154 lines
4.6 KiB
PHP
Executable File
154 lines
4.6 KiB
PHP
Executable File
<?php
|
||
|
||
namespace app\project\middleware;
|
||
|
||
use app\common\Model\Project;
|
||
use app\common\Model\ProjectMember;
|
||
use app\common\Model\Task;
|
||
use app\common\Model\TaskStages;
|
||
use think\Request;
|
||
|
||
/**
|
||
* 项目内容操作权限管理
|
||
* Class ProjectAuth
|
||
* @package app\admin\middleware
|
||
*/
|
||
class ProjectAuth
|
||
{
|
||
protected $needAuthActions = [
|
||
'Project/edit',
|
||
'Project/recycle',
|
||
'Project/recovery',
|
||
'Project/archive',
|
||
'Project/recoveryArchive',
|
||
'ProjectMember/inviteMember',
|
||
|
||
'Task/save',
|
||
'Task/taskDone',
|
||
'Task/assignTask',
|
||
'Task/sort',
|
||
'Task/edit',
|
||
'Task/recycle',
|
||
'Task/recovery',
|
||
'Task/recycle',
|
||
'Task/delete',
|
||
|
||
'TaskMember/inviteMember',
|
||
'TaskMember/inviteMemberBatch',
|
||
|
||
'TaskStages/save',
|
||
'TaskStages/sort',
|
||
'TaskStages/edit',
|
||
'TaskStages/delete',
|
||
];
|
||
protected $needVisibleActions = [
|
||
'Project/read',
|
||
'Task/read',
|
||
'TaskStages/index',
|
||
];
|
||
|
||
/**
|
||
* 权限检测
|
||
* 原则上需要获取到项目的code进行判断,所以接口需要传递projectCode或者taskCode来获得项目信息
|
||
* @param Request $request
|
||
* @param \Closure $next
|
||
* @return mixed
|
||
* @throws \think\db\exception\DataNotFoundException
|
||
* @throws \think\db\exception\ModelNotFoundException
|
||
* @throws \think\exception\DbException
|
||
*/
|
||
public function handle($request, \Closure $next)
|
||
{
|
||
$member = getCurrentMember();
|
||
if (!$member) {
|
||
return $next($request);
|
||
}
|
||
list($module, $controller, $action) = [$request->module(), $request->controller(), $request->action()];
|
||
$node = "$controller/$action";
|
||
//方法转小写
|
||
foreach ($this->needAuthActions as &$action) {
|
||
$arr = explode('/', $action);
|
||
$arr[1] = strtolower($arr[1]);
|
||
$action = implode('/', $arr);
|
||
}
|
||
//操作权限
|
||
if (in_array($node, $this->needAuthActions)) {
|
||
$code = $this->getCode();
|
||
if (!$code) {
|
||
// return json(['code' => 404, 'msg' => '资源不存在']);
|
||
}
|
||
if ($code) {
|
||
$result = $this->checkAuth($code);
|
||
if (!$result) {
|
||
return json(['code' => 403, 'msg' => '无权限操作资源,访问被拒绝']);
|
||
}
|
||
}
|
||
}
|
||
//只读权限
|
||
if (in_array($node, $this->needVisibleActions)) {
|
||
$code = $this->getCode();
|
||
if ($code) {
|
||
$info = Project::where(['code' => $code])->field('private')->find();
|
||
if ($info['private']) {
|
||
$result = $this->checkAuth($code);
|
||
if (!$result) {
|
||
return json(['code' => 4031, 'msg' => '无权限操作资源,访问被拒绝']);
|
||
}
|
||
}
|
||
}
|
||
}
|
||
return $next($request);
|
||
}
|
||
|
||
public function getCode()
|
||
{
|
||
$code = \think\facade\Request::param('projectCode');
|
||
if (!$code) {
|
||
$code = \think\facade\Request::param('project_code');
|
||
}
|
||
if (!$code) {
|
||
$taskCode = \think\facade\Request::param('taskCode');
|
||
if (!$taskCode) {
|
||
$taskCode = \think\facade\Request::param('pcode'); // 父任务
|
||
}
|
||
$task = Task::where(['code' => $taskCode])->field('project_code')->find();
|
||
|
||
if ($task) {
|
||
$code = $task['project_code'];
|
||
}
|
||
}
|
||
if (!$code) {
|
||
$taskStageCode = \think\facade\Request::param('stageCode');
|
||
if ($taskStageCode) {
|
||
$taskStage = TaskStages::where(['code' => $taskStageCode])->find();
|
||
if ($taskStage) {
|
||
$code = $taskStage['project_code'];
|
||
}
|
||
}
|
||
}
|
||
return $code;
|
||
}
|
||
|
||
/**
|
||
* 检测操作权限
|
||
* @param $code
|
||
* @return bool
|
||
* @throws \think\db\exception\DataNotFoundException
|
||
* @throws \think\db\exception\ModelNotFoundException
|
||
* @throws \think\exception\DbException
|
||
*/
|
||
public function checkAuth($code)
|
||
{
|
||
$info = Project::where(['code' => $code])->field('private')->find();
|
||
if (!$info) {
|
||
return false;
|
||
}
|
||
$where = ['project_code' => $code, 'member_code' => getCurrentMember()['code']];
|
||
$projectMember = ProjectMember::where($where)->field('id')->find();
|
||
if (!$projectMember) {
|
||
return false;
|
||
}
|
||
return true;
|
||
}
|
||
}
|