[更新]调整系统权限管理(使用Hook检查控制器的checkAuth及checkLogin属性)

2025-04-06 03:58:04 +08:00 · 2017-05-12 16:15:17 +08:00 · 2017-05-12 16:15:17 +08:00 · c88883d84d
commit c88883d84d
parent 674116a01a
18 changed files with 103 additions and 41 deletions
--- a/application/admin/controller/Auth.php
+++ b/application/admin/controller/Auth.php
@ -33,7 +33,7 @@ class Auth extends BasicAdmin {
     * 默认数据模型
     * @var string
     */
-    protected $table = 'SystemAuth';
+    public $table = 'SystemAuth';
    /**
     * 权限列表
--- a/application/admin/controller/Config.php
+++ b/application/admin/controller/Config.php
@ -30,13 +30,13 @@ class Config extends BasicAdmin {
     * 当前默认数据模型
     * @var string
     */
-    protected $table = 'SystemConfig';
+    public $table = 'SystemConfig';
    /**
     * 当前页面标题
     * @var string
     */
-    protected $title = '网站参数配置';
+    public $title = '网站参数配置';
    /**
     * 显示系统常规配置
--- a/application/admin/controller/Log.php
+++ b/application/admin/controller/Log.php
@ -31,7 +31,7 @@ class Log extends BasicAdmin {
     * 指定当前数据表
     * @var string
     */
-    protected $table = 'SystemLog';
+    public $table = 'SystemLog';
    /**
     * 日志列表
--- a/application/admin/controller/Login.php
+++ b/application/admin/controller/Login.php
@ -28,6 +28,18 @@ use think\Db;
 */
 class Login extends BasicAdmin {
    /**
     * 默认检查用户登录状态
     * @var bool
     */
    public $checkLogin = false;
    /**
     * 默认检查节点访问权限
     * @var bool
     */
    public $checkAuth = false;
    /**
     * 控制器基础方法
     */
--- a/application/admin/controller/Menu.php
+++ b/application/admin/controller/Menu.php
@ -33,7 +33,7 @@ class Menu extends BasicAdmin {
     * 绑定操作模型
     * @var string
     */
-    protected $table = 'SystemMenu';
+    public $table = 'SystemMenu';
    /**
     * 菜单列表
--- a/application/admin/controller/Node.php
+++ b/application/admin/controller/Node.php
@ -32,7 +32,7 @@ class Node extends BasicAdmin {
     * 指定当前默认模型
     * @var string
     */
-    protected $table = 'SystemNode';
+    public $table = 'SystemNode';
    /**
     * 显示节点列表
--- a/application/admin/controller/Plugs.php
+++ b/application/admin/controller/Plugs.php
@ -15,7 +15,6 @@
 namespace app\admin\controller;
 use controller\BasicAdmin;
 use OSS\OssClient;
 use service\FileService;
 use think\View;
@ -32,13 +31,13 @@ class Plugs extends BasicAdmin {
     * 默认检查用户登录状态
     * @var bool
     */
-    protected $checkLogin = false;
+    public $checkLogin = false;
    /**
     * 默认检查节点访问权限
     * @var bool
     */
-    protected $checkAuth = false;
+    public $checkAuth = false;
    /**
     * 文件上传
--- a/application/admin/controller/User.php
+++ b/application/admin/controller/User.php
@ -31,7 +31,7 @@ class User extends BasicAdmin {
     * 指定当前数据表
     * @var string
     */
-    protected $table = 'SystemUser';
+    public $table = 'SystemUser';
    /**
     * 用户列表
--- a/application/tags.php
+++ b/application/tags.php
@ -20,7 +20,7 @@ return [
    // 模块初始化
    'module_init'  => [],
    // 操作开始执行
-    'action_begin' => [],
+    'action_begin' => ['hook\\AccessAuth'],
    // 视图内容过滤
    'view_filter'  => ['hook\\FilterView'],
    // 日志写入
--- a/application/wechat/controller/Config.php
+++ b/application/wechat/controller/Config.php
@ -33,7 +33,7 @@ class Config extends BasicAdmin {
     * 定义当前操作表名
     * @var string
     */
-    protected $table = 'SystemConfig';
+    public $table = 'SystemConfig';
    /**
     * 微信基础参数配置
--- a/application/wechat/controller/Fans.php
+++ b/application/wechat/controller/Fans.php
@ -32,7 +32,7 @@ class Fans extends BasicAdmin {
     * 定义当前默认数据表
     * @var string
     */
-    protected $table = 'WechatFans';
+    public $table = 'WechatFans';
    /**
     * 显示粉丝列表
--- a/application/wechat/controller/Keys.php
+++ b/application/wechat/controller/Keys.php
@ -30,7 +30,7 @@ class Keys extends BasicAdmin {
     * 指定当前数据表
     * @var string
     */
-    protected $table = 'WechatKeys';
+    public $table = 'WechatKeys';
    /**
     * 显示关键字列表
--- a/application/wechat/controller/Menu.php
+++ b/application/wechat/controller/Menu.php
@ -32,13 +32,13 @@ class Menu extends BasicAdmin {
     * 指定当前页面标题
     * @var string
     */
-    protected $title = '微信菜单定制';
+    public $title = '微信菜单定制';
    /**
     * 指定默认操作的数据表
     * @var string
     */
-    protected $table = 'WechatMenu';
+    public $table = 'WechatMenu';
    /**
     * 微信菜单的类型
--- a/application/wechat/controller/News.php
+++ b/application/wechat/controller/News.php
@ -37,7 +37,7 @@ class News extends BasicAdmin {
     * 设置默认操作表
     * @var string
     */
-    protected $table = 'WechatNews';
+    public $table = 'WechatNews';
    /**
     * 图文列表
--- a/application/wechat/controller/Tags.php
+++ b/application/wechat/controller/Tags.php
@ -33,7 +33,7 @@ class Tags extends BasicAdmin {
     * 定义当前默认数据表
     * @var string
     */
-    protected $table = 'WechatFansTags';
+    public $table = 'WechatFansTags';
    /**
     * 显示粉丝标签列表
--- a/extend/controller/BasicAdmin.php
+++ b/extend/controller/BasicAdmin.php
@ -32,42 +32,25 @@ class BasicAdmin extends Controller {
     * 页面标题
     * @var string
     */
-    protected $title;
+    public $title;
    /**
     * 默认操作数据表
     * @var string
     */
-    protected $table;
+    public $table;
    /**
     * 默认检查用户登录状态
     * @var bool
     */
-    protected $checkLogin = true;
+    public $checkLogin = true;
    /**
     * 默认检查节点访问权限
     * @var bool
     */
-    protected $checkAuth = true;
+    public $checkAuth = true;
    /**
     * 后台权限控制初始化方法
     */
    public function _initialize() {
        // 用户登录状态检查
        if (($this->checkLogin || $this->checkAuth) && !session('user')) {
            $this->redirect('@admin/login');
        }
        list($module, $controller, $action) = [$this->request->module(), $this->request->controller(), $this->request->action()];
        // 节点访问权限检查
        if ($this->checkLogin && $this->checkAuth && !auth("{$module}/{$controller}/{$action}")) {
            $this->error('抱歉，您没有访问该模块的权限！');
        }
        // 初始化赋值常用变量
        $this->assign('classuri', strtolower("{$module}/{$controller}"));
    }
    /**
     * 表单默认操作
@ -101,7 +84,7 @@ class BasicAdmin extends Controller {
        if ($pk_value !== '') { // Edit Options
            !empty($pk_value) && $db->where($pk, $pk_value);
            !empty($where) && $db->where($where);
-            $vo = array_merge($data, (array)$db->find());
+            $vo = array_merge($data, (array) $db->find());
        }
        $this->_callback('_form_filter', $vo);
        $this->assign('vo', $vo);
--- a/extend/hook/AccessAuth.php
+++ b/extend/hook/AccessAuth.php
@ -0,0 +1,64 @@
 <?php
 // +----------------------------------------------------------------------
 // | Think.Admin
 // +----------------------------------------------------------------------
 // | 版权所有 2014~2017 广州楚才信息科技有限公司 [ http://www.cuci.cc ]
 // +----------------------------------------------------------------------
 // | 官方网站: http://think.ctolog.com
 // +----------------------------------------------------------------------
 // | 开源协议 ( https://mit-license.org )
 // +----------------------------------------------------------------------
 // | github开源项目：https://github.com/zoujingli/Think.Admin
 // +----------------------------------------------------------------------
 namespace hook;
 use think\Config;
 use think\exception\HttpResponseException;
 use think\Request;
 use think\Response;
 use think\View;
 /**
 * 访问权限管理
 * Class AccessAuth
 * @package hook
 * @author Anyon <zoujingli@qq.com>
 * @date 2017/05/12 11:59
 */
 class AccessAuth {
    /**
     * 当前请求对象
     * @var Request
     */
    protected $request;
    /**
     * 行为入口
     * @param $params
     */
    public function run(&$params) {
        $this->request = Request::instance();
        list($module, $controller, $action) = [$this->request->module(), $this->request->controller(), $this->request->action()];
        $vars = get_class_vars(config('app_namespace') . "\\{$module}\\controller\\{$controller}");
        // 用户登录状态检查
        if ((!empty($vars['checkAuth']) || !empty($vars['checkLogin'])) && !session('user')) {
            if ($this->request->isAjax()) {
                $result = ['code' => 0, 'msg' => '抱歉, 您还没有登录获取访问权限!', 'data' => '', 'url' => '@admin/login', 'wait' => 3];
                throw new HttpResponseException(json($result));
            }
            throw new HttpResponseException(redirect('@admin/login'));
        }
        // 访问权限节点检查
        if (!empty($vars['checkLogin']) && !auth("{$module}/{$controller}/{$action}")) {
            $result = ['code' => 0, 'msg' => '抱歉, 您没有访问该模块的权限!', 'data' => '', 'url' => '', 'wait' => 3];
            throw new HttpResponseException(json($result));
        }
        // 权限正常, 默认赋值
        $view = View::instance(Config::get('template'), Config::get('view_replace_str'));
        $view->assign('classuri', strtolower("{$module}/{$controller}"));
    }
 }
--- a/extend/service/NodeService.php
+++ b/extend/service/NodeService.php
@ -31,6 +31,9 @@ class NodeService {
     */
    public static function applyAuthNode() {
        cache('need_access_node', null);
        if (($userid = session('user.id'))) {
            session('user', Db::name('SystemUser')->where('id', $userid)->find());
        }
        if (($authorize = session('user.authorize'))) {
            $authorizeids = Db::name('SystemAuth')->where('id', 'in', explode(',', $authorize))->where('status', '1')->column('id');
            if (empty($authorizeids)) {
@ -61,7 +64,8 @@ class NodeService {
     * @return bool
     */
    public static function checkAuthNode($node) {
-        $auth_node = strtolower($node);
+        list($module, $controller, $action) = explode('/', str_replace(['?', '=', '&'], '/', $node . '///'));
        $auth_node = strtolower(trim("{$module}/{$controller}/{$action}", '/'));
        if (session('user.username') === 'admin' || stripos($node, 'admin/index') === 0) {
            return true;
        }