<?php

namespace app\admin\middleware;

use app\admin\attr\Permission;
use app\common\exception\CatchException;
use app\common\model\Admin;
use think\Request;

class CheckPermissionAttr
{
    public function handle(Request $request, \Closure $next)
    {
        // 通过依赖注入获取admin
        $admin = app(Admin::class);
        $role = $admin->role;
        $codes = $role->codes;

        // 获取权限注解
        $controller = 'app\\admin\\controller\\'. $request->controller();
        $ref = new \ReflectionClass($controller);
        $attrs = $ref->getAttributes(Permission::class);

        // 检查权限
        /**
         * @var \ReflectionAttribute $attrRaw 
         */
        foreach($attrs as $attrRaw) {
            /**
             * @var Permission
             */
            $attr = $attrRaw->newInstance();
            $permission = $attr->value;
            if (false && !in_array($permission, $codes)) {
                throw new CatchException("未具有权限$permission, 禁止访问", 403);
            }
        }

        return $next($request);
    }
}