blackteay/ApiAdmin
1
0
Fork 0
mirror of https://gitee.com/apiadmin/ApiAdmin.git synced 2025-10-14 03:22:12 +08:00
Code Issues Projects Releases Wiki Activity

最大兼容性的升级权限管理功能,无须改动数据库, 在原先的节点验证上增加了参数验证,实现更灵活的权限管理!

Browse Source
This commit is contained in:
unset 2018-08-06 01:43:58 +08:00
parent efc1f4ae1e
commit ae7a5a213a
1 changed files with 38 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
application/admin/behavior/ApiPermission.php
View File

@ -1,6 +1,14 @@
<?php <?php
/** /**
* 处理后台接口请求权限 * 处理后台接口请求权限
* ==============
* 更新说明:最大兼容性的升级权限功能,无须改动数据库,
* 在原先的节点验证上增加了参数验证,实现更灵活的权限管理!
* 如何使用:在填写权限节点的时候只需要在其后加入'?a=1&b=2'格式的参数,
* 例如:只能获取栏目id为2的获取栏目列表,则权限节点需要这样填写:admin/News/getList?id=2
* 如果只能获取该栏目下状态为3的类别,需要这样填写:admin/News/getList?id=2&status=3
* Update By unset 193344396@qq.com
* ===================================
* @since 2017-07-25 * @since 2017-07-25
* @author zhaoxiang <zhaoxiang051405@gmail.com> * @author zhaoxiang <zhaoxiang051405@gmail.com>
*/ */
@ -27,12 +35,12 @@ class ApiPermission {
*/ */
public function run() { public function run() {
$request = Request::instance(); $request = Request::instance();
$route = $request->routeInfo(); $route = $request->param();
$header = config('apiAdmin.CROSS_DOMAIN'); $header = config('apiAdmin.CROSS_DOMAIN');
$ApiAuth = $request->header('ApiAuth', ''); $ApiAuth = $request->header('ApiAuth', '');
$userInfo = cache('Login:' . $ApiAuth); $userInfo = cache('Login:' . $ApiAuth);
$userInfo = json_decode($userInfo, true); $userInfo = json_decode($userInfo, true);
if (!$this->checkAuth($userInfo['id'], $route['route'])) { if (!$this->checkAuth($userInfo['id'], $route)) {
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限这么做!', 'data' => []]; $data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,您没有权限这么做!', 'data' => []];
return json($data, 200, $header); return json($data, 200, $header);
@ -52,9 +60,23 @@ class ApiPermission {
private function checkAuth($uid, $route) { private function checkAuth($uid, $route) {
$isSupper = Tools::isAdministrator($uid); $isSupper = Tools::isAdministrator($uid);
if (!$isSupper) { if (!$isSupper) {
$keys = array_keys($route);
$rules = $this->getAuth($uid); $rules = $this->getAuth($uid);
$baseUrl = $keys[0];
return in_array($route, $rules); if(isset($rules[$baseUrl])){
if($rules[$baseUrl]['all']==1){
return true;
}else{
$intersect = array_intersect_assoc($route,$rules[$baseUrl]['query']);
if(sizeof(array_diff_assoc($rules[$baseUrl]['query'],$intersect))==0){
return true;
}else{
return false;
}
}
}else{
return false;
}
} else { } else {
return true; return true;
} }
@ -79,14 +101,21 @@ class ApiPermission {
foreach ($openGroup as $group) { foreach ($openGroup as $group) {
$openGroupArr[] = $group->id; $openGroupArr[] = $group->id;
} }
$allRules = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->select(); $allRulesUrl = (new AdminAuthRule())->whereIn('groupId', $openGroupArr)->column('url');
if (isset($allRules)) { if (isset($allRulesUrl)) {
$rules = []; $rules = [];
foreach ($allRules as $rule) { foreach ($allRulesUrl as $rule) {
$rules[] = $rule->url; $query = parse_url($rule);
$route = '/'.$query['path'];
if(!isset($query['query'])){
$rules[$route]['all'] = 1;
}else{
parse_str($query['query'],$query_arr);
$rules[$route]['all'] = 0;
$rules[$route]['query'] = $query_arr;
}
} }
$rules = array_unique($rules); $rules = array_unique($rules);
return $rules; return $rules;
} else { } else {
return []; return [];