[更新]增加权限强制方式（不依赖缓存）

2025-04-06 03:58:04 +08:00 · 2019-07-16 18:13:34 +08:00 · 2019-07-16 18:13:34 +08:00 · 12a141bbeb
commit 12a141bbeb
parent 97dc0d68c6
2 changed files with 34 additions and 8 deletions
--- a/application/admin/service/NodeService.php
+++ b/application/admin/service/NodeService.php
@ -18,6 +18,7 @@ namespace app\admin\service;
 use library\tools\Data;
 use library\tools\Node;
 use think\Db;
+use think\facade\App;
 use think\facade\Cache;
 use think\facade\Request;

@ -150,7 +151,34 @@ class NodeService
    }

    /**
-     * 检查节点授权
+     * 强制验证访问权限
+     * --- 需要加载对应的控制器
+     * @param null|string $node
+     * @return boolean
+     * @throws \ReflectionException
+     */
+    public static function forceAuth($node = null)
+    {
+        if (session('admin_user.username') === 'admin') return true;
+        $real = is_null($node) ? self::current() : self::full($node);
+        list($module, $controller, $action) = explode('/', $real);
+        if (class_exists($class = App::parseClass($module, 'controller', $controller))) {
+            $reflection = new \ReflectionClass($class);
+            if ($reflection->hasMethod($action)) {
+                $comment = preg_replace("/\s/", '', $reflection->getMethod($action)->getDocComment());
+                if (stripos($comment, '@authtrue') === false) {
+                    return true;
+                } else {
+                    return in_array($real, (array)session('admin_user.nodes'));
+                }
+            }
+        }
+        return true;
+    }
+
+    /**
+     * 检查指定节点授权
+     * --- 需要读取缓存或扫描所有节点
     * @param null|string $node
     * @return boolean
     * @throws \ReflectionException
--- a/application/admin/sys.php
+++ b/application/admin/sys.php
@ -108,14 +108,12 @@ if (!function_exists('base64_image')) {

 // 访问权限检查中间键
 Middleware::add(function (Request $request, \Closure $next) {
-    // 访问权限检查
-    if (NodeService::checkAuth()) {
+    // 验证访问节点权限
+    if (NodeService::forceAuth()) {
        return $next($request);
+    } elseif (NodeService::islogin()) {
+        return json(['code' => 0, 'msg' => '抱歉，没有访问该操作的权限！']);
    } else {
-        if (NodeService::islogin()) {
-            return json(['code' => 0, 'msg' => '抱歉，没有访问该操作的权限！']);
-        } else {
-            return json(['code' => 0, 'msg' => '抱歉，您还没有登录获取访问权限！', 'url' => url('@admin/login')]);
-        }
+        return json(['code' => 0, 'msg' => '抱歉，您还没有登录获取访问权限！', 'url' => url('@admin/login')]);
    }
 });