148 lines
4.2 KiB
PHP
148 lines
4.2 KiB
PHP
<?php
|
|
// +----------------------------------------------------------------------
|
|
// | SentCMS [ WE CAN DO IT JUST THINK IT ]
|
|
// +----------------------------------------------------------------------
|
|
// | Copyright (c) 2013 http://www.tensent.cn All rights reserved.
|
|
// +----------------------------------------------------------------------
|
|
// | Author: molong <molong@tensent.cn> <http://www.tensent.cn>
|
|
// +----------------------------------------------------------------------
|
|
namespace app\controller;
|
|
|
|
use app\BaseController;
|
|
use sent\auth\Auth;
|
|
use think\facade\Cache;
|
|
use think\facade\Config;
|
|
|
|
/**
|
|
* @title 后端公共模块
|
|
*/
|
|
class Admin extends BaseController {
|
|
|
|
protected $middleware = [
|
|
'\app\http\middleware\Validate',
|
|
'\app\http\middleware\Admin',
|
|
];
|
|
|
|
protected $data = ['data' => [], 'code' => 0, 'msg' => ''];
|
|
|
|
protected function initialize() {
|
|
$config = Cache::get('system_config');
|
|
if (!$config) {
|
|
$config = (new \app\model\Config())->lists();
|
|
Cache::set('system_config', $config);
|
|
}
|
|
$this->data['config'] = $config;
|
|
}
|
|
|
|
protected function success($msg, $url = '') {
|
|
$this->data['code'] = 0;
|
|
$this->data['msg'] = $msg;
|
|
$this->data['url'] = $url ? $url->__toString() : '';
|
|
return $this->data;
|
|
}
|
|
|
|
protected function error($msg, $url = '') {
|
|
$this->data['code'] = 1;
|
|
$this->data['msg'] = $msg;
|
|
$this->data['url'] = $url ? $url->__toString() : '';
|
|
return $this->data;
|
|
}
|
|
|
|
/**
|
|
* 授权配置
|
|
* @param [type] $request [description]
|
|
* @return [type] [description]
|
|
*/
|
|
protected function auth($request) {
|
|
// 是否是超级管理员
|
|
define('IS_ROOT', is_administrator());
|
|
if (!IS_ROOT && Config::get('admin_allow_ip')) {
|
|
// 检查IP地址访问
|
|
if (!in_array(get_client_ip(), explode(',', Config::get('admin_allow_ip')))) {
|
|
$this->error('403:禁止访问');
|
|
}
|
|
}
|
|
|
|
// 检测系统权限
|
|
if (!IS_ROOT) {
|
|
$access = $this->accessControl();
|
|
if (false === $access) {
|
|
$this->error('403:禁止访问');
|
|
} elseif (null === $access) {
|
|
$dynamic = $this->checkDynamic(); //检测分类栏目有关的各项动态权限
|
|
if ($dynamic === null) {
|
|
//检测访问权限
|
|
if (!$this->checkRule($this->url_path, array('in', '1,2'))) {
|
|
$this->error('未授权访问!');
|
|
} else {
|
|
// 检测分类及内容有关的各项动态权限
|
|
$dynamic = $this->checkDynamic();
|
|
if (false === $dynamic) {
|
|
$this->error('未授权访问!');
|
|
}
|
|
}
|
|
} elseif ($dynamic === false) {
|
|
$this->error('未授权访问!');
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* 权限检测
|
|
* @param string $rule 检测的规则
|
|
* @param string $mode check模式
|
|
* @return boolean
|
|
* @author 朱亚杰 <xcoolcc@gmail.com>
|
|
*/
|
|
final protected function checkRule($rule, $type = AuthRule::rule_url, $mode = 'url') {
|
|
static $Auth = null;
|
|
if (!$Auth) {
|
|
$Auth = new Auth();
|
|
}
|
|
if (!$Auth->check($rule, session('user_auth.uid'), $type, $mode)) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* 检测是否是需要动态判断的权限
|
|
* @return boolean|null
|
|
* 返回true则表示当前访问有权限
|
|
* 返回false则表示当前访问无权限
|
|
* 返回null,则表示权限不明
|
|
*
|
|
* @author 朱亚杰 <xcoolcc@gmail.com>
|
|
*/
|
|
protected function checkDynamic() {
|
|
if (IS_ROOT) {
|
|
return true; //管理员允许访问任何页面
|
|
}
|
|
return null; //不明,需checkRule
|
|
}
|
|
|
|
/**
|
|
* action访问控制,在 **登陆成功** 后执行的第一项权限检测任务
|
|
*
|
|
* @return boolean|null 返回值必须使用 `===` 进行判断
|
|
*
|
|
* 返回 **false**, 不允许任何人访问(超管除外)
|
|
* 返回 **true**, 允许任何管理员访问,无需执行节点权限检测
|
|
* 返回 **null**, 需要继续执行节点权限检测决定是否允许访问
|
|
* @author 朱亚杰 <xcoolcc@gmail.com>
|
|
*/
|
|
final protected function accessControl() {
|
|
$allow = Config::get('allow_visit');
|
|
$deny = Config::get('deny_visit');
|
|
$check = strtolower($this->request->controller() . '/' . $this->request->action());
|
|
if (!empty($deny) && in_array_case($check, $deny)) {
|
|
return false; //非超管禁止访问deny中的方法
|
|
}
|
|
if (!empty($allow) && in_array_case($check, $allow)) {
|
|
return true;
|
|
}
|
|
return null; //需要检测节点权限
|
|
}
|
|
}
|