merchant_admin/app/service/MenuService.php

<?php
declare (strict_types=1);

namespace app\service;

use app\model\UserRoleModel;
use think\facade\Config;

class MenuService
{
    /**
     * 获取用户菜单列表
     */
    public static function getUserMenus(int $userId): array
    {
        $roleId = getUserRoleId($userId);
        if (!$roleId) {
            return [];
        }
        
        // 超级管理员返回所有菜单
        if (self::isSuperAdmin($roleId)) {
            return Config::get('menu.menus', []);
        }
        
        // 获取用户权限
        $permissions = self::getUserPermissions($roleId);
        
        // 过滤菜单
        $allMenus = Config::get('menu.menus', []);
        return self::filterMenus($allMenus, $permissions);
    }
    
    /**
     * 过滤菜单 - 根据权限返回可见菜单
     */
    private static function filterMenus(array $menus, array $permissions): array
    {
        $filtered = [];
        
        foreach ($menus as $menu) {
            // 检查菜单权限
            if (self::hasMenuPermission($menu, $permissions)) {
                $filteredMenu = $menu;
                
                // 递归过滤子菜单
                if (!empty($menu['children'])) {
                    $filteredMenu['children'] = self::filterMenus($menu['children'], $permissions);
                    
                    // 如果没有子菜单，则不显示父菜单
                    if (empty($filteredMenu['children'])) {
                        continue;
                    }
                }
                
                $filtered[] = $filteredMenu;
            }
        }
        
        return $filtered;
    }
    
    /**
     * 检查菜单权限
     */
    private static function hasMenuPermission(array $menu, array $permissions): bool
    {
        // 如果没有控制器，说明是父菜单，需要检查子菜单
        if (empty($menu['controller'])) {
            return true;
        }
        
        // 如果没有actions配置，则默认有权限
        if (empty($menu['actions'])) {
            return true;
        }
        
        // 检查是否有任一action的权限
        foreach (array_keys($menu['actions']) as $action) {
            $permission = strtolower($menu['controller'] . '.' . $action);
            if (in_array($permission, $permissions)) {
                return true;
            }
        }
        
        return false;
    }
    
    /**
     * 获取用户权限列表
     */
    private static function getUserPermissions(int $roleId): array
    {
        $role = UserRoleModel::find($roleId);
        if (!$role || empty($role->privileges)) {
            return [];
        }
        
        $privileges = json_decode($role->privileges, true);
        if (!is_array($privileges)) {
            return [];
        }
        
        // 转换为权限数组格式: controller.action
        $permissions = [];
        foreach ($privileges as $controller => $actions) {
            if (is_array($actions)) {
                foreach ($actions as $action) {
                    $permissions[] = strtolower($controller . '.' . $action);
                }
            }
        }
        
        return $permissions;
    }
    
    /**
     * 检查是否超级管理员
     */
    private static function isSuperAdmin(int $roleId): bool
    {
        $superAdminIds = Config::get('menu.super_admin_role_ids', []);
        return in_array($roleId, $superAdminIds);
    }

    
    /**
     * 从菜单配置中提取所有权限
     */
    public static function getAllPermissions(): array
    {
        $permissions = [];
        $menus = Config::get('menu.menus', []);
        
        self::extractPermissions($menus, $permissions);
        
        return $permissions;
    }
    
    /**
     * 递归提取权限
     */
    private static function extractPermissions(array $menus, array &$permissions): void
    {
        foreach ($menus as $menu) {
            if (!empty($menu['controller']) && !empty($menu['actions'])) {
                $controller = $menu['controller'];
                
                if (!isset($permissions[$controller])) {
                    $permissions[$controller] = [
                        'name' => $menu['title'],
                        'actions' => []
                    ];
                }
                
                foreach ($menu['actions'] as $action => $desc) {
                    $permissions[$controller]['actions'][$action] = $desc;
                }
            }
            
            if (!empty($menu['children'])) {
                self::extractPermissions($menu['children'], $permissions);
            }
        }
    }
    
    /**
     * 检查用户权限
     */
    public static function checkPermission(int $userId, string $controller, string $action): bool
    {
        // 检查是否在白名单中
        if (self::isWhitelisted($controller, $action)) {
            return true;
        }
        
        $roleId = getUserRoleId($userId);
        if (!$roleId) {
            return false;
        }
        
        // 超级管理员拥有所有权限
        if (self::isSuperAdmin($roleId)) {
            return true;
        }
        
        // 获取用户权限
        $permissions = self::getUserPermissions($roleId);
        $permission = strtolower($controller . '.' . $action);
        
        return in_array($permission, $permissions);
    }
    
    /**
     * 检查是否在白名单中
     */
    private static function isWhitelisted(string $controller, string $action): bool
    {
        $whitelist = Config::get('menu.permission_whitelist', []);
        
        // 检查控制器级别白名单
        $controllers = $whitelist['controllers'] ?? [];
        if (in_array($controller, $controllers)) {
            return true;
        }
        
        // 检查具体方法白名单
        $actions = $whitelist['actions'] ?? [];
        $current = $controller . '/' . $action;
        if (in_array($current, $actions)) {
            return true;
        }
        
        return false;
    }
    
    /**
     * 获取权限组配置
     */
    public static function getPermissionGroups(): array
    {
        return Config::get('menu.permission_groups', []);
    }
    
    /**
     * 根据权限组获取权限
     */
    public static function getPermissionsByGroup(string $groupName): array
    {
        $groups = self::getPermissionGroups();
        return $groups[$groupName]['permissions'] ?? [];
    }
}