Commit a147d46d authored by zfc's avatar zfc

后台权限控制

parent 03ed22ee
......@@ -75,7 +75,7 @@ class Login extends Basic
$params["name"] = $name;
$passwd = md5($passwd);
$where="(name='{$name}'or phone='{$name}') and password='$passwd' ";
$list=$this->loginagent->verifyUser($field,$join,$where);
$list=$this->loginagent->verifyUser($filed,$join,$where);
if(!$list){
return view("/login/login", [ "msg" => "用户名或密码错误" ]);
}
......@@ -85,30 +85,40 @@ class Login extends Basic
}else{
$rules=trim($list['rules'],',');
$where ="id in({$rules})and is_menu=1 and status=1 and pid=1 ";
$list['nav']=$this->authrule->loginRule($where);
foreach($list['nav'] as $k=> $v){
// prt($v->toArray());
$where ="pid='{$v['id']}' and id in({$rules}) and is_menu=0 and status=1 ";
$nav=$this->authrule->loginRule($where);
//$nav=collection($nav)->toArray();//转化arr
$nav2=array();
$url='';//跳转页面
foreach ($nav as $k=> $v){
if($k=='0'){
$url=$v->name;
}
$nav2[$v->id]=$v;
}
//搜索菜单功能
$where ="id in({$rules}) and is_menu=0 and status=1 ";
$r= $this->authrule->loginRule($where);
if($r){
// prt($r);
// // prt($r->toArray());//转化arr
// exit;
$list['rules'][$k]['cz']=$r;
$r2='';
foreach($r as $v){
$r2[$v->pid][]=$v;
}
foreach($nav2 as $k=> $v){
if($r2[$k]){
$nav2[$k]['cz']=$r2[$k];
}
}
prt($list->toArray());//转化arr
exit;
$list['nav']=$nav2;
$list2= $list->toArray();//转化arr
}
// Session::delete("userinfo");
Session::set("userName",$list["name"]);
Session::set("userId",$list["id"]);
Session::set("userinfo",$list);
Session::set("userinfo",$list2);
Session::set("lastLoginTime",time());
$this->operating_records($result[0]["id"],1,'后台登陆'); //记录操作日志
$this->redirect('/admin.php/index/banner');
$this->operating_records($list["id"],1,'后台登陆'); //记录操作日志
$this->redirect('/admin.php/'.$url);
......
......@@ -61,16 +61,40 @@ class Basic extends Controller
$this->userVerify();
}
$this->userAuth($requestPath);
}
public function userAuth(){
$request= \think\Request::instance();
$r= $request->controller();
$route= $request->module();
$name= $request->action();
$url=$route."/".$name;
/**
* 权限判定
* @param $requestPath
* @return Response
*/
public function userAuth($requestPath){
$session= Session::get("userinfo.nav");
$r=0;
//判断当前控制器用户是否拥有进入权限
foreach ($session as $v){
//不区分大小写
if(strcasecmp(trim($v['name']),$requestPath)==0){
$r=$v;
}
}
if($r=='0'){
if($this->request->isAjax()){
return $this->response('300','没有权限');
}else{
// $this->error('没有当前页面权限');
}
}else{
Session::set("userRule",$r);
}
//print_r($r);
}
......
......@@ -108,7 +108,7 @@ class AuthRule extends BaseModel
}
public function loginRule($where){
$r=$this->field('id,name,title')
$r=$this->field('id,name,title,pid')
->where($where)
->select();
$this->getLastSql();
......
......@@ -79,8 +79,9 @@ Route::group('index', [
//权限管理
'classList' => ['index/auth/classList',['method'=>'get']], //分类列表
'getAuth' => ['index/auth/getAuth', ['method' => 'get']], //角色列表
'getAuth2' => ['index/auth/getAuth2', ['method' => 'get']], //角色列表2无分页
'Auth' => ['index/auth/index', ['method' => 'get']], //角色列表界面
'getAuth' => ['index/auth/getAuth', ['method' => 'get']], //角色列表接口
'getAuth2' => ['index/auth/getAuth2', ['method' => 'get']], //角色列表2无分页接口
'roleedit' => ['index/auth/roleEdit', ['method' => 'get']], //--编辑角色页面
'access' => ['index/auth/access', ['method' => 'get']], //--权限分配角色页面
'updateAccess' => ['index/auth/updateAccess', ['method' => 'post']], //--编辑角色权限【接口】
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment