;
if (!isset($user['eaLevel'])) {
return false;
}
switch ($user['eaLevel']) {
// 当前管理员为超级管理
case Adminer::ADMIN_LEVEL_SUPER:
// 调用UC接口,查询角色组详情
$role = $this->_sdkRole->detail(['earId' => $earId]);
if (empty($role)) {
return false;
}
// 设置超级管理,可设置通讯录管理权限为全公司的角色组
if ($eaLevel == Adminer::ADMIN_LEVEL_SUPER && (!empty($role['readDpIdList']) || !empty($role['writeDpIdList']))) {
return false;
}
// 设置分级管理,可设置通讯录管理权限为指定对象的角色组
if ($eaLevel == Adminer::ADMIN_LEVEL_BRANCH && empty($role['readDpIdList']) && empty($role['writeDpIdList'])) {
return false;
}
break;
// 当前管理员为分级管理
case Adminer::ADMIN_LEVEL_BRANCH:
// 设置超级管理,无权限
if ($eaLevel == Adminer::ADMIN_LEVEL_SUPER) {
return false;
}
// 设置分级管理,可设置本身所在的角色组
if ($eaLevel == Adminer::ADMIN_LEVEL_BRANCH && $earId != $user['earId']) {
return false;
}
break;
}
return true;
}
}