mirror of
https://gitee.com/apiadmin/ApiAdmin.git
synced 2025-10-14 03:22:12 +08:00
Pre Merge pull request !13 from unset/master
This commit is contained in:
unset
commit
145ea151d8
@ -1,6 +1,14 @@
|
|||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* 处理后台接口请求权限
|
* 处理后台接口请求权限
|
||||||
|
* ==============
|
||||||
|
* 更新说明:最大兼容性的升级权限功能,无须改动数据库,
|
||||||
|
* 在原先的节点验证上增加了参数验证,实现更灵活的权限管理!
|
||||||
|
* 如何使用:在填写权限节点的时候只需要在其后加入'?a=1&b=2'格式的参数,
|
||||||
|
* 例如:只能获取栏目id为2的获取栏目列表,则权限节点需要这样填写:admin/News/getList?id=2
|
||||||
|
* 如果只能获取该栏目下状态为3的类别,需要这样填写:admin/News/getList?id=2&status=3
|
||||||
|
* Update By unset 193344396@qq.com
|
||||||
|
* ===================================
|
||||||
* @since 2017-07-25
|
* @since 2017-07-25
|
||||||
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
* @author zhaoxiang <zhaoxiang051405@gmail.com>
|
||||||
*/
|
*/
|
||||||
@ -27,12 +35,12 @@ class ApiPermission {
|
|||||||
*/
|
*/
|
||||||
public function run() {
|
public function run() {
|
||||||
$request = Request::instance();
|
$request = Request::instance();
|
||||||
$route = $request->routeInfo();
|
$route = $request->param();
|
||||||
$header = config('apiAdmin.CROSS_DOMAIN');
|
$header = config('apiAdmin.CROSS_DOMAIN');
|
||||||
$ApiAuth = $request->header('ApiAuth', '');
|
$ApiAuth = $request->header('ApiAuth', '');
|
||||||
$userInfo = cache('Login:' . $ApiAuth);
|
$userInfo = cache('Login:' . $ApiAuth);
|
||||||
$userInfo = json_decode($userInfo, true);
|
$userInfo = json_decode($userInfo, true);
|
||||||
if (!$this->checkAuth($userInfo['id'], $route['route'])) {
|
if (!$this->checkAuth($userInfo['id'], $route)) {
|
||||||
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限这么做!', 'data' => []];
|
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限这么做!', 'data' => []];
|
||||||
|
|
||||||
return json($data, 200, $header);
|
return json($data, 200, $header);
|
||||||
@ -52,9 +60,23 @@ class ApiPermission {
|
|||||||
private function checkAuth($uid, $route) {
|
private function checkAuth($uid, $route) {
|
||||||
$isSupper = Tools::isAdministrator($uid);
|
$isSupper = Tools::isAdministrator($uid);
|
||||||
if (!$isSupper) {
|
if (!$isSupper) {
|
||||||
|
$keys = array_keys($route);
|
||||||
$rules = $this->getAuth($uid);
|
$rules = $this->getAuth($uid);
|
||||||
|
$baseUrl = $keys[0];
|
||||||
return in_array($route, $rules);
|
if(isset($rules[$baseUrl])){
|
||||||
|
if($rules[$baseUrl]['all']==1){
|
||||||
|
return true;
|
||||||
|
}else{
|
||||||
|
$intersect = array_intersect_assoc($route,$rules[$baseUrl]['query']);
|
||||||
|
if(sizeof(array_diff_assoc($rules[$baseUrl]['query'],$intersect))==0){
|
||||||
|
return true;
|
||||||
|
}else{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -79,14 +101,21 @@ class ApiPermission {
|
|||||||
foreach ($openGroup as $group) {
|
foreach ($openGroup as $group) {
|
||||||
$openGroupArr[] = $group->id;
|
$openGroupArr[] = $group->id;
|
||||||
}
|
}
|
||||||
$allRules = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->select();
|
$allRulesUrl = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->column('url');
|
||||||
if (isset($allRules)) {
|
if (isset($allRulesUrl)) {
|
||||||
$rules = [];
|
$rules = [];
|
||||||
foreach ($allRules as $rule) {
|
foreach ($allRulesUrl as $rule) {
|
||||||
$rules[] = $rule->url;
|
$query = parse_url($rule);
|
||||||
|
$route = '/'.$query['path'];
|
||||||
|
if(!isset($query['query'])){
|
||||||
|
$rules[$route]['all'] = 1;
|
||||||
|
}else{
|
||||||
|
parse_str($query['query'],$query_arr);
|
||||||
|
$rules[$route]['all'] = 0;
|
||||||
|
$rules[$route]['query'] = $query_arr;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
$rules = array_unique($rules);
|
$rules = array_unique($rules);
|
||||||
|
|
||||||
return $rules;
|
return $rules;
|
||||||
} else {
|
} else {
|
||||||
return [];
|
return [];
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user