wbw 支持权限判断

app/channal/function.php

@@ -47,7 +47,7 @@ class Channal extends Table
 
 	}
 	public function getPower($id){
-		#查询用户对此channel是否有权限		
+		#查询用户对此channel是否有权限
 		if(isset($_COOKIE["userid"])){
 			$userId = $_COOKIE["userid"];
 		}

app/channal/get.php

@@ -27,7 +27,7 @@ foreach ($my_group as $key => $value) {
 $channelList = array();
 
 //找自己的
-PDO_Connect(""._FILE_DB_CHANNAL_);
+PDO_Connect(_FILE_DB_CHANNAL_);
 $query = "SELECT id,owner,name,status,lang FROM channal WHERE owner = ?  LIMIT 0,100";
 $Fetch_my = PDO_FetchAll($query,array($_COOKIE["userid"]));
 
@@ -38,7 +38,6 @@ foreach ($Fetch_my as $key => $value) {
 
 # 找协作的
 $coop_channal =  share_res_list_get($_COOKIE["userid"],2);
-$Fetch_coop = array();
 foreach ($coop_channal as $key => $value) {
 	# return res_id,res_type,power res_title  res_owner_id
 	if(isset($channelList[$value["res_id"]])){

app/channal/my_channal_post.php

@@ -46,7 +46,7 @@ else{
 		}
 	}
     // 设置 句子库和逐词译库可见性
-    PDO_Connect(""._FILE_DB_SENTENCE_);
+    PDO_Connect(_FILE_DB_SENTENCE_);
     $query="UPDATE sentence SET language = ?  , status = ? where  channal = ?  ";
     $sth = PDO_Execute($query,array($_POST["lang"],$_POST["status"],$_POST["id"]));
     if (!$sth || ($sth && $sth->errorCode() != 0)) {
@@ -54,17 +54,16 @@ else{
         $respond['status']=1;
         $respond['message']=$error[2];
     }
-    else{
-        // 设置 逐词译库可见性
-        PDO_Connect(""._FILE_DB_USER_WBW_);
-        $query="UPDATE wbw_block SET lang = ?  , status = ? where  channal = ?  ";
-        $sth = PDO_Execute($query,array($_POST["lang"],$_POST["status"],$_POST["id"]));
-        if (!$sth || ($sth && $sth->errorCode() != 0)) {
-            $error = PDO_ErrorInfo();
-            $respond['status']=1;
-            $respond['message']=$error[2];
-        }
-    }
+
+	// 设置 逐词译库可见性
+	PDO_Connect(_FILE_DB_USER_WBW_);
+	$query="UPDATE wbw_block SET lang = ?  , status = ? where  channal = ?  ";
+	$sth = PDO_Execute($query,array($_POST["lang"],$_POST["status"],$_POST["id"]));
+	if (!$sth || ($sth && $sth->errorCode() != 0)) {
+		$error = PDO_ErrorInfo();
+		$respond['status']=1;
+		$respond['message']=$error[2];
+	}	
 }
 
 echo json_encode($respond, JSON_UNESCAPED_UNICODE);

app/db/table.php

@@ -23,6 +23,23 @@ class Table
 	public function setField($setting){
 		$this->field_setting = $setting;
 	}
+	protected function fetch($query,$params){
+		if (isset($params)) {
+			$stmt = $this->dbh->prepare($query);
+			if($stmt){
+				$stmt->execute($params);
+			}
+			
+		} else {
+			$stmt = $PDO->query($query);
+		}
+		if($stmt){
+			return $stmt->fetch(PDO::FETCH_ASSOC);
+		}
+		else{
+			return false;
+		}
+	}
 	public function syncList($time){
 
 	}

app/db/wbw_block.php

@@ -0,0 +1,29 @@
+<?php
+require_once "../path.php";
+require_once "../db/table.php";
+require_once "../channal/function.php";
+
+class WbwBlock extends Table
+{
+    function __construct($redis=false) {
+		parent::__construct(_FILE_DB_USER_WBW_, "wbw_block", "", "",$redis);
+    }
+
+	public function getPower($blockId){
+		$channelInfo = new Channal($this->redis);
+		$power = 0;
+		$query = "SELECT channal,owner from wbw_block   where id= ?  ";
+		$row = $this->fetch($query,array($blockId));
+		if($row ){
+			if(empty($row["channal"])){
+				if($row["owner"]==$_COOKIE["userid"]){
+					$power = 30;
+				}
+			}
+			else{
+				$power = $channelInfo->getPower($row["channal"]);
+			}
+		}
+		return $power;
+	}
+}

app/uwbw/sync_block.php

@@ -1,39 +0,0 @@
-<?php
-//header('Content-type: application/json; charset=utf8');
-
-require_once "../path.php";
-require_once "../sync/function.php";
-
-$input = (object) [
-    "database" =>  _FILE_DB_USER_WBW_,
-    "table" =>  "wbw_block",
-    "uuid" =>  "id",
-    "modify_time" =>  "modify_time",
-    "receive_time" =>  "receive_time",
-    "insert" => [
-        "id",
-        "parent_id",
-        "book",
-        "paragraph",
-        "owner",
-        "lang",
-        "author",
-        "editor",
-        "tag",
-        "status",
-        "modify_time",
-        "receive_time"
-    ],
-    "update" =>  [
-        "lang",
-        "author",
-        "editor",
-        "tag",
-        "status",
-        "receive_time"
-    ]    
-];
-
-do_sync($input);
-
-?>

app/uwbw/sync_wbw.php

@@ -1,39 +0,0 @@
-<?php
-//header('Content-type: application/json; charset=utf8');
-
-require_once "../path.php";
-require_once "../sync/function.php";
-
-$input = (object) [
-    "database" =>  _FILE_DB_USER_WBW_,
-    "table" =>  "wbw",
-    "uuid" =>  "id",
-    "modify_time" =>  "modify_time",
-    "receive_time" =>  "receive_time",
-    "insert" => [
-        "id",
-        "parent_id",
-        "book",
-        "paragraph",
-        "owner",
-        "lang",
-        "author",
-        "editor",
-        "tag",
-        "status",
-        "modify_time",
-        "receive_time"
-    ],
-    "update" =>  [
-        "lang",
-        "author",
-        "editor",
-        "tag",
-        "status",
-        "receive_time"
-    ]    
-];
-
-do_sync($input);
-
-?>

app/uwbw/update.php

@@ -7,9 +7,15 @@ require_once "../public/_pdo.php";
 require_once "../public/function.php";
 require_once "../ucenter/active.php";
 require_once "../redis/function.php";
+require_once "../channal/function.php";
+require_once "../db/wbw_block.php";
+
 
 $respond['status'] = 0;
 $respond['message'] = "";
+$redis = redis_connect();
+$channelInfo = new Channal($redis);
+$_WbwBlock = new WbwBlock($redis);
 
 if (isset($_POST["data"])) {
     $aData = json_decode($_POST["data"]);
@@ -25,13 +31,29 @@ if (count($aData) > 0) {
 
     PDO_Connect(_FILE_DB_USER_WBW_);
 
+	#确定block id 的写入权限
+	$listBlockId=array();
+	foreach ($aData as $data) {
+        $listBlockId[$data->block_id]=0;
+    }
+	#查询channel 的 权限
+	$maxPower=0;
+	foreach ($listBlockId as $key => $value) {
+		$listBlockId[$key] = $_WbwBlock->getPower($key);
+		if($listBlockId[$key]>$maxPower){
+			$maxPower = $listBlockId[$key];
+		}
+	}
+
     /* 开始一个事务，关闭自动提交 */
     $PDO->beginTransaction();
     $query = "UPDATE wbw SET data= ?  , receive_time= ?  , modify_time= ?   where block_id= ?  and wid= ?  ";
     $sth = $PDO->prepare($query);
 
     foreach ($aData as $data) {
-        $sth->execute(array($data->data, mTime(), $data->time, $data->block_id, $data->word_id));
+		if($listBlockId[$data->block_id]>=20){
+			$sth->execute(array($data->data, mTime(), $data->time, $data->block_id, $data->word_id));
+		}
     }
     $PDO->commit();
 
@@ -48,9 +70,14 @@ if (count($aData) > 0) {
         $respond['status'] = 0;
         $respond['message'] = "成功";
     }
+	
+	if($maxPower<20){
+		$respond['status'] = 1;
+        $respond['message'] = "没有修改权限";
+	}
 	if (count($aData) ==1){
-		$redis = redis_connect();
 		try {
+			#将数据插入redis 作为自动匹配最新数据
 			if($redis){
 				$xmlString = "<root>" . $data->data . "</root>";
 				$xmlWord = simplexml_load_string($xmlString);

app/uwbw/wbw_channel_list.php

@@ -53,11 +53,23 @@ foreach ($coop_channal as $key => $value) {
 		$channelList[$value["res_id"]]=array("power"=>(int)$value["power"]);
 	}
 }
+
+# 查询全网公开 的
+PDO_Connect( _FILE_DB_USER_WBW_);
+$query = "SELECT  channal FROM wbw_block WHERE  paragraph IN ($place_holders)  AND book = ? AND channal IS NOT NULL AND status = 30 group by channal ";
+$publicChannel = PDO_FetchAll($query, $params);
+foreach ($publicChannel as $key => $channel) {
+	# code...
+	if(!isset($channelList[$channel["channal"]])){
+		$channelList[$channel["channal"]]=array("power"=>10);
+	}
+}
+
 $channelInfo = new Channal($redis);
 $i = 0;
 $outputData = array();
 
-PDO_Connect( _FILE_DB_USER_WBW_);
+
 foreach ($channelList as $key => $row) {
     $queryParam = $params;
     $queryParam[] = $key;
@@ -72,8 +84,7 @@ foreach ($channelList as $key => $row) {
 	$outputData[]=$channelList[$key];
 }
 
-# 查询全网公开 
-$query = "SELECT count(*) as co , channal FROM wbw_block WHERE  paragraph IN ($place_holders)  AND book = ? AND channal IS NOT NULL AND status = 30 group by channal ";
+
 
 
 $output["data"] = $outputData;