后台菜单和权限管理
主要php⽂件:
1,admin/includes/inc_menu.php ECSHOP管理中⼼菜单数组--配置菜单组及URL
2,languages/zh_cn/admin/common.php ECSHOP管理中⼼共⽤语⾔⽂件--配置菜单显⽰名3,admin/includes/inc_priv.php ECSHOP权限对照表--将菜单action与权限绑定
4,languages/zh_cn/admin/priv_action.php ECSHOP权限名称语⾔⽂件---配置权限显⽰的中⽂名主要数据表:ecs_admin_action
这⾥⽤后台商品管理来说明这⼏个配置⽂件:
权限:
1.ecs_admin_action 管理员权限表。权限以分组的形式存储,⾸先要添加⼀个权限管理的⼀级分组节点(此权限分组节点仅作为分组归类,没有实际权限控制作⽤),再添加所属的权限名。配置摘要:
+-----------+-----------+------------------+------------+
| action_id | parent_id | action_code | relevance |+-----------+-----------+------------------+------------+| 1 | 0 | goods | |
| 21 | 1 | goods_manage | || 22 | 1 | remove_back | || 23 | 1 | cat_manage | || 24 | 1 | cat_drop | cat_manage || 25 | 1 | attr_manage | || 26 | 1 | brand_manage | || 27 | 1 | comment_priv | || 84 | 1 | tag_manage | || 70 | 1 | goods_type | || 94 | 1 | goods_auto | || 103 | 1 | virualcard | || 105 | 1 | picture_batch | || 106 | 1 | goods_export | || 107 | 1 | goods_batch | || 108 | 1 | gen_goods_script | |+-----------+-----------+------------------+------------+#第⼀条goods就是下⾯权限的⽗权限
2.priv_action.php 权限名称语⾔⽂件。设置权限的中⽂名称,⼀般⽤于在修改⾓⾊权限时显⽰中⽂权限名称。配置摘要:
/* 权限管理的⼀级分组 */
$_LANG['goods'] = '商品管理';
//商品管理部分的权限
$_LANG['goods_manage'] = '商品添加/编辑';$_LANG['remove_back'] = '商品删除/恢复';$_LANG['cat_manage'] = '分类添加/编辑';$_LANG['cat_drop'] = '分类转移/删除';$_LANG['attr_manage'] = '商品属性管理';$_LANG['brand_manage'] = '商品品牌管理';$_LANG['comment_priv'] = '⽤户评论管理';$_LANG['goods_type'] = '商品类型';$_LANG['tag_manage'] = '标签管理';
$_LANG['goods_auto'] = '商品⾃动上下架';$_LANG['topic_manage'] = '专题管理';$_LANG['virualcard'] = '虚拟卡管理';
$_LANG['picture_batch'] = '图⽚批量处理';$_LANG['goods_export'] = '商品批量导出';$_LANG['goods_batch'] = '商品批量上传/修改';$_LANG['gen_goods_script'] = '⽣成商品代码';$_LANG['suppliers_goods'] = '供货商商品管理';
菜单:
3.inc_menu.php 管理中⼼菜单数组。显⽰在后台左侧的菜单项。以多维数组形式来表⽰菜单的分级,第⼀维即是顶级菜单。配置摘要:
$modules['02_cat_and_goods']['01_goods_list'] = 'goods.php?act=list'; // 商品列表$modules['02_cat_and_goods']['02_goods_add'] = 'goods.php?act=add'; // 添加商品$modules['02_cat_and_goods']['03_category_list'] = 'category.php?act=list';
$modules['02_cat_and_goods']['05_comment_manage'] = 'comment_manage.php?act=list';$modules['02_cat_and_goods']['06_goods_brand_list'] = 'brand.php?act=list';
$modules['02_cat_and_goods']['08_goods_type'] = 'goods_type.php?act=manage';
$modules['02_cat_and_goods']['11_goods_trash'] = 'goods.php?act=trash'; // 商品回收站$modules['02_cat_and_goods']['12_batch_pic'] = 'picture_batch.php';
$modules['02_cat_and_goods']['13_batch_add'] = 'goods_batch.php?act=add'; // 商品批量上传$modules['02_cat_and_goods']['14_goods_export'] = 'goods_export.php?act=goods_export';
$modules['02_cat_and_goods']['15_batch_edit'] = 'goods_batch.php?act=select'; // 商品批量修改$modules['02_cat_and_goods']['16_goods_script'] = 'gen_goods_script.php?act=setup';$modules['02_cat_and_goods']['17_tag_manage'] = 'tag_manage.php?act=list';
$modules['02_cat_and_goods']['50_virtual_card_list'] = 'goods.php?act=list&extension_code=virtual_card';$modules['02_cat_and_goods']['51_virtual_card_add'] = 'goods.php?act=add&extension_code=virtual_card';$modules['02_cat_and_goods']['52_virtual_card_change'] = 'virtual_card.php?act=change';$modules['02_cat_and_goods']['goods_auto'] = 'goods_auto.php?act=list';
4.common.php 管理中⼼共⽤语⾔⽂件。设置inc_menu中设置的菜单的中⽂名称,每⼀维都要设置名称。配置摘要:
/* 菜单分类部分 */
$_LANG['02_cat_and_goods'] = '商品管理';/* 商品管理 */
$_LANG['01_goods_list'] = '商品列表';$_LANG['02_goods_add'] = '添加新商品';$_LANG['03_category_list'] = '商品分类';$_LANG['04_category_add'] = '添加分类';
$_LANG['05_comment_manage'] = '⽤户评论';$_LANG['06_goods_brand_list'] = '商品品牌';$_LANG['07_brand_add'] = '添加品牌';$_LANG['08_goods_type'] = '商品类型';$_LANG['09_attribute_list'] = '商品属性';$_LANG['10_attribute_add'] = '添加属性';$_LANG['11_goods_trash'] = '商品回收站';$_LANG['12_batch_pic'] = '图⽚批量处理';$_LANG['13_batch_add'] = '商品批量上传';$_LANG['15_batch_edit'] = '商品批量修改';$_LANG['16_goods_script'] = '⽣成商品代码';$_LANG['17_tag_manage'] = '标签管理';$_LANG['18_product_list'] = '货品列表';$_LANG['52_attribute_add'] = '编辑属性';
$_LANG['53_suppliers_goods'] = '供货商商品管理';$_LANG['14_goods_export'] = '商品批量导出';$_LANG['50_virtual_card_list'] = '虚拟商品列表';$_LANG['51_virtual_card_add'] = '添加虚拟商品';$_LANG['52_virtual_card_change'] = '更改加密串';$_LANG['goods_auto'] = '商品⾃动上下架';
将菜单链接的Action与权限关联:
5.inc_priv.php 权限对照表。⼀个菜单指向的Action页可能只使⽤⼀个权限,也可能使⽤多个权限,Action对应多个权限时,使⽤数组来表⽰。
如代号02_goods_add的商品添加Action只调⽤了goods_manage权限,因此配置为:$purview['02_goods_add'] = 'goods_manage'; ⽽代号01_goods_list的商品列表页包含的操作多,因此调⽤多个权限:$purview['01_goods_list']= array('goods_manage', 'remove_back');
配置摘要:
//商品管理权限
$purview['01_goods_list'] = array('goods_manage', 'remove_back'); $purview['02_goods_add'] = 'goods_manage';
$purview['03_category_list'] = array('cat_manage', 'cat_drop'); //分类添加、分类转移和删除 $purview['05_comment_manage'] = 'comment_priv'; $purview['06_goods_brand_list'] = 'brand_manage';
$purview['08_goods_type'] = 'attr_manage'; //商品属性
$purview['11_goods_trash'] = array('goods_manage', 'remove_back'); $purview['12_batch_pic'] = 'picture_batch'; $purview['13_batch_add'] = 'goods_batch'; $purview['14_goods_export'] = 'goods_export'; $purview['15_batch_edit'] = 'goods_batch';
$purview['16_goods_script'] = 'gen_goods_script'; $purview['17_tag_manage'] = 'tag_manage'; $purview['50_virtual_card_list'] = 'virualcard'; $purview['51_virtual_card_add'] = 'virualcard'; $purview['52_virtual_card_change'] = 'virualcard'; $purview['goods_auto'] = 'goods_auto';
在Action中判断管理员是否有改访问操作权限:
ec内置两个函数:
1. admin_priv(权限名); 权限不通过时跳转的⽅式提⽰;
2. check_authz_json(权限名);权限不通过时返回json提⽰数据,⼀般与make_json_result 或 make_json_error 配合返回数据/错误信息使⽤。6.admin/goods.php 代码摘要:
/*------------------------------------------------------ *///-- 商品列表,商品回收站
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'list' || $_REQUEST['act'] == 'trash'){
admin_priv('goods_manage');
........................................
/*------------------------------------------------------ *///-- 修改商品货号
/*------------------------------------------------------ */elseif ($_REQUEST['act'] == 'edit_goods_sn'){
check_authz_json('goods_manage');
$goods_id = intval($_POST['id']);
$goods_sn = json_str_iconv(trim($_POST['val']));
/* 检查是否重复 */
if (!$exc->is_only('goods_sn', $goods_sn, $goods_id)) {
make_json_error($_LANG['goods_sn_exists']); }
$sql=\"SELECT goods_id FROM \". $ecs->table('products').\"WHERE product_sn='$goods_sn'\"; if($db->getOne($sql)) {
make_json_error($_LANG['goods_sn_exists']); }
if ($exc->edit(\"goods_sn = '$goods_sn', last_update=\" .gmtime(), $goods_id)) {
clear_cache_files();
make_json_result(stripslashes($goods_sn)); }}
......................
经验分割线
【注意】
1,菜单组的权限控制不⼀定要与权限绑定,可以直接使⽤admin_priv(action_code)控制菜单指向的action的访问权限。2,action_code就是权限名。
添加⼀个新后台菜单权限的流程:
1.在ecs_admin_action表中添加action信息;action_idparent_idaction_code 222223
2.inc_menu.php中添加菜单action和url
#[菜单组名][⾃定义菜单的action名]=action的url
$modules['17_action_test']['a_test_action'] = 'test_action.php?act=list';
$modules['17_action_test']['a_test_child'] = 'test_action.php?act=test_child';
0222
test_actiontest_child
3.在common.php中添加菜单中⽂名
#对应上述菜单的配置名
$_LANG['17_action_test'] = '测试菜单'; #顶级菜单(菜单组名)$_LANG['a_test_action'] = '测试⽗权限 '; #⼦菜单$_LANG['a_test_child'] = '测试⼦权限 ';
*此时刷新可以看到管理列表多出了测试菜单组。4.在inc_priv.php新增对应 该action的权限对照名
#权限对照名=权限名(action_code),权限对照名要对应菜单action名$purview['a_test_action'] = 'test_action';$purview['a_test_child'] = 'test_child';
5.在priv_action.php为action权限配置⼀个中⽂名。#权限名(action_code)=权限中⽂名$_LANG['test_action'] = '测试⽗权限 ';$_LANG['test_child'] = '测试⼦权限 ';
*此时在⾓⾊管理可以看到多出了这两个权限中⽂名。
6.编辑新增admin/test_action.php,代码如下:
1 4 * ECSHOP 权限管理测试页 5 * $Author: GaZeon 6 */
7 define('IN_ECS', true); 8
9 require(dirname(__FILE__) . '/includes/init.php');10 11
12 if ($_REQUEST['act'] == 'list')
13 {
14 /* 检查权限 */
15 admin_priv('test_action');16
17 echo '访问权限通过,欢迎来到⽗权限测试';18 }
19 else if ($_REQUEST['act'] == 'test_child')20 {
21 /* 检查权限 */
22 admin_priv('test_child');23
24 echo '访问权限通过,欢迎来到⼦权限测试';25 }
主要php⽂件:
1,admin/includes/inc_menu.php ECSHOP管理中⼼菜单数组--配置菜单组及URL
2,languages/zh_cn/admin/common.php ECSHOP管理中⼼共⽤语⾔⽂件--配置菜单显⽰名3,admin/includes/inc_priv.php ECSHOP权限对照表--将菜单action与权限绑定
4,languages/zh_cn/admin/priv_action.php ECSHOP权限名称语⾔⽂件---配置权限显⽰的中⽂名主要数据表:ecs_admin_action
这⾥⽤后台商品管理来说明这⼏个配置⽂件:
权限:
1.ecs_admin_action 管理员权限表。权限以分组的形式存储,⾸先要添加⼀个权限管理的⼀级分组节点(此权限分组节点仅作为分组归类,没有实际权限控制作⽤),再添加所属的权限名。配置摘要:
+-----------+-----------+------------------+------------+
| action_id | parent_id | action_code | relevance |+-----------+-----------+------------------+------------+| 1 | 0 | goods | |
| 21 | 1 | goods_manage | || 22 | 1 | remove_back | || 23 | 1 | cat_manage | || 24 | 1 | cat_drop | cat_manage || 25 | 1 | attr_manage | || 26 | 1 | brand_manage | || 27 | 1 | comment_priv | || 84 | 1 | tag_manage | || 70 | 1 | goods_type | || 94 | 1 | goods_auto | || 103 | 1 | virualcard | || 105 | 1 | picture_batch | || 106 | 1 | goods_export | || 107 | 1 | goods_batch | || 108 | 1 | gen_goods_script | |+-----------+-----------+------------------+------------+#第⼀条goods就是下⾯权限的⽗权限
2.priv_action.php 权限名称语⾔⽂件。设置权限的中⽂名称,⼀般⽤于在修改⾓⾊权限时显⽰中⽂权限名称。配置摘要:
/* 权限管理的⼀级分组 */
$_LANG['goods'] = '商品管理';
//商品管理部分的权限
$_LANG['goods_manage'] = '商品添加/编辑';$_LANG['remove_back'] = '商品删除/恢复';$_LANG['cat_manage'] = '分类添加/编辑';$_LANG['cat_drop'] = '分类转移/删除';$_LANG['attr_manage'] = '商品属性管理';$_LANG['brand_manage'] = '商品品牌管理';$_LANG['comment_priv'] = '⽤户评论管理';$_LANG['goods_type'] = '商品类型';$_LANG['tag_manage'] = '标签管理';
$_LANG['goods_auto'] = '商品⾃动上下架';$_LANG['topic_manage'] = '专题管理';$_LANG['virualcard'] = '虚拟卡管理';
$_LANG['picture_batch'] = '图⽚批量处理';$_LANG['goods_export'] = '商品批量导出';$_LANG['goods_batch'] = '商品批量上传/修改';$_LANG['gen_goods_script'] = '⽣成商品代码';$_LANG['suppliers_goods'] = '供货商商品管理';
菜单:
3.inc_menu.php 管理中⼼菜单数组。显⽰在后台左侧的菜单项。以多维数组形式来表⽰菜单的分级,第⼀维即是顶级菜单。配置摘要:
$modules['02_cat_and_goods']['01_goods_list'] = 'goods.php?act=list'; // 商品列表$modules['02_cat_and_goods']['02_goods_add'] = 'goods.php?act=add'; // 添加商品$modules['02_cat_and_goods']['03_category_list'] = 'category.php?act=list';
$modules['02_cat_and_goods']['05_comment_manage'] = 'comment_manage.php?act=list';$modules['02_cat_and_goods']['06_goods_brand_list'] = 'brand.php?act=list';
$modules['02_cat_and_goods']['08_goods_type'] = 'goods_type.php?act=manage';
$modules['02_cat_and_goods']['11_goods_trash'] = 'goods.php?act=trash'; // 商品回收站$modules['02_cat_and_goods']['12_batch_pic'] = 'picture_batch.php';
$modules['02_cat_and_goods']['13_batch_add'] = 'goods_batch.php?act=add'; // 商品批量上传$modules['02_cat_and_goods']['14_goods_export'] = 'goods_export.php?act=goods_export';
$modules['02_cat_and_goods']['15_batch_edit'] = 'goods_batch.php?act=select'; // 商品批量修改$modules['02_cat_and_goods']['16_goods_script'] = 'gen_goods_script.php?act=setup';$modules['02_cat_and_goods']['17_tag_manage'] = 'tag_manage.php?act=list';
$modules['02_cat_and_goods']['50_virtual_card_list'] = 'goods.php?act=list&extension_code=virtual_card';$modules['02_cat_and_goods']['51_virtual_card_add'] = 'goods.php?act=add&extension_code=virtual_card';$modules['02_cat_and_goods']['52_virtual_card_change'] = 'virtual_card.php?act=change';$modules['02_cat_and_goods']['goods_auto'] = 'goods_auto.php?act=list';
4.common.php 管理中⼼共⽤语⾔⽂件。设置inc_menu中设置的菜单的中⽂名称,每⼀维都要设置名称。配置摘要:
/* 菜单分类部分 */
$_LANG['02_cat_and_goods'] = '商品管理';/* 商品管理 */
$_LANG['01_goods_list'] = '商品列表';$_LANG['02_goods_add'] = '添加新商品';$_LANG['03_category_list'] = '商品分类';$_LANG['04_category_add'] = '添加分类';
$_LANG['05_comment_manage'] = '⽤户评论';$_LANG['06_goods_brand_list'] = '商品品牌';$_LANG['07_brand_add'] = '添加品牌';$_LANG['08_goods_type'] = '商品类型';$_LANG['09_attribute_list'] = '商品属性';$_LANG['10_attribute_add'] = '添加属性';$_LANG['11_goods_trash'] = '商品回收站';$_LANG['12_batch_pic'] = '图⽚批量处理';$_LANG['13_batch_add'] = '商品批量上传';$_LANG['15_batch_edit'] = '商品批量修改';$_LANG['16_goods_script'] = '⽣成商品代码';$_LANG['17_tag_manage'] = '标签管理';$_LANG['18_product_list'] = '货品列表';$_LANG['52_attribute_add'] = '编辑属性';
$_LANG['53_suppliers_goods'] = '供货商商品管理';$_LANG['14_goods_export'] = '商品批量导出';$_LANG['50_virtual_card_list'] = '虚拟商品列表';$_LANG['51_virtual_card_add'] = '添加虚拟商品';$_LANG['52_virtual_card_change'] = '更改加密串';$_LANG['goods_auto'] = '商品⾃动上下架';
将菜单链接的Action与权限关联:
5.inc_priv.php 权限对照表。⼀个菜单指向的Action页可能只使⽤⼀个权限,也可能使⽤多个权限,Action对应多个权限时,使⽤数组来表⽰。
如代号02_goods_add的商品添加Action只调⽤了goods_manage权限,因此配置为:$purview['02_goods_add'] = 'goods_manage'; ⽽代号01_goods_list的商品列表页包含的操作多,因此调⽤多个权限:$purview['01_goods_list']= array('goods_manage', 'remove_back');配置摘要:
//商品管理权限
$purview['01_goods_list'] = array('goods_manage', 'remove_back'); $purview['02_goods_add'] = 'goods_manage';
$purview['03_category_list'] = array('cat_manage', 'cat_drop'); //分类添加、分类转移和删除 $purview['05_comment_manage'] = 'comment_priv'; $purview['06_goods_brand_list'] = 'brand_manage';
$purview['08_goods_type'] = 'attr_manage'; //商品属性
$purview['11_goods_trash'] = array('goods_manage', 'remove_back'); $purview['12_batch_pic'] = 'picture_batch'; $purview['13_batch_add'] = 'goods_batch'; $purview['14_goods_export'] = 'goods_export'; $purview['15_batch_edit'] = 'goods_batch';
$purview['16_goods_script'] = 'gen_goods_script'; $purview['17_tag_manage'] = 'tag_manage'; $purview['50_virtual_card_list'] = 'virualcard'; $purview['51_virtual_card_add'] = 'virualcard'; $purview['52_virtual_card_change'] = 'virualcard'; $purview['goods_auto'] = 'goods_auto';
在Action中判断管理员是否有改访问操作权限:ec内置两个函数:
1. admin_priv(权限名); 权限不通过时跳转的⽅式提⽰;
2. check_authz_json(权限名);权限不通过时返回json提⽰数据,⼀般与make_json_result 或 make_json_error 配合返回数据/错误信息使⽤。6.admin/goods.php 代码摘要:
/*------------------------------------------------------ *///-- 商品列表,商品回收站
/*------------------------------------------------------ */
if ($_REQUEST['act'] == 'list' || $_REQUEST['act'] == 'trash'){
admin_priv('goods_manage');........................................
/*------------------------------------------------------ *///-- 修改商品货号
/*------------------------------------------------------ */elseif ($_REQUEST['act'] == 'edit_goods_sn'){
check_authz_json('goods_manage');
$goods_id = intval($_POST['id']);
$goods_sn = json_str_iconv(trim($_POST['val']));
/* 检查是否重复 */
if (!$exc->is_only('goods_sn', $goods_sn, $goods_id)) {
make_json_error($_LANG['goods_sn_exists']); }
$sql=\"SELECT goods_id FROM \". $ecs->table('products').\"WHERE product_sn='$goods_sn'\"; if($db->getOne($sql)) {
make_json_error($_LANG['goods_sn_exists']); }
if ($exc->edit(\"goods_sn = '$goods_sn', last_update=\" .gmtime(), $goods_id)) {
clear_cache_files();
make_json_result(stripslashes($goods_sn)); }}
......................
经验分割线
【注意】
1,菜单组的权限控制不⼀定要与权限绑定,可以直接使⽤admin_priv(action_code)控制菜单指向的action的访问权限。2,action_code就是权限名。
添加⼀个新后台菜单权限的流程:1.在ecs_admin_action表中添加action信息;
action_idparent_idaction_code 222223
0222
test_actiontest_child
2.inc_menu.php中添加菜单action和url
#[菜单组名][⾃定义菜单的action名]=action的url
$modules['17_action_test']['a_test_action'] = 'test_action.php?act=list';
$modules['17_action_test']['a_test_child'] = 'test_action.php?act=test_child';
3.在common.php中添加菜单中⽂名
#对应上述菜单的配置名
$_LANG['17_action_test'] = '测试菜单'; #顶级菜单(菜单组名)$_LANG['a_test_action'] = '测试⽗权限 '; #⼦菜单$_LANG['a_test_child'] = '测试⼦权限 ';
*此时刷新可以看到管理列表多出了测试菜单组。4.在inc_priv.php新增对应 该action的权限对照名
#权限对照名=权限名(action_code),权限对照名要对应菜单action名$purview['a_test_action'] = 'test_action';$purview['a_test_child'] = 'test_child';
5.在priv_action.php为action权限配置⼀个中⽂名。
#权限名(action_code)=权限中⽂名$_LANG['test_action'] = '测试⽗权限 ';$_LANG['test_child'] = '测试⼦权限 ';
*此时在⾓⾊管理可以看到多出了这两个权限中⽂名。
6.编辑新增admin/test_action.php,代码如下:
1 4 * ECSHOP 权限管理测试页 5 * $Author: GaZeon 6 */
7 define('IN_ECS', true); 8
9 require(dirname(__FILE__) . '/includes/init.php');10 11
12 if ($_REQUEST['act'] == 'list')13 {
14 /* 检查权限 */
15 admin_priv('test_action');16
17 echo '访问权限通过,欢迎来到⽗权限测试';18 }
19 else if ($_REQUEST['act'] == 'test_child')20 {
21 /* 检查权限 */
22 admin_priv('test_child');23
24 echo '访问权限通过,欢迎来到⼦权限测试';25 }
因篇幅问题不能全部显示,请点此查看更多更全内容