1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
<?php
namespace app\admin\controller;
use app\admin\model\PermissionModel;
use app\admin\model\StaffRoleModel;
use think\Controller;
use think\facade\Cookie;
use think\facade\Request;
use think\facade\Session;
/**
* 控制器基类
* 验证用户是否登录,
* 验证用户的管理权限
* Class Base
* @package app\admin\controller
*/
class Base extends Controller
{
protected $uid ;
protected $user = [];
//登录检测
protected function initialize(){
$this->user = Session::get('user');
$this->uid = $this->user['user_id'];
$this->check();
}
private function check(){
$single = new SingleSign();
try {
$user = $single->getUserInfo();
dd($user);
Cookie::set('user',$user['ukey']);
$user['user_id'] = $single->getUserId($user);
session('user', $user);
$sUser['name'] = $user['name'];
$sUser['is_admin'] = $user['is_admin'] === true ? true : false;
$sUser['user_id'] = $user['user_id'];
//保存加密串到redis
$single->saveKey($user['ukey'],$sUser);
} catch ( \Exception $e){
// dd($e->getMessage().$e->getFile().$e->getLine());
$this->redirect('/login');
}
if(!$user['is_admin']){
$this->authCheck($user['user_id']);
}
}
//检测当前用户对当前url是否具备权限
private function authCheck($user_id){
//通过uid查询roleid通过roleid查询权限列表
$permissions = StaffRoleModel::getStaffRolesById($user_id);
$permissions = explode(',',$permissions);
//获取当前访问路由
$path = Request::pathinfo() ?: '/';
if($path !== '/'){
//检测是否存在数字,如果存在数字则删除最后一个/之后的所有数据
if(preg_match('/[0-9]+/',$path)){
$path = substr($path,0,strrpos($path,'/'));
}
//过滤权限
if($path != 'reset'){
//查询当前路由信息
$permission = PermissionModel::field('id,nav_url')->get(['nav_url'=>$path]);
if(isset($permission->id)){
if(!in_array($permission->id,$permissions) || $permission == null){
$this->error('你没有访问'.$path."操作的权限",'/','close',2);
}
} else {
$this->error($path,'/','close',2);
}
}
}
}
}