Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
朱继来
/
后台订单管理
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Settings
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e4926887
authored
Nov 15, 2018
by
朱继来
Browse files
Options
_('Browse Files')
Download
Plain Diff
Merge branch 'zjl_adjust_20181026' into development
parents
7734fde0
432d21b5
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
38 additions
and
42 deletions
app/Http/Controllers/PermController.php
app/Http/Middleware/CheckLogin.php
app/Http/Controllers/PermController.php
View file @
e4926887
...
@@ -8,6 +8,32 @@
...
@@ -8,6 +8,32 @@
class
PermController
extends
Controller
class
PermController
extends
Controller
{
{
// 检查用户是否具有系统访问权限
public
function
checkAccess
(
$request
)
{
$user_id
=
$request
->
user
->
userId
;
$role
=
$this
->
getUserRole
(
$request
);
if
(
$role
==
1
)
return
true
;
// 超级管理员或系统管理员直接进入
$userPerms
=
$this
->
getUserAllPerms
(
$user_id
,
$role
);
if
(
!
$userPerms
)
return
false
;
if
(
in_array
(
'apply_access'
,
$userPerms
))
return
true
;
// 访问权限ID是否存在
return
false
;
}
// 获取系统信息
public
function
getBusinessInfo
()
{
// 根据域名查询系统业务ID
$business
=
DB
::
table
(
't_business_config'
)
->
where
(
'url'
,
Config
(
'website.order_url'
))
->
first
();
return
!
empty
(
$business
)
?
$business
:
false
;
}
// 获取用户角色
// 获取用户角色
public
function
getUserRole
(
Request
$request
)
public
function
getUserRole
(
Request
$request
)
{
{
...
@@ -19,9 +45,7 @@
...
@@ -19,9 +45,7 @@
}
}
// 根据域名查询系统业务ID
// 根据域名查询系统业务ID
$domain
=
Config
(
'website.order_url'
);
$business
=
$this
->
getBusinessInfo
();
$business
=
DB
::
table
(
't_business_config'
)
->
where
(
'url'
,
$domain
)
->
first
();
if
(
$business
)
{
if
(
$business
)
{
$bid
=
$business
->
bid
;
$bid
=
$business
->
bid
;
...
@@ -73,9 +97,7 @@
...
@@ -73,9 +97,7 @@
public
function
getRoleUsers
(
Request
$request
,
$roleName
)
public
function
getRoleUsers
(
Request
$request
,
$roleName
)
{
{
// 根据域名查询系统业务ID
// 根据域名查询系统业务ID
$domain
=
Config
(
'website.order_url'
);
$business
=
$this
->
getBusinessInfo
();
$business
=
DB
::
table
(
't_business_config'
)
->
where
(
'url'
,
$domain
)
->
first
();
$userId
=
array
();
$userId
=
array
();
$roleUsers
=
array
();
$roleUsers
=
array
();
...
@@ -129,10 +151,9 @@
...
@@ -129,10 +151,9 @@
public
function
getUserAllPerms
(
$user_id
,
$role
=
0
)
public
function
getUserAllPerms
(
$user_id
,
$role
=
0
)
{
{
// 根据域名查询系统业务ID
// 根据域名查询系统业务ID
$domain
=
Config
(
'website.order_url'
);
$business
=
$this
->
getBusinessInfo
();
$business
=
DB
::
table
(
't_business_config'
)
->
where
(
'url'
,
$domain
)
->
first
();
if
(
$business
)
{
if
(
$role
!=
1
)
{
if
(
$role
!=
1
)
{
$bid
=
$business
->
bid
;
$bid
=
$business
->
bid
;
...
@@ -146,6 +167,7 @@
...
@@ -146,6 +167,7 @@
}
else
{
// 获取管理员所有权限
}
else
{
// 获取管理员所有权限
return
$this
->
getAllPerms
(
json_decode
(
$business
->
configs
,
true
));
return
$this
->
getAllPerms
(
json_decode
(
$business
->
configs
,
true
));
}
}
}
return
false
;
return
false
;
}
}
...
...
app/Http/Middleware/CheckLogin.php
View file @
e4926887
...
@@ -6,6 +6,7 @@ use Closure;
...
@@ -6,6 +6,7 @@ use Closure;
use
App\Http\Output
;
use
App\Http\Output
;
use
App\Http\Error
;
use
App\Http\Error
;
use
Config
;
use
Config
;
use
App\Http\Controllers\PermController
;
class
CheckLogin
class
CheckLogin
{
{
...
@@ -63,43 +64,16 @@ class CheckLogin
...
@@ -63,43 +64,16 @@ class CheckLogin
$user
->
header
=
$request
->
cookie
(
'oa_header'
);
$user
->
header
=
$request
->
cookie
(
'oa_header'
);
$request
->
user
=
$user
;
$request
->
user
=
$user
;
// 根据权限配置判断是否允许用户进入站点
// 判断用户访问权限
$redirect
=
$_SERVER
[
'HTTP_HOST'
];
$perm
=
new
PermController
;
$url
=
Config
(
'website.check_access_api'
);
$data
=
array
(
'userId'
=>
$userId
,
'email'
=>
''
,
'redirect'
=>
$redirect
,
);
$access
=
json_decode
(
$this
->
checkAccessApi
(
$url
,
$data
),
true
);
$access
=
$perm
->
checkAccess
(
$request
);
$business
=
$perm
->
getBusinessInfo
();
if
(
$access
[
'retcode'
]
!=
0
)
{
if
(
!
$access
)
{
errorLog
(
Error
::
E_NO_ACCESS
,
'no access'
);
return
view
(
'no_access'
,
[
'bid'
=>
$business
->
bid
]);
// 返回无权限模板
return
view
(
'no_access'
,
[
'bid'
=>
$access
[
'data'
][
'bid'
]]);
// return Output::makeResult($request, Error::E_NO_ACCESS, 'You have not access to the Order System, please apply for the permission to PERM System!');
}
}
return
$next
(
$request
);
return
$next
(
$request
);
}
}
/**
* 请求权限系统接口
* @return [Json] 返回权限数据
*/
public
function
checkAccessApi
(
$url
,
$data
)
{
$ch
=
curl_init
();
curl_setopt
(
$ch
,
CURLOPT_URL
,
$url
);
curl_setopt
(
$ch
,
CURLOPT_RETURNTRANSFER
,
1
);
curl_setopt
(
$ch
,
CURLOPT_POST
,
1
);
curl_setopt
(
$ch
,
CURLOPT_POSTFIELDS
,
$data
);
$result
=
curl_exec
(
$ch
);
curl_close
(
$ch
);
return
$result
;
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment