权限验证

9de2b588 · hujun · 5efd6aa0 · 9de2b588 · 9de2b588
Commit 9de2b588 authored Apr 09, 2018 by hujun
Show whitespace changes
Inline Side-by-side

Showing with 21 additions and 15 deletions

Basic.php application/api_broker/extend/Basic.php +12 -7

AAgents.php application/model/AAgents.php +9 -8

No files found.
--- a/application/api_broker/extend/Basic.php
+++ b/application/api_broker/extend/Basic.php
@@ -49,9 +49,6 @@ class Basic extends Controller
     *
     * Basic constructor.
     * @param Request|null $request
-     * @throws \think\db\exception\DataNotFoundException
-     * @throws \think\db\exception\ModelNotFoundException
-     * @throws \think\exception\DbException
     */
    public function __construct(Request $request = null)
    {
@@ -268,15 +265,23 @@ class Basic extends Controller
     *
     * @param $requestPath
     * @return bool
-     * @throws \think\db\exception\DataNotFoundException
-     * @throws \think\db\exception\ModelNotFoundException
-     * @throws \think\exception\DbException
     */
    public function  userAuth($requestPath){
        $agents  = new AAgents();
        $is_auth = $agents->agentsAuthId($this->agentId, $requestPath);

-        if (empty($is_auth['id']) && $this->agentId != 1) {
+        $auth_arr = [
+            'broker/report',
+            'broker/addFollowUp',
+            'broker/marchIn',
+            'broker/collectingBill',
+            'broker/refund',
+            'broker/bargain',
+            'broker/statusBargain',
+            'broker/getFollowUpList',
+        ];
+
+        if (in_array($requestPath, $auth_arr) && empty($is_auth) && $this->agentId != 1) {
            echo json_encode(array( "code" => "300", "msg" => "没有权限！", "data" => [], "type" => "json" ));exit;
        }


--- a/application/model/AAgents.php
+++ b/application/model/AAgents.php
@@ -488,19 +488,20 @@ class AAgents extends BaseModel
     *
     * @param $agents_id
     * @param $rule
-     * @return array|false|\PDOStatement|string|\think\Model
-     * @throws \think\db\exception\DataNotFoundException
-     * @throws \think\db\exception\ModelNotFoundException
-     * @throws \think\exception\DbException
+     * @return mixed
     */
    public function agentsAuthId($agents_id, $rule) {
-        return $this->alias('a')
+        $rules = $this->alias('a')
            ->field('b.id')
            ->join('auth_group b','a.auth_group_id=b.id','left')
-            ->where('name', $rule)
-            ->where('a.id',$agents_id)
            ->where('b.status',0)
-            ->find();
+            ->where('a.id',$agents_id)
+            ->value('rules');
+
+        $rule_model = new AuthRule();
+        return $rule_model->where('id', 'in', $rules)
+            ->where('name',$rule)
+            ->value('id');
    }

    /**