args[0] ?? 'processedScopes'; // 如果没有提供权限列表，使用默认权限 if (empty($value)) { $value = ['USER_READ', 'GAME_READ']; } // 确保是数组 if (!is_array($value)) { $this->addError('权限范围必须是数组格式'); return false; } // 验证权限范围数量 if (count($value) > 20) { $this->addError('权限范围数量不能超过20个'); return false; } // 获取所有有效权限 $validScopes = $this->getAllValidScopes(); $processedScopes = []; foreach ($value as $scope) { if (!is_string($scope)) { $this->addError('权限范围必须是字符串'); return false; } $scope = trim($scope); if (empty($scope)) { continue; } // 验证权限是否有效 if (!in_array($scope, $validScopes)) { $this->addError("无效的权限范围: {$scope}"); return false; } $processedScopes[] = $scope; } // 去重 $processedScopes = array_unique($processedScopes); if (empty($processedScopes)) { $this->addError('至少需要配置一个权限范围'); return false; } // 验证权限依赖关系 if (!$this->validateScopeDependencies($processedScopes)) { return false; } // 验证危险权限 if (!$this->validateDangerousScopes($processedScopes)) { return false; } // 将处理后的权限保存到验证对象中 $this->validation->$processedKey = array_values($processedScopes); return true; } /** * 获取所有有效的权限范围 * * @return array */ protected function getAllValidScopes(): array { $scopes = array_column(SCOPE_TYPE::cases(), 'value'); // 添加特殊权限 $scopes[] = '*'; // 通配符权限 $scopes[] = 'ADMIN'; // 管理员权限 return $scopes; } /** * 验证权限依赖关系 * * @param array $scopes * @return bool */ protected function validateScopeDependencies(array $scopes): bool { // 权限依赖关系 $dependencies = [ 'USER_WRITE' => ['USER_READ'], 'USER_DELETE' => ['USER_READ', 'USER_WRITE'], 'GAME_WRITE' => ['GAME_READ'], 'GAME_ADMIN' => ['GAME_READ', 'GAME_WRITE'], 'ITEM_WRITE' => ['ITEM_READ'], 'ITEM_TRANSFER' => ['ITEM_READ', 'ITEM_WRITE'], 'FUND_WRITE' => ['FUND_READ'], 'FUND_TRANSFER' => ['FUND_READ', 'FUND_WRITE'], 'TRADE_WRITE' => ['TRADE_READ'], 'TRADE_CANCEL' => ['TRADE_READ', 'TRADE_WRITE'], 'STATS_EXPORT' => ['STATS_READ'], 'SYSTEM_ADMIN' => ['SYSTEM_READ'], ]; foreach ($scopes as $scope) { if (isset($dependencies[$scope])) { foreach ($dependencies[$scope] as $dependency) { if (!in_array($dependency, $scopes)) { $this->addError("权限 {$scope} 需要依赖权限 {$dependency}"); return false; } } } } return true; } /** * 验证危险权限 * * @param array $scopes * @return bool */ protected function validateDangerousScopes(array $scopes): bool { $dangerousScopes = [ 'USER_DELETE', 'FUND_TRANSFER', 'TRADE_CANCEL', 'SYSTEM_ADMIN', 'ADMIN', '*' ]; $foundDangerous = array_intersect($scopes, $dangerousScopes); if (!empty($foundDangerous)) { // 这里可以添加额外的验证逻辑，比如需要管理员审批等 // 目前只是记录警告，不阻止创建 foreach ($foundDangerous as $dangerous) { $this->addWarning("权限 {$dangerous} 是高风险权限，请谨慎使用"); } } return true; } }