后台用户权限问题
This commit is contained in:
@@ -7,8 +7,8 @@
|
||||
// | Author: molong <molong@tensent.cn> <http://www.tensent.cn>
|
||||
// +----------------------------------------------------------------------
|
||||
// 应用公共文件
|
||||
use think\facade\Session;
|
||||
use app\model\Member;
|
||||
use think\facade\Session;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -33,18 +33,23 @@ function form($field = [], $data = []) {
|
||||
* @param array $param 参数
|
||||
* @return mixed
|
||||
*/
|
||||
function ad($name, $param = []){
|
||||
function ad($name, $param = []) {
|
||||
return '';
|
||||
}
|
||||
|
||||
function parse_field_bind(){
|
||||
|
||||
function parse_field_bind() {
|
||||
|
||||
}
|
||||
|
||||
function time_format($value){
|
||||
function time_format($value) {
|
||||
return date('Y-m-d H:i:s', $value);
|
||||
}
|
||||
|
||||
// 不区分大小写的in_array实现
|
||||
function in_array_case($value, $array) {
|
||||
return in_array(strtolower($value), array_map('strtolower', $array));
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取客户端IP地址
|
||||
* @param integer $type 返回类型 0 返回IP地址 1 返回IPV4地址数字
|
||||
@@ -101,10 +106,10 @@ function msubstr($str, $start = 0, $length, $charset = "utf-8", $suffix = true)
|
||||
$slice = '';
|
||||
}
|
||||
} else {
|
||||
$re['utf-8'] = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xff][\x80-\xbf]{3}/";
|
||||
$re['utf-8'] = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xff][\x80-\xbf]{3}/";
|
||||
$re['gb2312'] = "/[\x01-\x7f]|[\xb0-\xf7][\xa0-\xfe]/";
|
||||
$re['gbk'] = "/[\x01-\x7f]|[\x81-\xfe][\x40-\xfe]/";
|
||||
$re['big5'] = "/[\x01-\x7f]|[\x81-\xfe]([\x40-\x7e]|\xa1-\xfe])/";
|
||||
$re['gbk'] = "/[\x01-\x7f]|[\x81-\xfe][\x40-\xfe]/";
|
||||
$re['big5'] = "/[\x01-\x7f]|[\x81-\xfe]([\x40-\x7e]|\xa1-\xfe])/";
|
||||
preg_match_all($re[$charset], $str, $match);
|
||||
$slice = join("", array_slice($match[0], $start, $length));
|
||||
}
|
||||
@@ -156,7 +161,7 @@ function parse_config_attr($string) {
|
||||
$value = array();
|
||||
foreach ($array as $val) {
|
||||
list($k, $v) = explode(':', $val);
|
||||
$value[$k] = $v;
|
||||
$value[$k] = $v;
|
||||
}
|
||||
} else {
|
||||
$value = $array;
|
||||
@@ -222,7 +227,6 @@ function format_bytes($size, $delimiter = '') {
|
||||
return round($size, 2) . $delimiter . $units[$i];
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 获取附件信息
|
||||
* @param int $cover_id
|
||||
@@ -238,7 +242,7 @@ function get_attach($id, $field = false, $is_list = false) {
|
||||
$map[] = ['id', 'IN', explode(",", $id)];
|
||||
$picture = \app\model\Attach::where($map)->column("*", "id");
|
||||
return $picture;
|
||||
}else{
|
||||
} else {
|
||||
$map[] = ['id', '=', $id];
|
||||
$picture = \app\model\Attach::where($map)->find();
|
||||
if ($field == 'path') {
|
||||
|
||||
@@ -8,14 +8,11 @@
|
||||
// +----------------------------------------------------------------------
|
||||
namespace app\controller\admin;
|
||||
|
||||
use app\controller\Base as BaseC;
|
||||
use app\model\Addons;
|
||||
use app\model\AuthGroup;
|
||||
use app\model\Menu;
|
||||
use app\model\Model;
|
||||
use app\model\AuthGroup;
|
||||
use app\model\Addons;
|
||||
use app\model\Form;
|
||||
use app\controller\Base as BaseC;
|
||||
use think\facade\Cache;
|
||||
use think\facade\Route;
|
||||
use think\facade\View;
|
||||
|
||||
class Base extends BaseC {
|
||||
@@ -64,7 +61,7 @@ class Base extends BaseC {
|
||||
$dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限
|
||||
if ($dynamic === null) {
|
||||
//检测访问权限
|
||||
if (!$this->checkRule($this->url_path, array('in', '1,2'))) {
|
||||
if (!$this->checkRule($url, [1,2])) {
|
||||
$this->error('未授权访问!');
|
||||
} else {
|
||||
// 检测分类及内容有关的各项动态权限
|
||||
@@ -80,7 +77,7 @@ class Base extends BaseC {
|
||||
}
|
||||
//菜单设置
|
||||
$this->getMenu();
|
||||
|
||||
|
||||
View::assign('meta_title', isset($this->data['meta_title']) ? $this->data['meta_title'] : $this->getCurrentTitle());
|
||||
}
|
||||
}
|
||||
@@ -95,9 +92,9 @@ class Base extends BaseC {
|
||||
final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') {
|
||||
static $Auth = null;
|
||||
if (!$Auth) {
|
||||
$Auth = new \sent\Auth();
|
||||
$Auth = new \sent\auth\Auth();
|
||||
}
|
||||
if (!$Auth->check($rule, session('user_auth.uid'), $type, $mode)) {
|
||||
if (!$Auth->check($rule, session('userInfo.uid'), $type, $mode)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
@@ -130,9 +127,15 @@ class Base extends BaseC {
|
||||
* @author 朱亚杰 <xcoolcc@gmail.com>
|
||||
*/
|
||||
final protected function accessControl() {
|
||||
$allow = $this->config['allow_visit'];
|
||||
$deny = $this->config['deny_visit'];
|
||||
$check = strtolower($this->request->controller() . '/' . $this->request->action());
|
||||
$allow = [];
|
||||
$deny = [];
|
||||
foreach ($this->config['allow_visit'] as $key => $value) {
|
||||
$allow[] = $value['label'];
|
||||
}
|
||||
foreach ($this->config['deny_visit'] as $key => $value) {
|
||||
$deny[] = $value['label'];
|
||||
}
|
||||
$check = strtolower(str_replace(".", "/", $this->request->controller()) . '/' . $this->request->action());
|
||||
if (!empty($deny) && in_array_case($check, $deny)) {
|
||||
return false; //非超管禁止访问deny中的方法
|
||||
}
|
||||
@@ -160,7 +163,7 @@ class Base extends BaseC {
|
||||
$row = Menu::where($where)->order('sort asc')->field('id,title,url,icon,"" as style')->select();
|
||||
foreach ($row as $key => $value) {
|
||||
//此处用来做权限判断
|
||||
if (!IS_ROOT && !$this->checkRule($value['url'], 2, null)) {
|
||||
if (!IS_ROOT && !$this->checkRule(substr($value['url'], 1), 2, null)) {
|
||||
unset($menu['main'][$value['id']]);
|
||||
continue; //继续循环
|
||||
}
|
||||
@@ -189,7 +192,7 @@ class Base extends BaseC {
|
||||
$map['type'] = 'admin';
|
||||
$row = Menu::field("id,title,url,icon,`group`,pid,'' as style")->where($map)->order('sort asc')->select();
|
||||
foreach ($row as $key => $value) {
|
||||
if (IS_ROOT || $this->checkRule($value['url'], 2, null)) {
|
||||
if (IS_ROOT || $this->checkRule(substr($value['url'], 1), 2, null)) {
|
||||
if ($controller == $value['url']) {
|
||||
$menu['main'][$value['pid']]['style'] = "active";
|
||||
$value['style'] = "active";
|
||||
@@ -214,7 +217,7 @@ class Base extends BaseC {
|
||||
if ('/admin/content/index' == $this->request->url() && input('model_id') == $value['id']) {
|
||||
$value['style'] = "active";
|
||||
}
|
||||
$value['url'] = "/admin/".$value['name']."/index";
|
||||
$value['url'] = "/admin/" . $value['name'] . "/index";
|
||||
$value['title'] = $value['title'] . "管理";
|
||||
$value['icon'] = $value['icon'] ? $value['icon'] : 'file';
|
||||
$menu[] = $value;
|
||||
@@ -236,7 +239,7 @@ class Base extends BaseC {
|
||||
$class = "\\addons\\" . strtolower($value['name']) . "\\controller\\Admin";
|
||||
if (is_file($this->app->getRootPath() . '/addons/' . strtolower($value['name']) . "/controller/Admin.php")) {
|
||||
$action = get_class_methods($class);
|
||||
$value['url'] = "/addons/".$value['name']."/admin/" . $action[0];
|
||||
$value['url'] = "/addons/" . $value['name'] . "/admin/" . $action[0];
|
||||
$menu[$key] = $value;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user