调整权限

app/Http/Controllers/PermController.php

@@ -8,6 +8,32 @@
 
 	class PermController extends Controller 
 	{
+		// 检查用户是否具有系统访问权限
+		public function checkAccess($request)
+		{
+			$user_id   = $request->user->userId;
+			$role = $this->getUserRole($request);
+
+			if ($role == 1) return true; // 超级管理员或系统管理员直接进入
+
+			$userPerms = $this->getUserAllPerms($user_id, $role);
+
+			if (!$userPerms) return false;
+
+			if (in_array('apply_access', $userPerms)) return true; // 访问权限ID是否存在
+
+			return false;
+		}
+
+		// 获取系统信息
+		public function getBusinessInfo()
+		{
+			// 根据域名查询系统业务ID
+			$business = DB::table('t_business_config')->where('url', Config('website.order_url'))->first();
+
+			return !empty($business) ? $business : false;
+		}
+
 		// 获取用户角色
 		public function getUserRole(Request $request) 
 		{
@@ -19,9 +45,7 @@
 			}
 
 			// 根据域名查询系统业务ID
-			$domain = Config('website.order_url');
-
-			$business = DB::table('t_business_config')->where('url', $domain)->first();
+			$business = $this->getBusinessInfo();
 
 			if ($business) {
 				$bid = $business->bid;
@@ -73,9 +97,7 @@
 		public function getRoleUsers(Request $request, $roleName) 
 		{
 			// 根据域名查询系统业务ID
-			$domain = Config('website.order_url');
-
-			$business = DB::table('t_business_config')->where('url', $domain)->first();
+			$business = $this->getBusinessInfo();
 
 			$userId = array();
 			$roleUsers = array();
@@ -129,10 +151,9 @@
 		public function getUserAllPerms($user_id, $role=0)
 		{
 			// 根据域名查询系统业务ID
-			$domain = Config('website.order_url');
-
-			$business = DB::table('t_business_config')->where('url', $domain)->first();
+			$business = $this->getBusinessInfo();
 
+			if ($business) {
 				if ($role != 1) {
 					$bid = $business->bid;
 
@@ -146,6 +167,7 @@
 				} else { // 获取管理员所有权限
 					return $this->getAllPerms(json_decode($business->configs, true));
 				}
+			}
 
 			return false;
 		}

app/Http/Middleware/CheckLogin.php

@@ -6,6 +6,7 @@ use Closure;
 use App\Http\Output;
 use App\Http\Error;
 use Config;
+use App\Http\Controllers\PermController;
 
 class CheckLogin
 {
@@ -63,43 +64,16 @@ class CheckLogin
         $user->header = $request->cookie('oa_header');
         $request->user = $user;
 
-        // 根据权限配置判断是否允许用户进入站点
-        $redirect = $_SERVER['HTTP_HOST'];
-        $url = Config('website.check_access_api');
-        $data = array(
-            'userId' => $userId,
-            'email'  => '', 
-            'redirect' => $redirect,
-        );
+        // 判断用户访问权限
+        $perm = new PermController;
 
-        $access = json_decode($this->checkAccessApi($url, $data), true);
+        $access = $perm->checkAccess($request);
+        $business = $perm->getBusinessInfo();
 
-        if ($access['retcode'] != 0) {
-            errorLog(Error::E_NO_ACCESS, 'no access');
-            return view('no_access', ['bid'=>$access['data']['bid']]);
-            // return Output::makeResult($request, Error::E_NO_ACCESS, 'You have not access to the Order System, please apply for the permission to PERM System!');
+        if (!$access) {
+            return view('no_access', ['bid'=>$business->bid]); // 返回无权限模板
         }
 
         return $next($request);
     }
-
-    /**
-     * 请求权限系统接口
-     * @return [Json]    返回权限数据
-     */
-    public function checkAccessApi($url, $data)
-    {
-        $ch = curl_init();
-
-        curl_setopt($ch, CURLOPT_URL, $url);
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-        curl_setopt($ch, CURLOPT_POST, 1);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
-
-        $result = curl_exec($ch);
-
-        curl_close($ch);
-
-        return $result;
-    }
 }