molong/sentcms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

后台用户权限问题

Browse Source
This commit is contained in:
tensent
2020-04-20 15:31:04 +08:00
parent 13641e34b7
commit 9a3adcde88
2 changed files with 35 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/common.php
View File

@@ -7,8 +7,8 @@
// | Author: molong <molong@tensent.cn> <http://www.tensent.cn> // | Author: molong <molong@tensent.cn> <http://www.tensent.cn>
// +---------------------------------------------------------------------- // +----------------------------------------------------------------------
// 应用公共文件 // 应用公共文件
use think\facade\Session;
use app\model\Member; use app\model\Member;
use think\facade\Session;
/** /**
* *
@@ -33,18 +33,23 @@ function form($field = [], $data = []) {
* @param array $param 参数 * @param array $param 参数
* @return mixed * @return mixed
*/ */
function ad($name, $param = []){ function ad($name, $param = []) {
return ''; return '';
} }
function parse_field_bind(){ function parse_field_bind() {
} }
function time_format($value){ function time_format($value) {
return date('Y-m-d H:i:s', $value); return date('Y-m-d H:i:s', $value);
} }
// 不区分大小写的in_array实现
function in_array_case($value, $array) {
return in_array(strtolower($value), array_map('strtolower', $array));
}
/** /**
* 获取客户端IP地址 * 获取客户端IP地址
* @param integer $type 返回类型 0 返回IP地址 1 返回IPV4地址数字 * @param integer $type 返回类型 0 返回IP地址 1 返回IPV4地址数字
@@ -101,10 +106,10 @@ function msubstr($str, $start = 0, $length, $charset = "utf-8", $suffix = true)
$slice = ''; $slice = '';
} }
} else { } else {
$re['utf-8'] = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xff][\x80-\xbf]{3}/"; $re['utf-8'] = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xff][\x80-\xbf]{3}/";
$re['gb2312'] = "/[\x01-\x7f]|[\xb0-\xf7][\xa0-\xfe]/"; $re['gb2312'] = "/[\x01-\x7f]|[\xb0-\xf7][\xa0-\xfe]/";
$re['gbk'] = "/[\x01-\x7f]|[\x81-\xfe][\x40-\xfe]/"; $re['gbk'] = "/[\x01-\x7f]|[\x81-\xfe][\x40-\xfe]/";
$re['big5'] = "/[\x01-\x7f]|[\x81-\xfe]([\x40-\x7e]|\xa1-\xfe])/"; $re['big5'] = "/[\x01-\x7f]|[\x81-\xfe]([\x40-\x7e]|\xa1-\xfe])/";
preg_match_all($re[$charset], $str, $match); preg_match_all($re[$charset], $str, $match);
$slice = join("", array_slice($match[0], $start, $length)); $slice = join("", array_slice($match[0], $start, $length));
} }
@@ -156,7 +161,7 @@ function parse_config_attr($string) {
$value = array(); $value = array();
foreach ($array as $val) { foreach ($array as $val) {
list($k, $v) = explode(':', $val); list($k, $v) = explode(':', $val);
$value[$k] = $v; $value[$k] = $v;
} }
} else { } else {
$value = $array; $value = $array;
@@ -222,7 +227,6 @@ function format_bytes($size, $delimiter = '') {
return round($size, 2) . $delimiter . $units[$i]; return round($size, 2) . $delimiter . $units[$i];
} }
/** /**
* 获取附件信息 * 获取附件信息
* @param int $cover_id * @param int $cover_id
@@ -238,7 +242,7 @@ function get_attach($id, $field = false, $is_list = false) {
$map[] = ['id', 'IN', explode(",", $id)]; $map[] = ['id', 'IN', explode(",", $id)];
$picture = \app\model\Attach::where($map)->column("*", "id"); $picture = \app\model\Attach::where($map)->column("*", "id");
return $picture; return $picture;
}else{ } else {
$map[] = ['id', '=', $id]; $map[] = ['id', '=', $id];
$picture = \app\model\Attach::where($map)->find(); $picture = \app\model\Attach::where($map)->find();
if ($field == 'path') { if ($field == 'path') {

37
app/controller/admin/Base.php
View File

@@ -8,14 +8,11 @@
// +---------------------------------------------------------------------- // +----------------------------------------------------------------------
namespace app\controller\admin; namespace app\controller\admin;
use app\controller\Base as BaseC;
use app\model\Addons;
use app\model\AuthGroup;
use app\model\Menu; use app\model\Menu;
use app\model\Model; use app\model\Model;
use app\model\AuthGroup;
use app\model\Addons;
use app\model\Form;
use app\controller\Base as BaseC;
use think\facade\Cache;
use think\facade\Route;
use think\facade\View; use think\facade\View;
class Base extends BaseC { class Base extends BaseC {
@@ -64,7 +61,7 @@ class Base extends BaseC {
$dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限 $dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限
if ($dynamic === null) { if ($dynamic === null) {
//检测访问权限 //检测访问权限
if (!$this->checkRule($this->url_path, array('in', '1,2'))) { if (!$this->checkRule($url, [1,2])) {
$this->error('未授权访问!'); $this->error('未授权访问!');
} else { } else {
// 检测分类及内容有关的各项动态权限 // 检测分类及内容有关的各项动态权限
@@ -80,7 +77,7 @@ class Base extends BaseC {
} }
//菜单设置 //菜单设置
$this->getMenu(); $this->getMenu();
View::assign('meta_title', isset($this->data['meta_title']) ? $this->data['meta_title'] : $this->getCurrentTitle()); View::assign('meta_title', isset($this->data['meta_title']) ? $this->data['meta_title'] : $this->getCurrentTitle());
} }
} }
@@ -95,9 +92,9 @@ class Base extends BaseC {
final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') { final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') {
static $Auth = null; static $Auth = null;
if (!$Auth) { if (!$Auth) {
$Auth = new \sent\Auth(); $Auth = new \sent\auth\Auth();
} }
if (!$Auth->check($rule, session('user_auth.uid'), $type, $mode)) { if (!$Auth->check($rule, session('userInfo.uid'), $type, $mode)) {
return false; return false;
} }
return true; return true;
@@ -130,9 +127,15 @@ class Base extends BaseC {
* @author 朱亚杰 <xcoolcc@gmail.com> * @author 朱亚杰 <xcoolcc@gmail.com>
*/ */
final protected function accessControl() { final protected function accessControl() {
$allow = $this->config['allow_visit']; $allow = [];
$deny = $this->config['deny_visit']; $deny = [];
$check = strtolower($this->request->controller() . '/' . $this->request->action()); foreach ($this->config['allow_visit'] as $key => $value) {
$allow[] = $value['label'];
}
foreach ($this->config['deny_visit'] as $key => $value) {
$deny[] = $value['label'];
}
$check = strtolower(str_replace(".", "/", $this->request->controller()) . '/' . $this->request->action());
if (!empty($deny) && in_array_case($check, $deny)) { if (!empty($deny) && in_array_case($check, $deny)) {
return false; //非超管禁止访问deny中的方法 return false; //非超管禁止访问deny中的方法
} }
@@ -160,7 +163,7 @@ class Base extends BaseC {
$row = Menu::where($where)->order('sort asc')->field('id,title,url,icon,"" as style')->select(); $row = Menu::where($where)->order('sort asc')->field('id,title,url,icon,"" as style')->select();
foreach ($row as $key => $value) { foreach ($row as $key => $value) {
//此处用来做权限判断 //此处用来做权限判断
if (!IS_ROOT && !$this->checkRule($value['url'], 2, null)) { if (!IS_ROOT && !$this->checkRule(substr($value['url'], 1), 2, null)) {
unset($menu['main'][$value['id']]); unset($menu['main'][$value['id']]);
continue; //继续循环 continue; //继续循环
} }
@@ -189,7 +192,7 @@ class Base extends BaseC {
$map['type'] = 'admin'; $map['type'] = 'admin';
$row = Menu::field("id,title,url,icon,`group`,pid,'' as style")->where($map)->order('sort asc')->select(); $row = Menu::field("id,title,url,icon,`group`,pid,'' as style")->where($map)->order('sort asc')->select();
foreach ($row as $key => $value) { foreach ($row as $key => $value) {
if (IS_ROOT || $this->checkRule($value['url'], 2, null)) { if (IS_ROOT || $this->checkRule(substr($value['url'], 1), 2, null)) {
if ($controller == $value['url']) { if ($controller == $value['url']) {
$menu['main'][$value['pid']]['style'] = "active"; $menu['main'][$value['pid']]['style'] = "active";
$value['style'] = "active"; $value['style'] = "active";
@@ -214,7 +217,7 @@ class Base extends BaseC {
if ('/admin/content/index' == $this->request->url() && input('model_id') == $value['id']) { if ('/admin/content/index' == $this->request->url() && input('model_id') == $value['id']) {
$value['style'] = "active"; $value['style'] = "active";
} }
$value['url'] = "/admin/".$value['name']."/index"; $value['url'] = "/admin/" . $value['name'] . "/index";
$value['title'] = $value['title'] . "管理"; $value['title'] = $value['title'] . "管理";
$value['icon'] = $value['icon'] ? $value['icon'] : 'file'; $value['icon'] = $value['icon'] ? $value['icon'] : 'file';
$menu[] = $value; $menu[] = $value;
@@ -236,7 +239,7 @@ class Base extends BaseC {
$class = "\\addons\\" . strtolower($value['name']) . "\\controller\\Admin"; $class = "\\addons\\" . strtolower($value['name']) . "\\controller\\Admin";
if (is_file($this->app->getRootPath() . '/addons/' . strtolower($value['name']) . "/controller/Admin.php")) { if (is_file($this->app->getRootPath() . '/addons/' . strtolower($value['name']) . "/controller/Admin.php")) {
$action = get_class_methods($class); $action = get_class_methods($class);
$value['url'] = "/addons/".$value['name']."/admin/" . $action[0]; $value['url'] = "/addons/" . $value['name'] . "/admin/" . $action[0];
$menu[$key] = $value; $menu[$key] = $value;
} }
} }