diff --git a/application/admin/controller/api/Plugs.php b/application/admin/controller/api/Plugs.php index 74689fc63..60919a242 100644 --- a/application/admin/controller/api/Plugs.php +++ b/application/admin/controller/api/Plugs.php @@ -16,7 +16,6 @@ namespace app\admin\controller\api; use library\Controller; use library\File; -use think\Db; /** * 后台插件管理 diff --git a/application/admin/service/Auth.php b/application/admin/service/Auth.php index e103b4465..a9c67a7d1 100644 --- a/application/admin/service/Auth.php +++ b/application/admin/service/Auth.php @@ -25,40 +25,7 @@ use think\Db; */ class Auth { - - /** - * 权限检查中间件入口 - * @param \think\Request $request - * @param \Closure $next - * @return mixed - * @throws \think\Exception - * @throws \think\db\exception\DataNotFoundException - * @throws \think\db\exception\ModelNotFoundException - * @throws \think\exception\DbException - * @throws \think\exception\PDOException - */ - public function handle(\think\Request $request, \Closure $next) - { - // 系统消息处理 - if (($code = $request->get('messagecode')) > 0) Message::set($code); - // 节点忽略跳过 - $node = Node::current(); - foreach (self::getIgnore() as $str) if (stripos($node, $str) === 0) return $next($request); - // 节点权限查询 - $auth = Db::name('SystemNode')->cache(true, 60)->field('is_auth,is_login')->where(['node' => $node])->find(); - $info = ['is_auth' => $auth['is_auth'], 'is_login' => $auth['is_auth'] ? 1 : $auth['is_login']]; - // 登录状态检查 - if (!empty($info['is_login']) && !self::isLogin()) { - $message = ['code' => 0, 'msg' => '抱歉,您还没有登录获取访问权限!', 'url' => url('@admin/login')]; - return $request->isAjax() ? json($message) : redirect($message['url']); - } - // 访问权限检查 - if (!empty($info['is_auth']) && !self::checkAuthNode($node)) { - return json(['code' => 0, 'msg' => '抱歉,您没有访问该模块的权限!']); - } - return $next($request); - } - + /** * 权限节点忽略规则 * @return array diff --git a/application/admin/sys.php b/application/admin/sys.php index 9425bddef..f76bdfdbf 100644 --- a/application/admin/sys.php +++ b/application/admin/sys.php @@ -107,5 +107,24 @@ if (!function_exists('base64_image')) { } } -// 注册中间键 -\think\facade\Middleware::add('app\admin\service\Auth'); \ No newline at end of file +// 系统权限检查中间键 +\think\facade\Middleware::add(function (\think\Request $request, \Closure $next) { + // 系统消息处理 + if (($code = $request->get('messagecode')) > 0) \app\admin\service\Message::set($code); + // 节点忽略跳过 + $node = \library\tools\Node::current(); + foreach (\app\admin\service\Auth::getIgnore() as $str) if (stripos($node, $str) === 0) return $next($request); + // 节点权限查询 + $auth = \think\Db::name('SystemNode')->cache(true, 60)->field('is_auth,is_login')->where(['node' => $node])->find(); + $info = ['is_auth' => $auth['is_auth'], 'is_login' => $auth['is_auth'] ? 1 : $auth['is_login']]; + // 登录状态检查 + if (!empty($info['is_login']) && !\app\admin\service\Auth::isLogin()) { + $message = ['code' => 0, 'msg' => '抱歉,您还没有登录获取访问权限!', 'url' => url('@admin/login')]; + return $request->isAjax() ? json($message) : redirect($message['url']); + } + // 访问权限检查 + if (!empty($info['is_auth']) && !\app\admin\service\Auth::checkAuthNode($node)) { + return json(['code' => 0, 'msg' => '抱歉,您没有访问该模块的权限!']); + } + return $next($request); +}); \ No newline at end of file