molong/sentcms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5c320206fb5f48dd789295d656a8490e1ea475ab
sentcms/app/controller/Admin.php
tensent 5c320206fb auth
2020-02-16 10:49:43 +08:00

148 lines
4.2 KiB
PHP
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// +----------------------------------------------------------------------
// | SentCMS [ WE CAN DO IT JUST THINK IT ]
// +----------------------------------------------------------------------
// | Copyright (c) 2013 http://www.tensent.cn All rights reserved.
// +----------------------------------------------------------------------
// | Author: molong <molong@tensent.cn> <http://www.tensent.cn>
// +----------------------------------------------------------------------
namespace app\controller;
use app\BaseController;
use sent\auth\Auth;
use think\facade\Cache;
use think\facade\Config;
/**
* @title 后端公共模块
*/
class Admin extends BaseController {
protected $middleware = [
'\app\http\middleware\Validate',
'\app\http\middleware\Admin',
];
protected $data = ['data' => [], 'code' => 0, 'msg' => ''];
protected function initialize() {
$config = Cache::get('system_config');
if (!$config) {
$config = (new \app\model\Config())->lists();
Cache::set('system_config', $config);
}
$this->data['config'] = $config;
}
protected function success($msg, $url = '') {
$this->data['code'] = 0;
$this->data['msg'] = $msg;
$this->data['url'] = $url ? $url->__toString() : '';
return $this->data;
}
protected function error($msg, $url = '') {
$this->data['code'] = 1;
$this->data['msg'] = $msg;
$this->data['url'] = $url ? $url->__toString() : '';
return $this->data;
}
/**
* 授权配置
* @param [type] $request [description]
* @return [type] [description]
*/
protected function auth($request) {
// 是否是超级管理员
define('IS_ROOT', is_administrator());
if (!IS_ROOT && Config::get('admin_allow_ip')) {
// 检查IP地址访问
if (!in_array(get_client_ip(), explode(',', Config::get('admin_allow_ip')))) {
$this->error('403:禁止访问');
}
}
// 检测系统权限
if (!IS_ROOT) {
$access = $this->accessControl();
if (false === $access) {
$this->error('403:禁止访问');
} elseif (null === $access) {
$dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限
if ($dynamic === null) {
//检测访问权限
if (!$this->checkRule($this->url_path, array('in', '1,2'))) {
$this->error('未授权访问!');
} else {
// 检测分类及内容有关的各项动态权限
$dynamic = $this->checkDynamic();
if (false === $dynamic) {
$this->error('未授权访问!');
}
}
} elseif ($dynamic === false) {
$this->error('未授权访问!');
}
}
}
}
/**
* 权限检测
* @param string $rule 检测的规则
* @param string $mode check模式
* @return boolean
* @author 朱亚杰 <xcoolcc@gmail.com>
*/
final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') {
static $Auth = null;
if (!$Auth) {
$Auth = new Auth();
}
if (!$Auth->check($rule, session('user_auth.uid'), $type, $mode)) {
return false;
}
return true;
}
/**
* 检测是否是需要动态判断的权限
* @return boolean|null
* 返回true则表示当前访问有权限
* 返回false则表示当前访问无权限
* 返回null则表示权限不明
*
* @author 朱亚杰 <xcoolcc@gmail.com>
*/
protected function checkDynamic() {
if (IS_ROOT) {
return true; //管理员允许访问任何页面
}
return null; //不明,需checkRule
}
/**
* action访问控制,在 **登陆成功** 后执行的第一项权限检测任务
*
* @return boolean|null 返回值必须使用 `===` 进行判断
*
* 返回 **false**, 不允许任何人访问(超管除外)
* 返回 **true**, 允许任何管理员访问,无需执行节点权限检测
* 返回 **null**, 需要继续执行节点权限检测决定是否允许访问
* @author 朱亚杰 <xcoolcc@gmail.com>
*/
final protected function accessControl() {
$allow = Config::get('allow_visit');
$deny = Config::get('deny_visit');
$check = strtolower($this->request->controller() . '/' . $this->request->action());
if (!empty($deny) && in_array_case($check, $deny)) {
return false; //非超管禁止访问deny中的方法
}
if (!empty($allow) && in_array_case($check, $allow)) {
return true;
}
return null; //需要检测节点权限
}
}
Reference in New Issue View Git Blame Copy Permalink