Commit e4926887 by 朱继来

Merge branch 'zjl_adjust_20181026' into development

parents 7734fde0 432d21b5
...@@ -8,6 +8,32 @@ ...@@ -8,6 +8,32 @@
class PermController extends Controller class PermController extends Controller
{ {
// 检查用户是否具有系统访问权限
public function checkAccess($request)
{
$user_id = $request->user->userId;
$role = $this->getUserRole($request);
if ($role == 1) return true; // 超级管理员或系统管理员直接进入
$userPerms = $this->getUserAllPerms($user_id, $role);
if (!$userPerms) return false;
if (in_array('apply_access', $userPerms)) return true; // 访问权限ID是否存在
return false;
}
// 获取系统信息
public function getBusinessInfo()
{
// 根据域名查询系统业务ID
$business = DB::table('t_business_config')->where('url', Config('website.order_url'))->first();
return !empty($business) ? $business : false;
}
// 获取用户角色 // 获取用户角色
public function getUserRole(Request $request) public function getUserRole(Request $request)
{ {
...@@ -19,9 +45,7 @@ ...@@ -19,9 +45,7 @@
} }
// 根据域名查询系统业务ID // 根据域名查询系统业务ID
$domain = Config('website.order_url'); $business = $this->getBusinessInfo();
$business = DB::table('t_business_config')->where('url', $domain)->first();
if ($business) { if ($business) {
$bid = $business->bid; $bid = $business->bid;
...@@ -73,9 +97,7 @@ ...@@ -73,9 +97,7 @@
public function getRoleUsers(Request $request, $roleName) public function getRoleUsers(Request $request, $roleName)
{ {
// 根据域名查询系统业务ID // 根据域名查询系统业务ID
$domain = Config('website.order_url'); $business = $this->getBusinessInfo();
$business = DB::table('t_business_config')->where('url', $domain)->first();
$userId = array(); $userId = array();
$roleUsers = array(); $roleUsers = array();
...@@ -129,22 +151,22 @@ ...@@ -129,22 +151,22 @@
public function getUserAllPerms($user_id, $role=0) public function getUserAllPerms($user_id, $role=0)
{ {
// 根据域名查询系统业务ID // 根据域名查询系统业务ID
$domain = Config('website.order_url'); $business = $this->getBusinessInfo();
$business = DB::table('t_business_config')->where('url', $domain)->first();
if ($role != 1) { if ($business) {
$bid = $business->bid; if ($role != 1) {
$bid = $business->bid;
$url = Config('website.perm_api').$user_id.'/'.$bid; $url = Config('website.perm_api').$user_id.'/'.$bid;
$userPerms = json_decode(curlApi($url), true); $userPerms = json_decode(curlApi($url), true);
if ($userPerms && $userPerms['retcode'] == 0) { if ($userPerms && $userPerms['retcode'] == 0) {
return $userPerms['data']['perms']; return $userPerms['data']['perms'];
}
} else { // 获取管理员所有权限
return $this->getAllPerms(json_decode($business->configs, true));
} }
} else { // 获取管理员所有权限
return $this->getAllPerms(json_decode($business->configs, true));
} }
return false; return false;
......
...@@ -6,6 +6,7 @@ use Closure; ...@@ -6,6 +6,7 @@ use Closure;
use App\Http\Output; use App\Http\Output;
use App\Http\Error; use App\Http\Error;
use Config; use Config;
use App\Http\Controllers\PermController;
class CheckLogin class CheckLogin
{ {
...@@ -63,43 +64,16 @@ class CheckLogin ...@@ -63,43 +64,16 @@ class CheckLogin
$user->header = $request->cookie('oa_header'); $user->header = $request->cookie('oa_header');
$request->user = $user; $request->user = $user;
// 根据权限配置判断是否允许用户进入站点 // 判断用户访问权限
$redirect = $_SERVER['HTTP_HOST']; $perm = new PermController;
$url = Config('website.check_access_api');
$data = array(
'userId' => $userId,
'email' => '',
'redirect' => $redirect,
);
$access = json_decode($this->checkAccessApi($url, $data), true); $access = $perm->checkAccess($request);
$business = $perm->getBusinessInfo();
if ($access['retcode'] != 0) { if (!$access) {
errorLog(Error::E_NO_ACCESS, 'no access'); return view('no_access', ['bid'=>$business->bid]); // 返回无权限模板
return view('no_access', ['bid'=>$access['data']['bid']]);
// return Output::makeResult($request, Error::E_NO_ACCESS, 'You have not access to the Order System, please apply for the permission to PERM System!');
} }
return $next($request); return $next($request);
} }
/**
* 请求权限系统接口
* @return [Json] 返回权限数据
*/
public function checkAccessApi($url, $data)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment