| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- <?php
- namespace app\admin\middleware;
- use app\admin\attr\Permission;
- use app\common\exception\CatchException;
- use app\common\model\Admin;
- use think\Request;
- class CheckPermissionAttr
- {
- public function handle(Request $request, \Closure $next)
- {
- // 通过依赖注入获取admin
- $admin = app(Admin::class);
- $role = $admin->role;
- $codes = $role->codes;
- // 获取权限注解
- $controller = 'app\\admin\\controller\\'. $request->controller();
- $ref = new \ReflectionClass($controller);
- $attrs = $ref->getAttributes(Permission::class);
- // 检查权限
- /**
- * @var \ReflectionAttribute $attrRaw
- */
- foreach($attrs as $attrRaw) {
- /**
- * @var Permission
- */
- $attr = $attrRaw->newInstance();
- $permission = $attr->value;
- if (false && !in_array($permission, $codes)) {
- throw new CatchException("未具有权限$permission, 禁止访问", 403);
- }
- }
- return $next($request);
- }
- }
|
