//获得权限$name 可以是字符串或数组或逗号分割, uid为 认证的用户id, $or 是否为or关系,为true是, name为数组,只要数组中有一个条件通过则通过,如果为false需要全部条件通过。
//最后修改功能:待验证的权限$name如果权限列表里面不存在则默认有该权限
public function getAuth($name, $uid, $relation='or') {
if (!$this->_config['AUTH_ON'])
return true;
$authList = $this->getAuthList($uid);
if (is_string($name)) {
if (strpos($name, ',') !== false) {
$name = explode(',', $name);
} else {
$name = array($name);
}
}
//修改部分开始
foreach($name as $key=>$val){
if(!$this->isExistsRule($val)){
unset($name[$key]);
}
}
if(count($name)==0){
return true;
}
//修改部分结束
$list = array(); //有权限的name
foreach ($authList as $val) {
if (in_array($val, $name))
$list[] = $val;
}
if ($relation=='or' and !empty($list)) {
return true;
}
$diff = array_diff($name, $list);
if ($relation=='and' and empty($diff)) {
return true;
}
return false;
}
/**
* @desc 判断数据库是否存在权限
* @param string $name RuleName
*/
public function isExistsRule($name){
static $rule = array();
if(!empty($rule[$name])){
return $rule[$name];
}
$rule[$name] = M()->table($this->_config['AUTH_RULE'])->where(array('name'=>$name))->count();
return $rule[$name];
}