2022-08-19 19:48:37 +08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace app\admin\middleware\system;
|
|
|
|
|
|
2022-11-28 19:11:12 +08:00
|
|
|
use support\View;
|
2022-08-19 19:48:37 +08:00
|
|
|
use app\admin\library\Auth;
|
|
|
|
|
use app\common\library\ResultCode;
|
|
|
|
|
use app\common\model\system\Admin as AdminModel;
|
|
|
|
|
use app\common\model\system\SystemLog;
|
|
|
|
|
use Psr\SimpleCache\InvalidArgumentException;
|
|
|
|
|
use think\db\exception\DataNotFoundException;
|
|
|
|
|
use think\db\exception\DbException;
|
|
|
|
|
use think\db\exception\ModelNotFoundException;
|
|
|
|
|
use Webman\MiddlewareInterface;
|
|
|
|
|
use Webman\Http\Response;
|
|
|
|
|
use Webman\Http\Request;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 管理员权限
|
|
|
|
|
* @package app\admin\middleware\system
|
|
|
|
|
* @author meystack <
|
|
|
|
|
*/
|
|
|
|
|
class AdminPermissions implements MiddlewareInterface
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 不需要鉴权的方法
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
2023-06-19 14:32:30 +08:00
|
|
|
protected array $noNeedLogin = [
|
2022-08-19 19:48:37 +08:00
|
|
|
'/Index/index',
|
|
|
|
|
'/Login/index',
|
|
|
|
|
'/Login/logout',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 校验权限
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @param callable $handler
|
|
|
|
|
* @return Response
|
|
|
|
|
* @throws DataNotFoundException
|
|
|
|
|
* @throws DbException
|
|
|
|
|
* @throws InvalidArgumentException
|
2022-12-02 11:16:57 +08:00
|
|
|
* @throws ModelNotFoundException|\ReflectionException
|
2022-08-19 19:48:37 +08:00
|
|
|
*/
|
|
|
|
|
public function process(Request $request, callable $handler): Response
|
|
|
|
|
{
|
2022-12-02 11:16:57 +08:00
|
|
|
$app = request()->getApp();
|
2022-08-19 19:48:37 +08:00
|
|
|
$controller = request()->getController();
|
2022-12-02 11:16:57 +08:00
|
|
|
$action = request()->getAction();
|
2022-08-22 19:07:32 +08:00
|
|
|
$AdminLogin = request()->session()->get(AdminSession);
|
2022-08-19 19:48:37 +08:00
|
|
|
if (!isset($AdminLogin['id']) && strtolower($controller) !== 'login') {
|
|
|
|
|
return redirect(url('/login/index'));
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-02 11:16:57 +08:00
|
|
|
// 获取权限列表
|
|
|
|
|
$class = new \ReflectionClass($request->controller);
|
|
|
|
|
$properties = $class->getDefaultProperties();
|
2023-06-19 14:32:30 +08:00
|
|
|
$this->noNeedLogin = $properties['noNeedLogin'] ?? $this->noNeedLogin;
|
2022-12-02 11:16:57 +08:00
|
|
|
|
|
|
|
|
// 控制器鉴权
|
|
|
|
|
$method = '/' . $controller . '/' . $action;
|
2023-06-19 14:32:30 +08:00
|
|
|
if (!in_array('*', $this->noNeedLogin)
|
|
|
|
|
&& !in_array(strtolower($method), array_map('strtolower', $this->noNeedLogin))) {
|
2022-12-02 11:16:57 +08:00
|
|
|
if (!Auth::instance()->SuperAdmin() && !Auth::instance()->check($method, get_admin_id())) {
|
2022-08-19 19:48:37 +08:00
|
|
|
if (request()->isAjax()) {
|
|
|
|
|
return json(['code' => 101, 'msg' => '没有权限']);
|
|
|
|
|
} else {
|
|
|
|
|
return $this->abortPage('没有权限!', 401);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-02 11:16:57 +08:00
|
|
|
/**
|
|
|
|
|
* Admin应用
|
|
|
|
|
* 控制器权限分发
|
|
|
|
|
*/
|
2022-08-19 19:48:37 +08:00
|
|
|
if (\request()->isPost()) {
|
2022-12-02 11:16:57 +08:00
|
|
|
|
|
|
|
|
$id = input('id');
|
|
|
|
|
|
2022-08-19 19:48:37 +08:00
|
|
|
if ($controller == 'system/Admin') {
|
|
|
|
|
if ($data = AdminModel::getById($id)) {
|
|
|
|
|
$group_id = input('group_id');
|
|
|
|
|
$group_id = !empty($group_id) ? $group_id . ',' . $data['group_id'] : $data['group_id'];
|
|
|
|
|
$group_id = array_unique(explode(',', $group_id));
|
|
|
|
|
if (!Auth::instance()->checkRulesForGroup($group_id)) {
|
|
|
|
|
return json(ResultCode::AUTH_ERROR);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-12-02 11:16:57 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($controller == 'system/AdminGroup') {
|
2022-08-19 19:48:37 +08:00
|
|
|
if (!empty($id) && $id >= 1) {
|
|
|
|
|
if (!Auth::instance()->checkRulesForGroup((array)$id)) {
|
|
|
|
|
return json(ResultCode::AUTH_ERROR);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-02 11:16:57 +08:00
|
|
|
// 分配当前管理员信息
|
2022-08-19 19:48:37 +08:00
|
|
|
View::assign('app', $app);
|
|
|
|
|
View::assign('controller', $controller);
|
|
|
|
|
View::assign('action', $action);
|
|
|
|
|
View::assign('AdminLogin', $AdminLogin);
|
2022-12-02 11:16:57 +08:00
|
|
|
self::writeAdminRequestLogs();
|
2022-08-19 19:48:37 +08:00
|
|
|
return $handler($request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 写入后台操作日志
|
|
|
|
|
* @throws InvalidArgumentException
|
|
|
|
|
* @throws DataNotFoundException
|
|
|
|
|
* @throws DbException
|
|
|
|
|
* @throws ModelNotFoundException
|
|
|
|
|
*/
|
2022-12-02 11:16:57 +08:00
|
|
|
public static function writeAdminRequestLogs()
|
2022-08-19 19:48:37 +08:00
|
|
|
{
|
|
|
|
|
if (saenv('system_logs')) {
|
|
|
|
|
|
|
|
|
|
$actionLogs = [
|
|
|
|
|
'module' => request()->app,
|
|
|
|
|
'controller' => request()->controller,
|
|
|
|
|
'action' => request()->action,
|
|
|
|
|
'params' => serialize(request()->all()),
|
|
|
|
|
'method' => request()->method(),
|
|
|
|
|
'code' => 200,
|
|
|
|
|
'url' => request()->url(),
|
2022-08-23 11:11:42 +08:00
|
|
|
'ip' => request()->getRealIp(),
|
2022-08-19 19:48:37 +08:00
|
|
|
'name' => session('AdminLogin.name'),
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if (empty($actionLogs['name'])) {
|
|
|
|
|
$actionLogs['name'] = 'system';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$actionLogs['type'] = 2;
|
|
|
|
|
SystemLog::write($actionLogs);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* 错误页面
|
|
|
|
|
* @param int $code
|
|
|
|
|
* @param string $msg
|
|
|
|
|
* @return \support\Response
|
|
|
|
|
*/
|
|
|
|
|
public function abortPage(string $msg = '', int $code = 404): Response
|
|
|
|
|
{
|
|
|
|
|
$exception = config('app.exception_template');
|
|
|
|
|
if (isset($exception[$code])) {
|
|
|
|
|
$template = @file_get_contents($exception[$code]);
|
|
|
|
|
} else {
|
|
|
|
|
$template = $msg;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return \response($template, $code);
|
|
|
|
|
}
|
|
|
|
|
}
|
