Commit e2926318 by 朱继来

Merge branch 'zjl_adjust_20181026'

parents 5fa1493f 432d21b5
......@@ -8,6 +8,32 @@
class PermController extends Controller
{
// 检查用户是否具有系统访问权限
public function checkAccess($request)
{
$user_id = $request->user->userId;
$role = $this->getUserRole($request);
if ($role == 1) return true; // 超级管理员或系统管理员直接进入
$userPerms = $this->getUserAllPerms($user_id, $role);
if (!$userPerms) return false;
if (in_array('apply_access', $userPerms)) return true; // 访问权限ID是否存在
return false;
}
// 获取系统信息
public function getBusinessInfo()
{
// 根据域名查询系统业务ID
$business = DB::table('t_business_config')->where('url', Config('website.order_url'))->first();
return !empty($business) ? $business : false;
}
// 获取用户角色
public function getUserRole(Request $request)
{
......@@ -19,9 +45,7 @@
}
// 根据域名查询系统业务ID
$domain = Config('website.order_url');
$business = DB::table('t_business_config')->where('url', $domain)->first();
$business = $this->getBusinessInfo();
if ($business) {
$bid = $business->bid;
......@@ -73,9 +97,7 @@
public function getRoleUsers(Request $request, $roleName)
{
// 根据域名查询系统业务ID
$domain = Config('website.order_url');
$business = DB::table('t_business_config')->where('url', $domain)->first();
$business = $this->getBusinessInfo();
$userId = array();
$roleUsers = array();
......@@ -129,22 +151,22 @@
public function getUserAllPerms($user_id, $role=0)
{
// 根据域名查询系统业务ID
$domain = Config('website.order_url');
$business = DB::table('t_business_config')->where('url', $domain)->first();
$business = $this->getBusinessInfo();
if ($role != 1) {
$bid = $business->bid;
if ($business) {
if ($role != 1) {
$bid = $business->bid;
$url = Config('website.perm_api').$user_id.'/'.$bid;
$url = Config('website.perm_api').$user_id.'/'.$bid;
$userPerms = json_decode(curlApi($url), true);
$userPerms = json_decode(curlApi($url), true);
if ($userPerms && $userPerms['retcode'] == 0) {
return $userPerms['data']['perms'];
if ($userPerms && $userPerms['retcode'] == 0) {
return $userPerms['data']['perms'];
}
} else { // 获取管理员所有权限
return $this->getAllPerms(json_decode($business->configs, true));
}
} else { // 获取管理员所有权限
return $this->getAllPerms(json_decode($business->configs, true));
}
return false;
......
......@@ -6,6 +6,7 @@ use Closure;
use App\Http\Output;
use App\Http\Error;
use Config;
use App\Http\Controllers\PermController;
class CheckLogin
{
......@@ -63,43 +64,16 @@ class CheckLogin
$user->header = $request->cookie('oa_header');
$request->user = $user;
// 根据权限配置判断是否允许用户进入站点
$redirect = $_SERVER['HTTP_HOST'];
$url = Config('website.check_access_api');
$data = array(
'userId' => $userId,
'email' => '',
'redirect' => $redirect,
);
// 判断用户访问权限
$perm = new PermController;
$access = json_decode($this->checkAccessApi($url, $data), true);
$access = $perm->checkAccess($request);
$business = $perm->getBusinessInfo();
if ($access['retcode'] != 0) {
errorLog(Error::E_NO_ACCESS, 'no access');
return view('no_access', ['bid'=>$access['data']['bid']]);
// return Output::makeResult($request, Error::E_NO_ACCESS, 'You have not access to the Order System, please apply for the permission to PERM System!');
if (!$access) {
return view('no_access', ['bid'=>$business->bid]); // 返回无权限模板
}
return $next($request);
}
/**
* 请求权限系统接口
* @return [Json] 返回权限数据
*/
public function checkAccessApi($url, $data)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment