diff --git a/application/admin/behavior/ApiPermission.php b/application/admin/behavior/ApiPermission.php index c7ebf9f..8ece779 100644 --- a/application/admin/behavior/ApiPermission.php +++ b/application/admin/behavior/ApiPermission.php @@ -1,6 +1,6 @@ */ @@ -8,20 +8,95 @@ namespace app\admin\behavior; +use app\model\ApiAuthGroup; +use app\model\ApiAuthGroupAccess; +use app\model\ApiAuthRule; +use app\util\ReturnCode; +use app\util\Tools; use think\Request; class ApiPermission { /** - * 默认行为函数 - * @author zhaoxiang - * @return \think\Request + * 用户权限检测 + * @return \think\response\Json + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException * @throws \think\exception\DbException + * @author zhaoxiang */ public function run() { $request = Request::instance(); $route = $request->routeInfo(); - $route = $route['route']; + $header = config('apiAdmin.CROSS_DOMAIN'); + $userToken = $request->header('Authorization', ''); + $userInfo = cache($userToken); + $userInfo = json_decode($userInfo, true); + if (!$this->checkAuth($userInfo['id'], $route['route'])) { + $data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限怎么做!', 'data' => []]; + + return json($data, 200, $header); + } + } + + /** + * 检测用户权限 + * @param $uid + * @param $route + * @return bool + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + private function checkAuth($uid, $route) { + $isSupper = Tools::isAdministrator($uid); + if (!$isSupper) { + $rules = $this->getAuth($uid); + + return in_array($route, $rules); + } else { + return true; + } + + } + + /** + * 根据用户ID获取全部权限节点 + * @param $uid + * @return array + * @throws \think\db\exception\DataNotFoundException + * @throws \think\db\exception\ModelNotFoundException + * @throws \think\exception\DbException + * @author zhaoxiang + */ + private function getAuth($uid) { + $groups = ApiAuthGroupAccess::get(['uid' => $uid]); + if (isset($groups) && $groups->groupId) { + $openGroup = (new ApiAuthGroup())->whereIn('id', $groups->groupId)->where(['status' => 1])->select(); + if (isset($openGroup)) { + $openGroupArr = []; + foreach ($openGroup as $group) { + $openGroupArr[] = $group->id; + } + $allRules = (new ApiAuthRule())->whereIn('groupId', $openGroupArr)->select(); + if (isset($allRules)) { + $rules = []; + foreach ($allRules as $rule) { + $rules[] = $rule->url; + } + $rules = array_unique($rules); + + return $rules; + } else { + return []; + } + } else { + return []; + } + } else { + return []; + } } diff --git a/application/admin/controller/Menu.php b/application/admin/controller/Menu.php index de7e865..7c7f4a6 100644 --- a/application/admin/controller/Menu.php +++ b/application/admin/controller/Menu.php @@ -20,7 +20,7 @@ class Menu extends Base { * @author zhaoxiang */ public function index() { - $list = (new ApiMenu)->where([])->order('sort', 'DESC')->select(); + $list = (new ApiMenu)->where([])->order('sort', 'ASC')->select(); $list = $this->buildArrFromObj($list); $list = formatTree(listToTree($list)); @@ -73,6 +73,9 @@ class Menu extends Base { */ public function edit() { $postData = $this->request->post(); + if ($postData['url']) { + $postData['url'] = 'admin/' . $postData['url']; + } $res = ApiMenu::update($postData); if ($res === false) { return $this->buildFailed(ReturnCode::DB_SAVE_ERROR, '操作失败'); diff --git a/application/extra/apiAdmin.php b/application/extra/apiAdmin.php index 97dc29b..5449beb 100644 --- a/application/extra/apiAdmin.php +++ b/application/extra/apiAdmin.php @@ -14,7 +14,7 @@ return [ 'APP_NAME' => 'ApiAdmin', //鉴权相关 - 'USER_ADMINISTRATOR' => [1, 2], + 'USER_ADMINISTRATOR' => [1], //安全秘钥 'AUTH_KEY' => 'I&TC{pft>L,C`wFQ>&#ROW>k{Kxlt1>ryW(>r<#R', diff --git a/application/util/Tools.php b/application/util/Tools.php index 722bb4e..103dd88 100644 --- a/application/util/Tools.php +++ b/application/util/Tools.php @@ -26,6 +26,13 @@ class Tools { } } + /** + * 二次封装的密码加密 + * @param $str + * @param string $auth_key + * @return string + * @author zhaoxiang + */ public static function userMd5($str, $auth_key = '') { if (!$auth_key) { $auth_key = config('apiAdmin.AUTH_KEY'); @@ -34,4 +41,39 @@ class Tools { return '' === $str ? '' : md5(sha1($str) . $auth_key); } -} \ No newline at end of file + /** + * 判断当前用户是否是超级管理员 + * @param string $uid + * @return bool + * @author zhaoxiang + */ + public static function isAdministrator($uid = '') { + if (!empty($uid)) { + $adminConf = config('apiAdmin.USER_ADMINISTRATOR'); + if (is_array($adminConf)) { + if (is_array($uid)) { + $m = array_intersect($adminConf, $uid); + if (count($m)) { + return true; + } + } else { + if (in_array($uid, $adminConf)) { + return true; + } + } + } else { + if (is_array($uid)) { + if (in_array($adminConf, $uid)) { + return true; + } + } else { + if ($uid == $adminConf) { + return true; + } + } + } + } + + return false; + } +}