From 12a141bbeb1885c63c5317c0785981ecee6ec773 Mon Sep 17 00:00:00 2001
From: Anyon <zoujingli@qq.com>
Date: Tue, 16 Jul 2019 18:13:34 +0800
Subject: [PATCH] =?UTF-8?q?[=E6=9B=B4=E6=96=B0]=E5=A2=9E=E5=8A=A0=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E5=BC=BA=E5=88=B6=E6=96=B9=E5=BC=8F=EF=BC=88=E4=B8=8D?=
 =?UTF-8?q?=E4=BE=9D=E8=B5=96=E7=BC=93=E5=AD=98=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/service/NodeService.php | 30 ++++++++++++++++++++++-
 application/admin/sys.php                 | 12 ++++-----
 2 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/application/admin/service/NodeService.php b/application/admin/service/NodeService.php
index e18a9824e..c0900fbf6 100644
--- a/application/admin/service/NodeService.php
+++ b/application/admin/service/NodeService.php
@@ -18,6 +18,7 @@ namespace app\admin\service;
 use library\tools\Data;
 use library\tools\Node;
 use think\Db;
+use think\facade\App;
 use think\facade\Cache;
 use think\facade\Request;
 
@@ -150,7 +151,34 @@ class NodeService
     }
 
     /**
-     * 检查节点授权
+     * 强制验证访问权限
+     * --- 需要加载对应的控制器
+     * @param null|string $node
+     * @return boolean
+     * @throws \ReflectionException
+     */
+    public static function forceAuth($node = null)
+    {
+        if (session('admin_user.username') === 'admin') return true;
+        $real = is_null($node) ? self::current() : self::full($node);
+        list($module, $controller, $action) = explode('/', $real);
+        if (class_exists($class = App::parseClass($module, 'controller', $controller))) {
+            $reflection = new \ReflectionClass($class);
+            if ($reflection->hasMethod($action)) {
+                $comment = preg_replace("/\s/", '', $reflection->getMethod($action)->getDocComment());
+                if (stripos($comment, '@authtrue') === false) {
+                    return true;
+                } else {
+                    return in_array($real, (array)session('admin_user.nodes'));
+                }
+            }
+        }
+        return true;
+    }
+
+    /**
+     * 检查指定节点授权
+     * --- 需要读取缓存或扫描所有节点
      * @param null|string $node
      * @return boolean
      * @throws \ReflectionException
diff --git a/application/admin/sys.php b/application/admin/sys.php
index 4d357efd1..0816b456b 100644
--- a/application/admin/sys.php
+++ b/application/admin/sys.php
@@ -108,14 +108,12 @@ if (!function_exists('base64_image')) {
 
 // 访问权限检查中间键
 Middleware::add(function (Request $request, \Closure $next) {
-    // 访问权限检查
-    if (NodeService::checkAuth()) {
+    // 验证访问节点权限
+    if (NodeService::forceAuth()) {
         return $next($request);
+    } elseif (NodeService::islogin()) {
+        return json(['code' => 0, 'msg' => '抱歉，没有访问该操作的权限！']);
     } else {
-        if (NodeService::islogin()) {
-            return json(['code' => 0, 'msg' => '抱歉，没有访问该操作的权限！']);
-        } else {
-            return json(['code' => 0, 'msg' => '抱歉，您还没有登录获取访问权限！', 'url' => url('@admin/login')]);
-        }
+        return json(['code' => 0, 'msg' => '抱歉，您还没有登录获取访问权限！', 'url' => url('@admin/login')]);
     }
 });