colleague / study-project · Files

<?php
/**
 * Created by PhpStorm.
 * User: liyifei2012it
 * Date: 17/6/23
 * Time: 15:14
 */
namespace Frontend\Controller\Callback;

use Common\Common\StudyMap;
use Think\Log;
use Common\Common\Constant;
use Common\Common\ResAuth;
use Common\Common\TaskCenter;
use Common\Common\Train;
use Common\Service\ArticleService;
use Common\Service\ClassService;
use Common\Service\RightService;

class CheckRightController extends AbstractController
{
    public function Index()
    {
        Log::record(sprintf('---%s %s CheckRight Start ---', QY_DOMAIN, APP_DIR), Log::INFO);

        // 鉴权失败：缺少必传参数（用户信息、权限载体ID）
        $auth = I('post.auth');
        $param = I('post._id');

        if (empty($auth) || empty($param)) {

            Log::record(sprintf('---%s %s CheckRight FAIL : param missing---', QY_DOMAIN, APP_DIR), Log::INFO);
            Log::record('post: ' . var_export($_POST, true), Log::INFO);
            exit('FAIL');
        }

        $param = json_decode($param, true);
        if (!is_array($param) || !isset($param['article_id'])) {

            Log::record(sprintf('---%s %s CheckRight FAIL : param error---', QY_DOMAIN, APP_DIR), Log::INFO);
            exit('FAIL');
        }

        // 用户信息（管理员 or 普通用户）
        $resAuth = &ResAuth::instance();
        $data = $resAuth->parseSecret($auth);
        if (empty($data)) {

            Log::record(sprintf('---%s %s CheckRight Fail : parseSecret empty---', QY_DOMAIN, APP_DIR), Log::INFO);
            exit('FAIL');
        }

        switch ($data['user_type']) {
            // 管理员
            case ResAuth::USER_TYPE_ADMIN:
                Log::record(sprintf('---%s %s CheckRight OK : admin logined---', QY_DOMAIN, APP_DIR), Log::INFO);
                exit('OK');

            // 手机端登录用户
            case ResAuth::USER_TYPE_MOBILE:
                // 鉴权失败：文章不存在
                $articleServ = new ArticleService();
                $article = $articleServ->get($param['article_id']);
                if (empty($article)) {

                    Log::record(sprintf('---%s %s CheckRight FAIL : article not found or article status error---', QY_DOMAIN, APP_DIR), Log::INFO);
                    exit('FAIL');
                }

                // 鉴权失败：课程分类不存在或未开启
                $classServ = new ClassService();
                $class = $classServ->get($article['class_id']);
                if (empty($class) || Constant::CLASS_IS_OPEN_FALSE == $class['is_open']) {

                    Log::record(sprintf('---%s %s CheckRight FAIL : class not found or already closed---', QY_DOMAIN, APP_DIR), Log::INFO);
                    exit('FAIL');
                }

                // 校验人员权限
                if (Constant::COURSE_TYPE_TASK == $article['course_type']) {
                    // 任务类课程鉴权
                    $this->_checkTaskRight($param['article_id'], $data['user'], $param['customtask_id']);
                } elseif (Constant::COURSE_TYPE_TRAIN == $article['course_type']) {
                    // 线下培训类课程鉴权
                    $this->_checkTrainRight($param['article_id'], $data['user'], $param['plan_id'], $param['ed_id']);
                } elseif (Constant::COURSE_TYPE_OTHER == $article['course_type']) {
                    // 其他类课程鉴权
                    $this->_checkMapRight($data['user'], $param['map_id'], $param['path_id'], $param['article_id']);
                } else {
                    // 鉴权失败：手机端登录人员无查看权限
                    $rightServ = new RightService();
                    $checkRes = $rightServ->checkUserRight($data['user'], $param['article_id']);

                    if (!$checkRes) {

                        Log::record(sprintf('---%s %s CheckRight FAIL : have not right---', QY_DOMAIN, APP_DIR), Log::INFO);
                        exit('FAIL');
                    }
                }

                // 超过1S记录日志
                if (time() * 1000 - MILLI_TIME >= 1000) {

                    Log::record('attach timeout', Log::ERR);
                }
                break;
        }

        // 鉴权通过
        Log::record(sprintf('---%s %s CheckRight END---', QY_DOMAIN, APP_DIR), Log::INFO);
        exit('OK');
    }

    /*
     * 任务类课程文件鉴权
     * @author liyifei
     * @param int $article_id 任务类课程ID
     * @param array $user 用户信息
     * @param int $customtask_id 常规任务ID
     * @return mixed
     */
    private function _checkTaskRight($article_id, $user, $customtask_id)
    {
        $taskCenter = &TaskCenter::instance();

        try {

            $taskCenter->checkCustomtaskRight($customtask_id, $article_id, $user);
        } catch (\Exception $e) {

            Log::record(sprintf('---%s %s 任务类课程，文件鉴权未通过---', QY_DOMAIN, APP_DIR), Log::INFO);
            exit('FAIL');
        }

        exit('OK');
    }

    /*
     * 线下培训类课程文件鉴权
     * @author liyifei
     * @param int $article_id 任务类课程ID
     * @param array $user 用户信息
     * @param int plan_id 培训计划ID
     * @param int ed_id  培训ID
     * @return mixed
     */
    private function _checkTrainRight($article_id, $user, $plan_id, $ed_id)
    {
        $trainServ = &Train::instance();

        try {
            // 应用判断用户是否有权限访问“线下培训”数据
            $trainServ->checkCustomTrainRight($plan_id, $article_id, $user);
        } catch (\Exception $e) {

            Log::record(sprintf('---%s %s 线下培训类课程，文件鉴权未通过---', QY_DOMAIN, APP_DIR), Log::INFO);
            exit('FAIL');
        }

        exit('OK');
    }

    /**
     * 其他类课程权限检查
     * @author tangxingguo
     * @param array $user 用户信息
     * @param int $map_id 地图ID
     * @param int $path_id 路径ID
     * @param int $article_id 课程ID
     */
    private function _checkMapRight($user, $map_id, $path_id, $article_id)
    {
        $mapServ = new StudyMap($map_id);
        try {
            // 应用判断用户是否有权限访问学习地图数据
            $mapServ->checkRight($path_id, $article_id, $user);
        } catch (\Exception $e) {
            Log::record(sprintf('---%s %s 其他类课程，文件鉴权未通过---', QY_DOMAIN, APP_DIR), Log::INFO);
            exit('FAIL');
        }

        exit('OK');
    }
}