<?php namespace app\admin\middleware; use app\admin\attr\Permission; use app\common\exception\CatchException; use app\common\model\Admin; use think\Request; class CheckPermissionAttr { public function handle(Request $request, \Closure $next) { // 通过依赖注入获取admin $admin = app(Admin::class); $role = $admin->role; $codes = $role->codes; // 获取权限注解 $controller = 'app\\admin\\controller\\'. $request->controller(); $ref = new \ReflectionClass($controller); $attrs = $ref->getAttributes(Permission::class); // 检查权限 /** * @var \ReflectionAttribute $attrRaw */ foreach($attrs as $attrRaw) { /** * @var Permission */ $attr = $attrRaw->newInstance(); $permission = $attr->value; if (false && !in_array($permission, $codes)) { throw new CatchException("未具有权限$permission, 禁止访问", 403); } } return $next($request); } }