src/AppBundle/Controller/BaseController.php line 251

Open in your IDE?
  1. <?php
  3. namespace AppBundle\Controller;
  5. use AppBundle\Common\ArrayToolkit;
  6. use AppBundle\Common\Exception\ResourceNotFoundException;
  7. use AppBundle\Common\LoginToolkit;
  8. use Biz\ResourceManage\Service\ResourceManageService;
  9. use Biz\ResourceManage\Type\BaseType;
  10. use Biz\User\CurrentUser;
  11. use Bodoudou\SDK\BodoudouApi;
  12. use Common\PrepareOrgTrait;
  13. use Common\Validator;
  14. use CorporateTrainingBundle\Biz\ManagePermission\Service\ManagePermissionOrgService;
  15. use CorporateTrainingBundle\Biz\ResourceScope\Service\ResourceAccessScopeService;
  16. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  17. use Symfony\Component\Form\Extension\Core\Type\FormType;
  18. use Symfony\Component\HttpFoundation\JsonResponse;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\HttpFoundation\Response;
  21. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  24. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  25. use Symfony\Component\Security\Http\SecurityEvents;
  26. use Topxia\Service\Common\ServiceKernel;
  28. class BaseController extends AbstractController
  29. {
  30.     use PrepareOrgTrait;
  32.     /**
  33.      * @return CurrentUser
  34.      */
  35.     protected function getCurrentUser()
  36.     {
  37.         return $this->getUser();
  38.     }
  40.     protected function getBiz()
  41.     {
  42.         return $this->container->get('biz');
  43.     }
  45.     /**
  46.      * @return CurrentUser
  47.      */
  48.     public function getUser()
  49.     {
  50.         $biz $this->getBiz();
  52.         return $biz['user'];
  53.     }
  55.     /**
  56.      * switch current user.
  57.      *
  58.      * @return CurrentUser
  59.      */
  60.     protected function switchUser(Request $requestCurrentUser $user)
  61.     {
  62.         $user['currentIp'] = $request->getClientIp();
  64.         $token = new UsernamePasswordToken($usernull'main'$user['roles']);
  65.         $this->container->get('security.token_storage')->setToken($token);
  67.         $biz $this->getBiz();
  68.         $biz['user'] = $user;
  70.         $this->container->get('event_dispatcher')->dispatch(
  71.             new InteractiveLoginEvent($request$token),
  72.             SecurityEvents::INTERACTIVE_LOGIN
  73.         );
  75.         return $user;
  76.     }
  78.     protected function authenticateUser(array $user)
  79.     {
  80.         if (!$user['pwdInit'] && !LoginToolkit::isEnforcementInitPwd()) {
  81.             $this->getUserService()->changePwdInit($user['id']);
  82.             $user['pwdInit'] = 1;
  83.         }
  84.         $user['currentIp'] = $this->container->get('request_stack')->getCurrentRequest()->getClientIp();
  85.         $currentUser = new CurrentUser();
  86.         $currentUser->fromArray($user);
  88.         return $this->switchUser($this->get('request_stack')->getCurrentRequest(), $currentUser);
  89.     }
  91.     protected function fillOrgCode($conditions)
  92.     {
  93.         if (isset($conditions['orgCode']) && !$this->getCurrentUser()->hasManagePermissionWithOrgCode($conditions['orgCode'])) {
  94.             $conditions['likeOrgCode'] = '-1';
  96.             return $conditions;
  97.         }
  99.         if ($this->setting('magic.enable_org')) {
  100.             if (!isset($conditions['orgCode'])) {
  101.                 $orgCodes $this->getCurrentUser()->getManageOrgCodes();
  102.                 $conditions['likeOrgCode'] = empty($orgCodes) ? '-1' $orgCodes[0];
  103.             } else {
  104.                 $conditions['likeOrgCode'] = $conditions['orgCode'];
  105.                 unset($conditions['orgCode']);
  106.             }
  107.         } else {
  108.             if (isset($conditions['orgCode'])) {
  109.                 unset($conditions['orgCode']);
  110.             }
  111.         }
  113.         return $conditions;
  114.     }
  116.     protected function buildAccessScope($fields)
  117.     {
  118.         return $this->getResourceAccessService()->processAccessScope($fields);
  119.     }
  121.     protected function createViolationJsonResponse($message ''$code 0)
  122.     {
  123.         return $this->createJsonResponse([
  124.             'status' => false,
  125.             'code' => $code,
  126.             'message' => $this->getMessage($message),
  127.         ], Response::HTTP_BAD_REQUEST);
  128.     }
  130.     protected function getMessage($message$arguments = [], $domain null$locale null)
  131.     {
  132.         return ServiceKernel::instance()->trans($message$arguments$domain$locale);
  133.     }
  135.     /**
  136.      * 判断是否微信内置浏览器访问.
  137.      *
  138.      * @return bool
  139.      */
  140.     protected function isWxClient()
  141.     {
  142.         return $this->isMobileClient() && false !== strpos($_SERVER['HTTP_USER_AGENT'], 'MicroMessenger');
  143.     }
  145.     protected function qrcode($routerName$params)
  146.     {
  147.         $token $this->getTokenService()->makeToken('qrcode', [
  148.             'data' => [
  149.                 'url' => $this->generateUrl($routerName$paramsUrlGeneratorInterface::ABSOLUTE_URL),
  150.             ],
  151.             'duration' => 3600 24 365,
  152.         ]);
  154.         $url $this->generateUrl('common_parse_qrcode', ['token' => $token['token']], UrlGeneratorInterface::ABSOLUTE_URL);
  156.         return $this->generateUrl('common_qrcode', ['text' => $url], UrlGeneratorInterface::ABSOLUTE_URL);
  157.     }
  159.     /**
  160.      * 是否移动端访问访问.
  161.      *
  162.      * @return bool
  163.      */
  164.     protected function isMobileClient()
  165.     {
  166.         // 如果有HTTP_X_WAP_PROFILE则一定是移动设备
  167.         if (isset($_SERVER['HTTP_X_WAP_PROFILE'])) {
  168.             return true;
  169.         }
  171.         // 判断手机发送的客户端标志,兼容性有待提高
  172.         if (isset($_SERVER['HTTP_USER_AGENT'])) {
  173.             $clientkeywords = [
  174.                 'nokia',
  175.                 'sony',
  176.                 'ericsson',
  177.                 'mot',
  178.                 'samsung',
  179.                 'htc',
  180.                 'sgh',
  181.                 'lg',
  182.                 'sharp',
  183.                 'sie-',
  184.                 'philips',
  185.                 'panasonic',
  186.                 'alcatel',
  187.                 'lenovo',
  188.                 'iphone',
  189.                 'ipod',
  190.                 'blackberry',
  191.                 'meizu',
  192.                 'android',
  193.                 'netfront',
  194.                 'symbian',
  195.                 'ucweb',
  196.                 'windowsce',
  197.                 'palm',
  198.                 'operamini',
  199.                 'operamobi',
  200.                 'openwave',
  201.                 'nexusone',
  202.                 'cldc',
  203.                 'midp',
  204.                 'wap',
  205.                 'mobile',
  206.                 'ipad',
  207.             ];
  209.             // 从HTTP_USER_AGENT中查找手机浏览器的关键字
  210.             if (preg_match('/('.implode('|'$clientkeywords).')/i'strtolower($_SERVER['HTTP_USER_AGENT']))) {
  211.                 return true;
  212.             }
  213.         }
  215.         // 如果via信息含有wap则一定是移动设备,部分服务商会屏蔽该信息
  216.         if (isset($_SERVER['HTTP_VIA'])) {
  217.             // 找不到为flase,否则为true
  218.             return (bool) stristr($_SERVER['HTTP_VIA'], 'wap');
  219.         }
  221.         // 协议法,因为有可能不准确,放到最后判断
  222.         if (isset($_SERVER['HTTP_ACCEPT'])) {
  223.             // 如果只支持wml并且不支持html那一定是移动设备
  224.             // 如果支持wml和html但是wml在html之前则是移动设备
  225.             if ((false !== strpos($_SERVER['HTTP_ACCEPT'], 'vnd.wap.wml'))
  226.                 && (false === strpos($_SERVER['HTTP_ACCEPT'], 'text/html')
  227.                     || (strpos($_SERVER['HTTP_ACCEPT'], 'vnd.wap.wml') < strpos($_SERVER['HTTP_ACCEPT'], 'text/html'))
  228.                 )) {
  229.                 return true;
  230.             }
  231.         }
  233.         return false;
  234.     }
  236.     protected function purifyHtml($html$trusted false)
  237.     {
  238.         $biz $this->getBiz();
  239.         $htmlHelper $biz['html_helper'];
  241.         return $htmlHelper->purify($html$trusted);
  242.     }
  244.     protected function trans($id, array $parameters = [], $domain null$locale null)
  245.     {
  246.         return $this->container->get('translator')->trans($id$parameters$domain$locale);
  247.     }
  249.     protected function isPluginInstalled($pluginName)
  250.     {
  251.         return $this->get('kernel')->getPluginConfigurationManager()->isPluginInstalled($pluginName);
  252.     }
  254.     protected function getTargetPath(Request $request)
  255.     {
  256.         if ($request->query->get('goto')) {
  257.             $targetPath $request->query->get('goto');
  258.         } elseif ($request->getSession()->has('_target_path')) {
  259.             $targetPath $request->getSession()->get('_target_path');
  260.         } else {
  261.             $targetPath $request->headers->get('Referer');
  262.         }
  264.         if (false !== strpos($targetPath'/register')) {
  265.             return $this->generateUrl('homepage');
  266.         }
  268.         if ($targetPath == $this->generateUrl('login', [], UrlGeneratorInterface::ABSOLUTE_URL)) {
  269.             return $this->generateUrl('homepage');
  270.         }
  272.         $url explode('?'$targetPath);
  274.         if ($url[0] == $this->generateUrl('partner_logout', [], UrlGeneratorInterface::ABSOLUTE_URL)) {
  275.             return $this->generateUrl('homepage');
  276.         }
  278.         if ($url[0] == $this->generateUrl('password_reset_update', [], UrlGeneratorInterface::ABSOLUTE_URL)) {
  279.             $targetPath $this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL);
  280.         }
  282.         if (strpos($url[0], $request->getPathInfo()) > -1) {
  283.             $targetPath $this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL);
  284.         }
  286.         if (false !== strpos($url[0], 'callback')
  287.             || false !== strpos($url[0], '/login/bind')
  288.             || false !== strpos($url[0], 'crontab')
  289.         ) {
  290.             $targetPath $this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL);
  291.         }
  293.         if (empty($targetPath)) {
  294.             $targetPath $this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL);
  295.         }
  297.         return $this->filterRedirectUrl($targetPath);
  298.     }
  300.     protected function setFlashMessage($level$message)
  301.     {
  302.         $this->get('session')->getFlashBag()->add($level$message);
  303.     }
  305.     protected function agentInWhiteList($userAgent)
  306.     {
  307.         $whiteList = ['iPhone''iPad''Android''HTC'];
  309.         return ArrayToolkit::some(
  310.             $whiteList,
  311.             function ($agent) use ($userAgent) {
  312.                 return strpos($userAgent$agent) > -1;
  313.             }
  314.         );
  315.     }
  317.     protected function createNamedFormBuilder($name$data null, array $options = [])
  318.     {
  319.         return $this->container->get('form.factory')->createNamedBuilder($nameFormType::class, $data$options);
  320.     }
  322.     protected function createJsonResponse($data null$status 200$headers = [])
  323.     {
  324.         return new JsonResponse($data$status$headers);
  325.     }
  327.     protected function createJsonpResponse($data null$callback 'callback'$status 200$headers = [])
  328.     {
  329.         $response $this->createJsonResponse($data$status$headers);
  331.         return $response->setCallback($callback);
  332.     }
  334.     // @todo 此方法是为了和旧的调用兼容,考虑清理掉
  335.     protected function createErrorResponse($request$name$message)
  336.     {
  337.         $error = ['error' => ['name' => $name'message' => $message]];
  339.         return new JsonResponse($error'200');
  340.     }
  342.     /**
  343.      * JSONM
  344.      * https://github.com/lifesinger/lifesinger.github.com/issues/118.
  345.      */
  346.     protected function createJsonmResponse($data)
  347.     {
  348.         $response = new JsonResponse($data);
  349.         $response->setCallback('define');
  351.         return $response;
  352.     }
  354.     /**
  355.      * 创建消息提示响应.
  356.      *
  357.      * @param string $type     消息类型:info, warning, error
  358.      * @param string $message  消息内容
  359.      * @param string $title    消息抬头
  360.      * @param int    $duration 消息显示持续的时间
  361.      * @param string $goto     消息跳转的页面
  362.      *
  363.      * @return Response
  364.      */
  365.     protected function createMessageResponse($type$message$title ''$duration 0$goto null)
  366.     {
  367.         if (!in_array($type, ['info''warning''error'])) {
  368.             throw new \RuntimeException('type error');
  369.         }
  371.         return $this->render(
  372.             'default/message.html.twig',
  373.             [
  374.                 'type' => $type,
  375.                 'message' => $message,
  376.                 'title' => $title,
  377.                 'duration' => $duration,
  378.                 'goto' => $this->filterRedirectUrl($goto),
  379.             ]
  380.         );
  381.     }
  383.     protected function createResourceNotFoundException($resourceType$resourceId$message '')
  384.     {
  385.         return new ResourceNotFoundException($resourceType$resourceId$message);
  386.     }
  388.     protected function createAccessDeniedException(string $message 'Access Denied.', ?\Throwable $previous null): AccessDeniedException
  389.     {
  390.         return new AccessDeniedException($message$previous);
  391.     }
  393.     /**
  394.      * 安全的重定向.
  395.      *
  396.      * 如果url不属于非本站域名下的,则重定向到本周首页。
  397.      *
  398.      * @param $url    string 重定向url
  399.      * @param $status int 重定向时的HTTP状态码
  400.      *
  401.      * @return \Symfony\Component\HttpFoundation\RedirectResponse
  402.      */
  403.     public function redirectSafely($url$status 302)
  404.     {
  405.         $url $this->filterRedirectUrl($url);
  407.         return $this->redirect($url$status);
  408.     }
  410.     /**
  411.      * 过滤URL.
  412.      *
  413.      * 如果url不属于非本站域名下的,则返回本站首页地址。
  414.      *
  415.      * @param $url string 待过滤的$url
  416.      *
  417.      * @return string
  418.      */
  419.     public function filterRedirectUrl($url)
  420.     {
  421.         $host $this->get('request_stack')->getCurrentRequest()->getHost();
  422.         $safeHosts = [$host];
  424.         $parsedUrl parse_url($url);
  425.         $isUnsafeHost = isset($parsedUrl['host']) && !in_array($parsedUrl['host'], $safeHosts);
  427.         if (empty($url) || $isUnsafeHost) {
  428.             $url $this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL);
  429.         }
  431.         return $url;
  432.     }
  434.     /**
  435.      * @param $conditions
  436.      *
  437.      * @return array
  438.      *               // 带有仅自己管理 组建查询的orgIds过滤
  439.      */
  440.     protected function prepareManageTypeOrgIds($conditions)
  441.     {
  442.         if (!isset($conditions['orgIds'])) {
  443.             $orgIds $this->getCurrentUser()->getManageOrgIdsRecursively();
  444.         } else {
  445.             $orgIds explode(','$conditions['orgIds']);
  446.         }
  448.         if (!isset($conditions['orgIds']) || (in_array(0explode(','$conditions['orgIds'])) && '' != $conditions['orgIds'])) {
  449.             $orgIds array_merge([0], $orgIds);
  450.         }
  452.         return $orgIds;
  453.     }
  455.     /**
  456.      * @param $resourceType
  457.      * @param $orgIds
  458.      *
  459.      * @return array
  460.      *               //带仅定管理员查询组件查询参数构造
  461.      */
  462.     protected function prepareManageResourceIds($resourceType$orgIds): array
  463.     {
  464.         $userIds = [];
  465.         if (in_array(0$orgIds)) {
  466.             if ($this->getUser()->isSuperAdmin()) {
  467.                 $userIds $this->getResourceManageClass($resourceType)->searchManageUserIds();
  468.             }
  469.             $userIds[] = $this->getUser()->getId();
  470.         }
  471.         $targetList = [
  472.             'org' => array_values(array_unique($orgIds)),
  473.             'user' => array_values(array_unique($userIds)),
  474.         ];
  475.         if (empty($targetList['org']) && empty($targetList['user'])) {
  476.             return [];
  477.         }
  479.         return $this->getResourceManageClass($resourceType)->searchManageResourceIds($targetList);
  480.     }
  482.     /**
  483.      * @param $fields
  484.      *
  485.      * @return mixed
  486.      *               // 处理资源带有指定管理员权限组件的创建数据
  487.      */
  488.     protected function processResourceManagePermission($fields)
  489.     {
  490.         $resourceManage = [
  491.             'manageType' => 'user',
  492.             'manageTargetIds' => [$this->getCurrentUser()->getId()],
  493.         ];
  494.         if (empty($fields['manageType']) || empty($fields['manageUserIds'])) {
  495.             $fields['resourceManage'] = $resourceManage;
  497.             return $fields;
  498.         }
  499.         if ('org' == $fields['manageType']) {
  500.             $manageOrg = !empty($fields['orgCode']) ? $this->getOrgService()->getOrgByOrgCode($fields['orgCode']) : ($this->getCurrentUser()->getManageOrgIds() ? ['id' => $this->getCurrentUser()->getManageOrgIds()[0]] : []);
  501.             $orgId = empty($manageOrg['id']) ? $this->getCurrentUser()->getCurrentOrgId() : $manageOrg['id'];
  502.             $org $this->getOrgService()->getOrg($orgId);
  503.             if ('org' == $fields['manageType'] && !$this->getCurrentUser()->hasManagePermissionWithOrgCode($org['orgCode'])) {
  504.                 throw $this->createAccessDeniedException($this->trans('所属部门不在你的管理范围内'));
  505.             }
  506.             $resourceManage['manageType'] = 'org';
  507.             $resourceManage['manageTargetIds'] = [$orgId];
  508.         } else {
  509.             $resourceManage['manageTargetIds'] = explode(','$fields['manageUserIds']);
  510.         }
  511.         $fields['resourceManage'] = $resourceManage;
  512.         unset($fields['orgId']);
  513.         unset($fields['orgCode']);
  514.         unset($fields['manageUserIds']);
  516.         return $fields;
  517.     }
  519.     protected function prepareListKeyWordTypeConditions($conditions$resourceType)
  520.     {
  521.         if (!empty($conditions['keyword']) && 'nameLike' == $conditions['keywordType']) {
  522.             $conditions[$conditions['keywordType']] = $conditions['keyword'];
  523.         }
  525.         if (!empty($conditions['keyword']) && 'createdUserId' == $conditions['keywordType']) {
  526.             $users $this->getUserService()->searchUsers(['truename' => $conditions['keyword']], [], 02000, ['id']);
  527.             $conditions['createdUserIds'] = empty($users) ? [-1] : array_column($users'id');
  528.         }
  530.         if (!empty($conditions['keyword']) && 'manageUser' == $conditions['keywordType']) {
  531.             $users $this->getUserService()->searchUsers(['truename' => $conditions['keyword']], [], 02000, ['id''truename']);
  532.             $resourceRecords $this->getResourceManageService()->searchRecords(['manageType' => 'user''resourceType' => $resourceType'targetIds' => empty($users) ? [-1] : array_column($users'id')], [], 0PHP_INT_MAX, ['resourceId']);
  533.             $resourceIds = isset($conditions['ids']) ? array_intersect($conditions['ids'], array_column($resourceRecords'resourceId')) : array_column($resourceRecords'resourceId');
  534.             $conditions['ids'] = empty($resourceIds) ? [-1] : $resourceIds;
  535.         }
  536.         unset($conditions['keywordType']);
  537.         unset($conditions['keyword']);
  539.         return $conditions;
  540.     }
  542.     protected function filterLockedAndDeletedUsers($conditions)
  543.     {
  544.         $conditions['userIds'] = isset($conditions['userIds']) ? $conditions['userIds'] : [];
  546.         $users $this->getUserService()->findDeletedAndLockedUsers();
  547.         $excludeUserIds ArrayToolkit::column($users'id');
  549.         if (empty($excludeUserIds)) {
  550.             return $conditions;
  551.         }
  553.         if (!empty($conditions['userIds'])) {
  554.             $conditions['userIds'] = array_diff($conditions['userIds'], $excludeUserIds);
  555.         }
  557.         return $conditions;
  558.     }
  560.     protected function getResourceManageClass($type): BaseType
  561.     {
  562.         return $this->getBiz()->offsetGet('resource_manage.'.$type);
  563.     }
  565.     /**
  566.      * @return ResourceManageService
  567.      */
  568.     protected function getResourceManageService()
  569.     {
  570.         return $this->createService('ResourceManage:ResourceManageService');
  571.     }
  573.     protected function createSuccessJsonResponse($data = [])
  574.     {
  575.         $data array_merge(['success' => 1], $data);
  577.         return $this->createJsonResponse($data);
  578.     }
  580.     protected function createFailJsonResponse($data = [])
  581.     {
  582.         $data array_merge(['success' => 0], $data);
  584.         return $this->createJsonResponse($data);
  585.     }
  587.     protected function getWebExtension()
  588.     {
  589.         return $this->get('web.twig.extension');
  590.     }
  592.     protected function createService($alias)
  593.     {
  594.         $biz $this->getBiz();
  596.         return $biz->service($alias);
  597.     }
  599.     protected function setting($name$default null)
  600.     {
  601.         return $this->get('web.twig.extension')->getSetting($name$default);
  602.     }
  604.     /**
  605.      * @return ManagePermissionOrgService
  606.      */
  607.     protected function getManagePermissionService()
  608.     {
  609.         return $this->getBiz()->service('CorporateTrainingBundle:ManagePermission:ManagePermissionOrgService');
  610.     }
  612.     /**
  613.      * @return \Biz\User\Service\UserService
  614.      */
  615.     protected function getUserService()
  616.     {
  617.         return $this->getBiz()->service('User:UserService');
  618.     }
  620.     protected function getTokenService()
  621.     {
  622.         return $this->getBiz()->service('User:TokenService');
  623.     }
  625.     /**
  626.      * @return \Biz\System\Service\LogService
  627.      */
  628.     protected function getLogService()
  629.     {
  630.         return $this->getBiz()->service('System:LogService');
  631.     }
  633.     /**
  634.      * @return \Biz\Org\Service\OrgService
  635.      */
  636.     protected function getOrgService()
  637.     {
  638.         return $this->getBiz()->service('Org:OrgService');
  639.     }
  641.     /**
  642.      * @return ResourceAccessScopeService
  643.      */
  644.     protected function getResourceAccessService()
  645.     {
  646.         return $this->createService('CorporateTrainingBundle:ResourceScope:ResourceAccessScopeService');
  647.     }
  649.     /**
  650.      * @return BodoudouApi
  651.      */
  652.     protected function getBodoudouApiService()
  653.     {
  654.         return $this->getBiz()['bodoudou.api'];
  655.     }
  657.     /**
  658.      * @return Validator
  659.      */
  660.     protected function getCommonValidator()
  661.     {
  662.         return $this->getBiz()['common.validator'];
  663.     }
  664. }