[更新]调整系统权限管理(使用Hook检查控制器的checkAuth及checkLogin属性)

2025-04-06 03:58:04 +08:00 · 2017-05-12 16:15:17 +08:00 · 2017-05-12 16:15:17 +08:00 · c88883d84d
commit c88883d84d
parent 674116a01a
18 changed files with 103 additions and 41 deletions
--- a/application/admin/controller/Auth.php
+++ b/application/admin/controller/Auth.php
@ -33,7 +33,7 @@ class Auth extends BasicAdmin {
     * 默认数据模型
     * @var string
     */
-    protected $table = 'SystemAuth';
+    public $table = 'SystemAuth';

    /**
     * 权限列表
--- a/application/admin/controller/Config.php
+++ b/application/admin/controller/Config.php
@ -30,13 +30,13 @@ class Config extends BasicAdmin {
     * 当前默认数据模型
     * @var string
     */
-    protected $table = 'SystemConfig';
+    public $table = 'SystemConfig';

    /**
     * 当前页面标题
     * @var string
     */
-    protected $title = '网站参数配置';
+    public $title = '网站参数配置';

    /**
     * 显示系统常规配置
--- a/application/admin/controller/Log.php
+++ b/application/admin/controller/Log.php
@ -31,7 +31,7 @@ class Log extends BasicAdmin {
     * 指定当前数据表
     * @var string
     */
-    protected $table = 'SystemLog';
+    public $table = 'SystemLog';

    /**
     * 日志列表
--- a/application/admin/controller/Login.php
+++ b/application/admin/controller/Login.php
@ -28,6 +28,18 @@ use think\Db;
 */
 class Login extends BasicAdmin {

+    /**
+     * 默认检查用户登录状态
+     * @var bool
+     */
+    public $checkLogin = false;
+
+    /**
+     * 默认检查节点访问权限
+     * @var bool
+     */
+    public $checkAuth = false;
+
    /**
     * 控制器基础方法
     */
--- a/application/admin/controller/Menu.php
+++ b/application/admin/controller/Menu.php
@ -33,7 +33,7 @@ class Menu extends BasicAdmin {
     * 绑定操作模型
     * @var string
     */
-    protected $table = 'SystemMenu';
+    public $table = 'SystemMenu';

    /**
     * 菜单列表
--- a/application/admin/controller/Node.php
+++ b/application/admin/controller/Node.php
@ -32,7 +32,7 @@ class Node extends BasicAdmin {
     * 指定当前默认模型
     * @var string
     */
-    protected $table = 'SystemNode';
+    public $table = 'SystemNode';

    /**
     * 显示节点列表
--- a/application/admin/controller/Plugs.php
+++ b/application/admin/controller/Plugs.php
@ -15,7 +15,6 @@
 namespace app\admin\controller;

 use controller\BasicAdmin;
-use OSS\OssClient;
 use service\FileService;
 use think\View;

@ -32,13 +31,13 @@ class Plugs extends BasicAdmin {
     * 默认检查用户登录状态
     * @var bool
     */
-    protected $checkLogin = false;
+    public $checkLogin = false;

    /**
     * 默认检查节点访问权限
     * @var bool
     */
-    protected $checkAuth = false;
+    public $checkAuth = false;

    /**
     * 文件上传
--- a/application/admin/controller/User.php
+++ b/application/admin/controller/User.php
@ -31,7 +31,7 @@ class User extends BasicAdmin {
     * 指定当前数据表
     * @var string
     */
-    protected $table = 'SystemUser';
+    public $table = 'SystemUser';

    /**
     * 用户列表
--- a/application/tags.php
+++ b/application/tags.php
@ -20,7 +20,7 @@ return [
    // 模块初始化
    'module_init'  => [],
    // 操作开始执行
-    'action_begin' => [],
+    'action_begin' => ['hook\\AccessAuth'],
    // 视图内容过滤
    'view_filter'  => ['hook\\FilterView'],
    // 日志写入
--- a/application/wechat/controller/Config.php
+++ b/application/wechat/controller/Config.php
@ -33,7 +33,7 @@ class Config extends BasicAdmin {
     * 定义当前操作表名
     * @var string
     */
-    protected $table = 'SystemConfig';
+    public $table = 'SystemConfig';

    /**
     * 微信基础参数配置
--- a/application/wechat/controller/Fans.php
+++ b/application/wechat/controller/Fans.php
@ -32,7 +32,7 @@ class Fans extends BasicAdmin {
     * 定义当前默认数据表
     * @var string
     */
-    protected $table = 'WechatFans';
+    public $table = 'WechatFans';

    /**
     * 显示粉丝列表
--- a/application/wechat/controller/Keys.php
+++ b/application/wechat/controller/Keys.php
@ -30,7 +30,7 @@ class Keys extends BasicAdmin {
     * 指定当前数据表
     * @var string
     */
-    protected $table = 'WechatKeys';
+    public $table = 'WechatKeys';

    /**
     * 显示关键字列表
--- a/application/wechat/controller/Menu.php
+++ b/application/wechat/controller/Menu.php
@ -32,13 +32,13 @@ class Menu extends BasicAdmin {
     * 指定当前页面标题
     * @var string
     */
-    protected $title = '微信菜单定制';
+    public $title = '微信菜单定制';

    /**
     * 指定默认操作的数据表
     * @var string
     */
-    protected $table = 'WechatMenu';
+    public $table = 'WechatMenu';

    /**
     * 微信菜单的类型
--- a/application/wechat/controller/News.php
+++ b/application/wechat/controller/News.php
@ -37,7 +37,7 @@ class News extends BasicAdmin {
     * 设置默认操作表
     * @var string
     */
-    protected $table = 'WechatNews';
+    public $table = 'WechatNews';

    /**
     * 图文列表
--- a/application/wechat/controller/Tags.php
+++ b/application/wechat/controller/Tags.php
@ -33,7 +33,7 @@ class Tags extends BasicAdmin {
     * 定义当前默认数据表
     * @var string
     */
-    protected $table = 'WechatFansTags';
+    public $table = 'WechatFansTags';

    /**
     * 显示粉丝标签列表
--- a/extend/controller/BasicAdmin.php
+++ b/extend/controller/BasicAdmin.php
@ -32,42 +32,25 @@ class BasicAdmin extends Controller {
     * 页面标题
     * @var string
     */
-    protected $title;
+    public $title;

    /**
     * 默认操作数据表
     * @var string
     */
-    protected $table;
+    public $table;

    /**
     * 默认检查用户登录状态
     * @var bool
     */
-    protected $checkLogin = true;
+    public $checkLogin = true;

    /**
     * 默认检查节点访问权限
     * @var bool
     */
-    protected $checkAuth = true;
-
-    /**
-     * 后台权限控制初始化方法
-     */
-    public function _initialize() {
-        // 用户登录状态检查
-        if (($this->checkLogin || $this->checkAuth) && !session('user')) {
-            $this->redirect('@admin/login');
-        }
-        list($module, $controller, $action) = [$this->request->module(), $this->request->controller(), $this->request->action()];
-        // 节点访问权限检查
-        if ($this->checkLogin && $this->checkAuth && !auth("{$module}/{$controller}/{$action}")) {
-            $this->error('抱歉，您没有访问该模块的权限！');
-        }
-        // 初始化赋值常用变量
-        $this->assign('classuri', strtolower("{$module}/{$controller}"));
-    }
+    public $checkAuth = true;

    /**
     * 表单默认操作
@ -101,7 +84,7 @@ class BasicAdmin extends Controller {
        if ($pk_value !== '') { // Edit Options
            !empty($pk_value) && $db->where($pk, $pk_value);
            !empty($where) && $db->where($where);
-            $vo = array_merge($data, (array)$db->find());
+            $vo = array_merge($data, (array) $db->find());
        }
        $this->_callback('_form_filter', $vo);
        $this->assign('vo', $vo);
--- a/extend/hook/AccessAuth.php
+++ b/extend/hook/AccessAuth.php
@ -0,0 +1,64 @@
+<?php
+
+// +----------------------------------------------------------------------
+// | Think.Admin
+// +----------------------------------------------------------------------
+// | 版权所有 2014~2017 广州楚才信息科技有限公司 [ http://www.cuci.cc ]
+// +----------------------------------------------------------------------
+// | 官方网站: http://think.ctolog.com
+// +----------------------------------------------------------------------
+// | 开源协议 ( https://mit-license.org )
+// +----------------------------------------------------------------------
+// | github开源项目：https://github.com/zoujingli/Think.Admin
+// +----------------------------------------------------------------------
+
+namespace hook;
+
+use think\Config;
+use think\exception\HttpResponseException;
+use think\Request;
+use think\Response;
+use think\View;
+
+/**
+ * 访问权限管理
+ * Class AccessAuth
+ * @package hook
+ * @author Anyon <zoujingli@qq.com>
+ * @date 2017/05/12 11:59
+ */
+class AccessAuth {
+
+    /**
+     * 当前请求对象
+     * @var Request
+     */
+    protected $request;
+
+    /**
+     * 行为入口
+     * @param $params
+     */
+    public function run(&$params) {
+        $this->request = Request::instance();
+        list($module, $controller, $action) = [$this->request->module(), $this->request->controller(), $this->request->action()];
+        $vars = get_class_vars(config('app_namespace') . "\\{$module}\\controller\\{$controller}");
+        // 用户登录状态检查
+        if ((!empty($vars['checkAuth']) || !empty($vars['checkLogin'])) && !session('user')) {
+            if ($this->request->isAjax()) {
+                $result = ['code' => 0, 'msg' => '抱歉, 您还没有登录获取访问权限!', 'data' => '', 'url' => '@admin/login', 'wait' => 3];
+                throw new HttpResponseException(json($result));
+            }
+            throw new HttpResponseException(redirect('@admin/login'));
+        }
+        // 访问权限节点检查
+        if (!empty($vars['checkLogin']) && !auth("{$module}/{$controller}/{$action}")) {
+            $result = ['code' => 0, 'msg' => '抱歉, 您没有访问该模块的权限!', 'data' => '', 'url' => '', 'wait' => 3];
+            throw new HttpResponseException(json($result));
+        }
+        // 权限正常, 默认赋值
+        $view = View::instance(Config::get('template'), Config::get('view_replace_str'));
+        $view->assign('classuri', strtolower("{$module}/{$controller}"));
+    }
+
+}
--- a/extend/service/NodeService.php
+++ b/extend/service/NodeService.php
@ -31,6 +31,9 @@ class NodeService {
     */
    public static function applyAuthNode() {
        cache('need_access_node', null);
+        if (($userid = session('user.id'))) {
+            session('user', Db::name('SystemUser')->where('id', $userid)->find());
+        }
        if (($authorize = session('user.authorize'))) {
            $authorizeids = Db::name('SystemAuth')->where('id', 'in', explode(',', $authorize))->where('status', '1')->column('id');
            if (empty($authorizeids)) {
@ -61,7 +64,8 @@ class NodeService {
     * @return bool
     */
    public static function checkAuthNode($node) {
-        $auth_node = strtolower($node);
+        list($module, $controller, $action) = explode('/', str_replace(['?', '=', '&'], '/', $node . '///'));
+        $auth_node = strtolower(trim("{$module}/{$controller}/{$action}", '/'));
        if (session('user.username') === 'admin' || stripos($node, 'admin/index') === 0) {
            return true;
        }