Home Explore Help
Register Sign In
aexiaoliou
/
project-manager
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e3e76baf90
Branches Tags
project-mana...
/
api
/
app
/
admin
/
middleware
/
CheckPermissionAttr.php

CheckPermissionAttr.php 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 
  1. <?php
    2. 

  2. 

  3. namespace app\admin\middleware;
    4. 

  4. 

  5. use app\admin\attr\Permission;
    6. 

  6. use app\common\exception\CatchException;
    7. 

  7. use app\common\model\Admin;
    8. 

  8. use app\common\model\Role;
    9. 

  9. use think\Request;
    10. 

  10. 

  11. class CheckPermissionAttr
    12. 

  12. {
    13. 

  13.     public function handle(Request $request, \Closure $next)
    14. 

  14.     {
    15. 

  15.         // 通过依赖注入获取admin
    16. 

  16.         $admin = app(Admin::class);
    17. 

  17.         $role = $admin->role;
    18. 

  18.         $codes = $role->codes;
    19. 

  19. 

  20.         // 超级管理员可以做任何事
    21. 

  21.         if (in_array(Role::CODE_SUPER_ADMIN, $codes)) {
    22. 

  22.             return $next($request);
    23. 

  23.         }
    24. 

  24. 

  25.         // 获取权限注解
    26. 

  26.         $controller = $request->controller();
    27. 

  27.         $controllerNameSpace = 'app\\admin\\controller\\' . $controller;
    28. 

  28.         $ref = new \ReflectionClass($controllerNameSpace);
    29. 

  29.         $attrs = $ref->getAttributes(Permission::class);
    30. 

  30.         $methodName = $request->action();
    31. 

  31.         $method = $ref->getMethod($methodName);
    32. 

  32.         $methodAttrs = $method->getAttributes(Permission::class);
    33. 

  33. 

  34.         // 如果有具体的方法权限
    35. 

  35.         if ($methodAttrs) {
    36. 

  36.             foreach ($methodAttrs as $attrRaw) {
    37. 

  37.                 /**
    38. 

  38.                  * @var Permission
    39. 

  39.                  */
    40. 

  40.                 $attr = $attrRaw->newInstance();
    41. 

  41.                 // 忽略权限要求
    42. 

  42.                 if ($attr->ignore) {
    43. 

  43.                     return $next($request);
    44. 

  44.                 }
    45. 

  45. 

  46.                 /*
    47. 

  47.                  * 权限值设置
    48. 

  48.                  */
    49. 

  49.                 $permission = $attr->value;
    50. 

  50.                 // 继承权限
    51. 

  51.                 if ($attr->inherit) {
    52. 

  52.                     if (count($attrs) > 1) {
    53. 

  53.                         throw new \InvalidArgumentException('使用了继承权限值,但是controller的权限Attribute不止一个');
    54. 

  54.                     }
    55. 

  55.                     $controllerAttr = $attrs[0]->newInstance();
    56. 

  56.                     $controllerPermission = $controllerAttr->value;
    57. 

  57.                     // 是否使用控制器名
    58. 

  58.                     // 尽管在方法上没有权限Attr的话,不会进入foreach循环中,但是还是有可能传一个空的permission进来
    59. 

  59.                     if (!$permission) {
    60. 

  60.                         if ($controllerAttr->useMethodName) {
    61. 

  61.                             $permission = "$controllerPermission.$methodName";
    62. 

  62.                         } else {
    63. 

  63.                             $permission = $controllerPermission;
    64. 

  64.                         }
    65. 

  65.                     }
    66. 

  66.                 } else {
    67. 

  67.                     // 不继承权限,直接使用$permission, 但是检查权限值是否为空
    68. 

  68.                     if (!$permission) {
    69. 

  69.                         if (count($attrs) > 1) {
    70. 

  70.                             throw new \InvalidArgumentException('没有使用继承,而且权限值为空,尝试使用controller权限值规则,但是controller的权限Attribute不止一个');
    71. 

  71.                         }
    72. 

  72.                         $controllerAttr = $attrs[0]->newInstance();
    73. 

  73.                         $controllerPermission = $controllerAttr->value;
    74. 

  74.                         // 使用控制器attr规则
    75. 

  75.                         // 使用方法名
    76. 

  76.                         if ($controllerAttr->useMethodName) {
    77. 

  77.                             $permission = $methodName;
    78. 

  78.                         } else {
    79. 

  79.                             // 使用控制器名
    80. 

  80.                             $permission = strtolower($controller);
    81. 

  81.                         }
    82. 

  82.                     }
    83. 

  83.                     // 直接使用$permission
    84. 

  84.                 }
    85. 

  85.                 /*
    86. 

  86.                 * 检查权限
    87. 

  87.                 */
    88. 

  88.                 if (!in_array($permission, $codes)) {
    89. 

  89.                     throw new CatchException("未具有权限$permission, 禁止访问", 403);
    90. 

  90.                 }
    91. 

  91.                 // 成功
    92. 

  92.                 return $next($request);
    93. 

  93.             }
    94. 

  94.         }
    95. 

  95. 

  96.         // 只有控制器权限
    97. 

  97.         /**
    98. 

  98.          * @var \ReflectionAttribute $attrRaw 
    99. 

  99.          */
    100. 

  100.         foreach ($attrs as $attrRaw) {
    101. 

  101.             /**
    102. 

  102.              * @var Permission
    103. 

  103.              */
    104. 

  104.             $attr = $attrRaw->newInstance();
    105. 

  105.             $permission = $attr->value;
    106. 

  106.             // 自动使用方法名作为权限值
    107. 

  107.             if ($attr->useMethodName) {
    108. 

  108.                 $permission = "$permission.$methodName";
    109. 

  109.             } elseif (!$permission) {
    110. 

  110.                 // 没有标注要什么权限而且useMethodName设为了false,使用controller的小写作为权限值
    111. 

  111.                 $permission = strtolower($controller);
    112. 

  112.             }
    113. 

  113.             if (!in_array($permission, $codes)) {
    114. 

  114.                 throw new CatchException("未具有权限$permission, 禁止访问", 403);
    115. 

  115.             }
    116. 

  116.         }
    117. 

  117. 

  118.         return $next($request);
    119. 

  119.     }
    120. 

  120. }
    121.