后台权限控制

a147d46d · zfc · 03ed22ee · a147d46d · a147d46d · a147d46d
Commit a147d46d authored Feb 01, 2018 by zfc
Showing with 62 additions and 27 deletions

Login.php application/index/controller/Login.php +28 -18

Basic.php application/index/extend/Basic.php +30 -6

AuthRule.php application/model/AuthRule.php +1 -1

route.php application/route.php +3 -2

No files found.
--- a/application/index/controller/Login.php
+++ b/application/index/controller/Login.php
@@ -75,7 +75,7 @@ class Login extends Basic
            $params["name"] = $name;
            $passwd = md5($passwd);
            $where="(name='{$name}'or phone='{$name}') and  password='$passwd' ";
-            $list=$this->loginagent->verifyUser($field,$join,$where);
+            $list=$this->loginagent->verifyUser($filed,$join,$where);
            if(!$list){
                 return view("/login/login", [ "msg" => "用户名或密码错误" ]);
            }
@@ -85,30 +85,40 @@ class Login extends Basic
            }else{
                $rules=trim($list['rules'],',');
                $where ="id in({$rules})and is_menu=1 and status=1 and pid=1 ";
-                $list['nav']=$this->authrule->loginRule($where);
+                $nav=$this->authrule->loginRule($where);
-                foreach($list['nav'] as $k=> $v){
+                //$nav=collection($nav)->toArray();//转化arr
-                   // prt($v->toArray());
+                $nav2=array();
-                   $where ="pid='{$v['id']}' and id in({$rules}) and is_menu=0 and status=1  ";
+                $url='';//跳转页面
+                foreach ($nav as $k=> $v){
+                    if($k=='0'){
+                        $url=$v->name;
+                    }
+                   $nav2[$v->id]=$v;
+                }
+                //搜索菜单功能
+                   $where ="id in({$rules}) and is_menu=0 and status=1  ";
                   $r= $this->authrule->loginRule($where);
+                 $r2='';
-                    if($r){
+                 foreach($r as $v){
-//                        prt($r);
+                    $r2[$v->pid][]=$v;
-//                        // prt($r->toArray());//转化arr
+                 }
-//                        exit;
+                foreach($nav2 as $k=> $v){
-                     $list['rules'][$k]['cz']=$r;   
+                    if($r2[$k]){
+                        $nav2[$k]['cz']=$r2[$k];
                    }
                }
-              prt($list->toArray());//转化arr
+                $list['nav']=$nav2;
-               exit;
+               $list2= $list->toArray();//转化arr
            }
+           // Session::delete("userinfo");
            Session::set("userName",$list["name"]);
            Session::set("userId",$list["id"]);
-            Session::set("userinfo",$list);
+            Session::set("userinfo",$list2);
            Session::set("lastLoginTime",time());
-            $this->operating_records($result[0]["id"],1,'后台登陆'); //记录操作日志
-            $this->redirect('/admin.php/index/banner');
+            $this->operating_records($list["id"],1,'后台登陆'); //记录操作日志
+            $this->redirect('/admin.php/'.$url);

--- a/application/index/extend/Basic.php
+++ b/application/index/extend/Basic.php
@@ -61,16 +61,40 @@ class Basic extends Controller
            $this->userVerify();
        }
+        $this->userAuth($requestPath);
    }
-    public function  userAuth(){
+    /**
-         $request=  \think\Request::instance();
+     * 权限判定
-         $r= $request->controller();
+     * @param $requestPath
-         $route= $request->module();
+     * @return Response
-         $name= $request->action();
+     */
-         $url=$route."/".$name;
+    public function  userAuth($requestPath){
+       $session= Session::get("userinfo.nav");
+       $r=0;
+       //判断当前控制器用户是否拥有进入权限
+       foreach ($session as $v){
+           //不区分大小写
+           if(strcasecmp(trim($v['name']),$requestPath)==0){
+             $r=$v;
+           }
+       }
+       if($r=='0'){
+           if($this->request->isAjax()){
+            return  $this->response('300','没有权限');
+           }else{
+              // $this->error('没有当前页面权限');
+           }
+       }else{
+           Session::set("userRule",$r);
+       }
+//print_r($r);
    }

--- a/application/model/AuthRule.php
+++ b/application/model/AuthRule.php
@@ -108,7 +108,7 @@ class AuthRule extends BaseModel
    }
    public function loginRule($where){
-        $r=$this->field('id,name,title')
+        $r=$this->field('id,name,title,pid')
                ->where($where)
                ->select();
        $this->getLastSql();

--- a/application/route.php
+++ b/application/route.php
@@ -79,8 +79,9 @@ Route::group('index', [
    //权限管理
    'classList'  => ['index/auth/classList',['method'=>'get']],             //分类列表
-    'getAuth'     => ['index/auth/getAuth', ['method' => 'get']],           //角色列表
+    'Auth'     => ['index/auth/index', ['method' => 'get']],           //角色列表界面
-    'getAuth2'     => ['index/auth/getAuth2', ['method' => 'get']],           //角色列表2无分页
+    'getAuth'     => ['index/auth/getAuth', ['method' => 'get']],           //角色列表接口
+    'getAuth2'     => ['index/auth/getAuth2', ['method' => 'get']],           //角色列表2无分页接口
    'roleedit'     => ['index/auth/roleEdit', ['method' => 'get']],         //--编辑角色页面
    'access'     => ['index/auth/access', ['method' => 'get']],             //--权限分配角色页面
    'updateAccess'    => ['index/auth/updateAccess', ['method' => 'post']], //--编辑角色权限【接口】