87 lines
3.2 KiB
PHP
87 lines
3.2 KiB
PHP
<?php
|
|
declare (strict_types = 1);
|
|
|
|
namespace app\admin\middleware;
|
|
|
|
use think\facade\Cache;
|
|
use think\facade\Db;
|
|
use think\facade\Session;
|
|
|
|
class Auth
|
|
{
|
|
public function handle($request, \Closure $next)
|
|
{
|
|
//获取模块名称
|
|
$controller = app('http')->getName();
|
|
$pathInfo = str_replace('.' . $request->ext(), '', $request->pathInfo());
|
|
$action = explode('/', $pathInfo)[0];
|
|
// var_dump($pathInfo);
|
|
//验证用户登录
|
|
if ($action !== 'login') {
|
|
$session_admin = get_config('app.session_admin');
|
|
if (!Session::has($session_admin)) {
|
|
return $request->isAjax() ? to_assign(404, '请先登录') : redirect((string) url('/admin/login/index'));
|
|
}
|
|
|
|
// 验证用户访问权限
|
|
if ($action !== 'index' && $action !== 'api') {
|
|
if (!$this->checkAuth($controller, $pathInfo, $action, Session::get($session_admin)['id'])) {
|
|
return $request->isAjax() ? to_assign(202, '你没有权限!') : redirect((string) url('/admin/login/errorshow'));
|
|
}
|
|
}
|
|
}
|
|
return $next($request);
|
|
}
|
|
|
|
/**
|
|
* 验证用户访问权限
|
|
* @DateTime 2020-12-21
|
|
* @param string $controller 当前访问控制器
|
|
* @param string $action 当前访问方法
|
|
* @param string $uid 当前用户id
|
|
* @return [type]
|
|
*/
|
|
protected function checkAuth($controller, $pathInfo, $action, $uid)
|
|
{
|
|
Cache::delete('RulesSrc' . $uid);
|
|
if ($uid == 8) {
|
|
// id=1的管理员默认拥有所有权限
|
|
return true;
|
|
} else {
|
|
if (!Cache::get('RulesSrc' . $uid)) {
|
|
//用户所在权限组及所拥有的权限
|
|
// 执行查询
|
|
$user_groups = Db::name('admin_group_access')
|
|
->alias('a')
|
|
->join("admin_group w", "a.group_id=w.id", 'LEFT')
|
|
->where("a.uid='{$uid}' and w.status='1'")
|
|
->select()
|
|
->toArray();
|
|
$groups = $user_groups ?: [];
|
|
|
|
$ids = []; //保存用户所属用户组设置的所有权限规则id
|
|
foreach ($groups as $g) {
|
|
$ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
|
|
}
|
|
$ids = array_unique($ids);
|
|
//读取用户组所有权限规则
|
|
$rules = Db::name('admin_rule')->where('id', 'in', $ids)->field('src')->select();
|
|
//循环规则,判断结果。
|
|
$authList = []; //
|
|
foreach ($rules as $rule) {
|
|
//只要存在就记录
|
|
$authList[] = strtolower($rule['src']);
|
|
}
|
|
//规则列表结果保存到Cache
|
|
Cache::tag('adminRules')->set('RulesSrc' . $uid, $authList, 36000);
|
|
} else {
|
|
$authList = Cache::get('RulesSrc' . $uid);
|
|
}
|
|
if (!in_array((string) $controller . '/' . $pathInfo, $authList)) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
}
|
|
}
|