最大兼容性的升级权限管理功能,无须改动数据库, 在原先的节点验证上增加了参数验证,实现更灵活的权限管理!

application/admin/behavior/ApiPermission.php

@@ -1,6 +1,14 @@
 <?php
 /**
  * 处理后台接口请求权限
+ * ==============
+ * 更新说明:最大兼容性的升级权限功能,无须改动数据库,
+ * 在原先的节点验证上增加了参数验证,实现更灵活的权限管理! 
+ * 如何使用:在填写权限节点的时候只需要在其后加入'?a=1&b=2'格式的参数,
+ * 例如:只能获取栏目id为2的获取栏目列表,则权限节点需要这样填写:admin/News/getList?id=2 
+ * 如果只能获取该栏目下状态为3的类别,需要这样填写:admin/News/getList?id=2&status=3
+ * Update By unset 193344396@qq.com
+ * ===================================
  * @since   2017-07-25
  * @author  zhaoxiang <zhaoxiang051405@gmail.com>
  */
@@ -27,12 +35,12 @@ class ApiPermission {
      */
     public function run() {
         $request = Request::instance();
-        $route = $request->routeInfo();
+        $route = $request->param();
         $header = config('apiAdmin.CROSS_DOMAIN');
         $ApiAuth = $request->header('ApiAuth', '');
         $userInfo = cache('Login:' . $ApiAuth);
         $userInfo = json_decode($userInfo, true);
-        if (!$this->checkAuth($userInfo['id'], $route['route'])) {
+        if (!$this->checkAuth($userInfo['id'], $route)) {
             $data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉，您没有权限这么做！', 'data' => []];
 
             return json($data, 200, $header);
@@ -52,9 +60,23 @@ class ApiPermission {
     private function checkAuth($uid, $route) {
         $isSupper = Tools::isAdministrator($uid);
         if (!$isSupper) {
+            $keys = array_keys($route);
             $rules = $this->getAuth($uid);
-
-            return in_array($route, $rules);
+            $baseUrl = $keys[0];
+            if(isset($rules[$baseUrl])){
+                if($rules[$baseUrl]['all']==1){
+                    return true;
+                }else{
+                    $intersect = array_intersect_assoc($route,$rules[$baseUrl]['query']);
+                    if(sizeof(array_diff_assoc($rules[$baseUrl]['query'],$intersect))==0){
+                        return true;
+                    }else{
+                        return false;
+                    }
+                }
+            }else{
+                return false;
+            }
         } else {
             return true;
         }
@@ -79,14 +101,21 @@ class ApiPermission {
                 foreach ($openGroup as $group) {
                     $openGroupArr[] = $group->id;
                 }
-                $allRules = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->select();
-                if (isset($allRules)) {
+                $allRulesUrl = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->column('url');
+                if (isset($allRulesUrl)) {
                     $rules = [];
-                    foreach ($allRules as $rule) {
-                        $rules[] = $rule->url;
+                    foreach ($allRulesUrl as $rule) {
+                        $query = parse_url($rule);
+                        $route = '/'.$query['path'];
+                        if(!isset($query['query'])){
+                            $rules[$route]['all'] = 1;
+                        }else{
+                            parse_str($query['query'],$query_arr);
+                            $rules[$route]['all'] = 0;
+                            $rules[$route]['query'] = $query_arr;
+                        }
                     }
                     $rules = array_unique($rules);
-
                     return $rules;
                 } else {
                     return [];