后台用户权限问题

app/controller/admin/Base.php

@@ -8,14 +8,11 @@
 // +----------------------------------------------------------------------
 namespace app\controller\admin;
 
+use app\controller\Base as BaseC;
+use app\model\Addons;
+use app\model\AuthGroup;
 use app\model\Menu;
 use app\model\Model;
-use app\model\AuthGroup;
-use app\model\Addons;
-use app\model\Form;
-use app\controller\Base as BaseC;
-use think\facade\Cache;
-use think\facade\Route;
 use think\facade\View;
 
 class Base extends BaseC {
@@ -64,7 +61,7 @@ class Base extends BaseC {
 					$dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限
 					if ($dynamic === null) {
 						//检测访问权限
-						if (!$this->checkRule($this->url_path, array('in', '1,2'))) {
+						if (!$this->checkRule($url, [1,2])) {
 							$this->error('未授权访问!');
 						} else {
 							// 检测分类及内容有关的各项动态权限
@@ -80,7 +77,7 @@ class Base extends BaseC {
 			}
 			//菜单设置
 			$this->getMenu();
-			
+
 			View::assign('meta_title', isset($this->data['meta_title']) ? $this->data['meta_title'] : $this->getCurrentTitle());
 		}
 	}
@@ -95,9 +92,9 @@ class Base extends BaseC {
 	final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') {
 		static $Auth = null;
 		if (!$Auth) {
-			$Auth = new \sent\Auth();
+			$Auth = new \sent\auth\Auth();
 		}
-		if (!$Auth->check($rule, session('user_auth.uid'), $type, $mode)) {
+		if (!$Auth->check($rule, session('userInfo.uid'), $type, $mode)) {
 			return false;
 		}
 		return true;
@@ -130,9 +127,15 @@ class Base extends BaseC {
 	 * @author 朱亚杰  <xcoolcc@gmail.com>
 	 */
 	final protected function accessControl() {
-		$allow = $this->config['allow_visit'];
-		$deny = $this->config['deny_visit'];
-		$check = strtolower($this->request->controller() . '/' . $this->request->action());
+		$allow = [];
+		$deny = [];
+		foreach ($this->config['allow_visit'] as $key => $value) {
+			$allow[] = $value['label'];
+		}
+		foreach ($this->config['deny_visit'] as $key => $value) {
+			$deny[] = $value['label'];
+		}
+		$check = strtolower(str_replace(".", "/", $this->request->controller()) . '/' . $this->request->action());
 		if (!empty($deny) && in_array_case($check, $deny)) {
 			return false; //非超管禁止访问deny中的方法
 		}
@@ -160,7 +163,7 @@ class Base extends BaseC {
 		$row = Menu::where($where)->order('sort asc')->field('id,title,url,icon,"" as style')->select();
 		foreach ($row as $key => $value) {
 			//此处用来做权限判断
-			if (!IS_ROOT && !$this->checkRule($value['url'], 2, null)) {
+			if (!IS_ROOT && !$this->checkRule(substr($value['url'], 1), 2, null)) {
 				unset($menu['main'][$value['id']]);
 				continue; //继续循环
 			}
@@ -189,7 +192,7 @@ class Base extends BaseC {
 			$map['type'] = 'admin';
 			$row = Menu::field("id,title,url,icon,`group`,pid,'' as style")->where($map)->order('sort asc')->select();
 			foreach ($row as $key => $value) {
-				if (IS_ROOT || $this->checkRule($value['url'], 2, null)) {
+				if (IS_ROOT || $this->checkRule(substr($value['url'], 1), 2, null)) {
 					if ($controller == $value['url']) {
 						$menu['main'][$value['pid']]['style'] = "active";
 						$value['style'] = "active";
@@ -214,7 +217,7 @@ class Base extends BaseC {
 				if ('/admin/content/index' == $this->request->url() && input('model_id') == $value['id']) {
 					$value['style'] = "active";
 				}
-				$value['url'] = "/admin/".$value['name']."/index";
+				$value['url'] = "/admin/" . $value['name'] . "/index";
 				$value['title'] = $value['title'] . "管理";
 				$value['icon'] = $value['icon'] ? $value['icon'] : 'file';
 				$menu[] = $value;
@@ -236,7 +239,7 @@ class Base extends BaseC {
 			$class = "\\addons\\" . strtolower($value['name']) . "\\controller\\Admin";
 			if (is_file($this->app->getRootPath() . '/addons/' . strtolower($value['name']) . "/controller/Admin.php")) {
 				$action = get_class_methods($class);
-				$value['url'] = "/addons/".$value['name']."/admin/" . $action[0];
+				$value['url'] = "/addons/" . $value['name'] . "/admin/" . $action[0];
 				$menu[$key] = $value;
 			}
 		}