[更新]调整系统权限管理(使用Hook检查控制器的checkAuth及checkLogin属性)

application/admin/controller/Auth.php

@@ -33,7 +33,7 @@ class Auth extends BasicAdmin {
      * 默认数据模型
      * @var string
      */
-    protected $table = 'SystemAuth';
+    public $table = 'SystemAuth';
 
     /**
      * 权限列表

application/admin/controller/Config.php

@@ -30,13 +30,13 @@ class Config extends BasicAdmin {
      * 当前默认数据模型
      * @var string
      */
-    protected $table = 'SystemConfig';
+    public $table = 'SystemConfig';
 
     /**
      * 当前页面标题
      * @var string
      */
-    protected $title = '网站参数配置';
+    public $title = '网站参数配置';
 
     /**
      * 显示系统常规配置

application/admin/controller/Log.php

@@ -31,7 +31,7 @@ class Log extends BasicAdmin {
      * 指定当前数据表
      * @var string
      */
-    protected $table = 'SystemLog';
+    public $table = 'SystemLog';
 
     /**
      * 日志列表

application/admin/controller/Login.php

@@ -29,6 +29,18 @@ use think\Db;
 class Login extends BasicAdmin {
 
     /**
+     * 默认检查用户登录状态
+     * @var bool
+     */
+    public $checkLogin = false;
+
+    /**
+     * 默认检查节点访问权限
+     * @var bool
+     */
+    public $checkAuth = false;
+
+    /**
      * 控制器基础方法
      */
     public function _initialize() {

application/admin/controller/Menu.php

@@ -33,7 +33,7 @@ class Menu extends BasicAdmin {
      * 绑定操作模型
      * @var string
      */
-    protected $table = 'SystemMenu';
+    public $table = 'SystemMenu';
 
     /**
      * 菜单列表

application/admin/controller/Node.php

@@ -32,7 +32,7 @@ class Node extends BasicAdmin {
      * 指定当前默认模型
      * @var string
      */
-    protected $table = 'SystemNode';
+    public $table = 'SystemNode';
 
     /**
      * 显示节点列表

application/admin/controller/Plugs.php

@@ -15,7 +15,6 @@
 namespace app\admin\controller;
 
 use controller\BasicAdmin;
-use OSS\OssClient;
 use service\FileService;
 use think\View;
 
@@ -32,13 +31,13 @@ class Plugs extends BasicAdmin {
      * 默认检查用户登录状态
      * @var bool
      */
-    protected $checkLogin = false;
+    public $checkLogin = false;
 
     /**
      * 默认检查节点访问权限
      * @var bool
      */
-    protected $checkAuth = false;
+    public $checkAuth = false;
 
     /**
      * 文件上传

application/admin/controller/User.php

@@ -31,7 +31,7 @@ class User extends BasicAdmin {
      * 指定当前数据表
      * @var string
      */
-    protected $table = 'SystemUser';
+    public $table = 'SystemUser';
 
     /**
      * 用户列表

application/tags.php

@@ -20,7 +20,7 @@ return [
     // 模块初始化
     'module_init'  => [],
     // 操作开始执行
-    'action_begin' => [],
+    'action_begin' => ['hook\\AccessAuth'],
     // 视图内容过滤
     'view_filter'  => ['hook\\FilterView'],
     // 日志写入

application/wechat/controller/Config.php

@@ -33,7 +33,7 @@ class Config extends BasicAdmin {
      * 定义当前操作表名
      * @var string
      */
-    protected $table = 'SystemConfig';
+    public $table = 'SystemConfig';
 
     /**
      * 微信基础参数配置

application/wechat/controller/Fans.php

@@ -32,7 +32,7 @@ class Fans extends BasicAdmin {
      * 定义当前默认数据表
      * @var string
      */
-    protected $table = 'WechatFans';
+    public $table = 'WechatFans';
 
     /**
      * 显示粉丝列表

application/wechat/controller/Keys.php

@@ -30,7 +30,7 @@ class Keys extends BasicAdmin {
      * 指定当前数据表
      * @var string
      */
-    protected $table = 'WechatKeys';
+    public $table = 'WechatKeys';
 
     /**
      * 显示关键字列表

application/wechat/controller/Menu.php

@@ -32,13 +32,13 @@ class Menu extends BasicAdmin {
      * 指定当前页面标题
      * @var string
      */
-    protected $title = '微信菜单定制';
+    public $title = '微信菜单定制';
 
     /**
      * 指定默认操作的数据表
      * @var string
      */
-    protected $table = 'WechatMenu';
+    public $table = 'WechatMenu';
 
     /**
      * 微信菜单的类型

application/wechat/controller/News.php

@@ -37,7 +37,7 @@ class News extends BasicAdmin {
      * 设置默认操作表
      * @var string
      */
-    protected $table = 'WechatNews';
+    public $table = 'WechatNews';
 
     /**
      * 图文列表

application/wechat/controller/Tags.php

@@ -33,7 +33,7 @@ class Tags extends BasicAdmin {
      * 定义当前默认数据表
      * @var string
      */
-    protected $table = 'WechatFansTags';
+    public $table = 'WechatFansTags';
 
     /**
      * 显示粉丝标签列表

extend/controller/BasicAdmin.php

@@ -32,42 +32,25 @@ class BasicAdmin extends Controller {
      * 页面标题
      * @var string
      */
-    protected $title;
+    public $title;
 
     /**
      * 默认操作数据表
      * @var string
      */
-    protected $table;
+    public $table;
 
     /**
      * 默认检查用户登录状态
      * @var bool
      */
-    protected $checkLogin = true;
+    public $checkLogin = true;
 
     /**
      * 默认检查节点访问权限
      * @var bool
      */
-    protected $checkAuth = true;
-
-    /**
-     * 后台权限控制初始化方法
-     */
-    public function _initialize() {
-        // 用户登录状态检查
-        if (($this->checkLogin || $this->checkAuth) && !session('user')) {
-            $this->redirect('@admin/login');
-        }
-        list($module, $controller, $action) = [$this->request->module(), $this->request->controller(), $this->request->action()];
-        // 节点访问权限检查
-        if ($this->checkLogin && $this->checkAuth && !auth("{$module}/{$controller}/{$action}")) {
-            $this->error('抱歉，您没有访问该模块的权限！');
-        }
-        // 初始化赋值常用变量
-        $this->assign('classuri', strtolower("{$module}/{$controller}"));
-    }
+    public $checkAuth = true;
 
     /**
      * 表单默认操作
@@ -101,7 +84,7 @@ class BasicAdmin extends Controller {
         if ($pk_value !== '') { // Edit Options
             !empty($pk_value) && $db->where($pk, $pk_value);
             !empty($where) && $db->where($where);
-            $vo = array_merge($data, (array)$db->find());
+            $vo = array_merge($data, (array) $db->find());
         }
         $this->_callback('_form_filter', $vo);
         $this->assign('vo', $vo);

extend/hook/AccessAuth.php

@@ -0,0 +1,64 @@
+<?php
+
+// +----------------------------------------------------------------------
+// | Think.Admin
+// +----------------------------------------------------------------------
+// | 版权所有 2014~2017 广州楚才信息科技有限公司 [ http://www.cuci.cc ]
+// +----------------------------------------------------------------------
+// | 官方网站: http://think.ctolog.com
+// +----------------------------------------------------------------------
+// | 开源协议 ( https://mit-license.org )
+// +----------------------------------------------------------------------
+// | github开源项目：https://github.com/zoujingli/Think.Admin
+// +----------------------------------------------------------------------
+
+namespace hook;
+
+use think\Config;
+use think\exception\HttpResponseException;
+use think\Request;
+use think\Response;
+use think\View;
+
+/**
+ * 访问权限管理
+ * Class AccessAuth
+ * @package hook
+ * @author Anyon <zoujingli@qq.com>
+ * @date 2017/05/12 11:59
+ */
+class AccessAuth {
+
+    /**
+     * 当前请求对象
+     * @var Request
+     */
+    protected $request;
+
+    /**
+     * 行为入口
+     * @param $params
+     */
+    public function run(&$params) {
+        $this->request = Request::instance();
+        list($module, $controller, $action) = [$this->request->module(), $this->request->controller(), $this->request->action()];
+        $vars = get_class_vars(config('app_namespace') . "\\{$module}\\controller\\{$controller}");
+        // 用户登录状态检查
+        if ((!empty($vars['checkAuth']) || !empty($vars['checkLogin'])) && !session('user')) {
+            if ($this->request->isAjax()) {
+                $result = ['code' => 0, 'msg' => '抱歉, 您还没有登录获取访问权限!', 'data' => '', 'url' => '@admin/login', 'wait' => 3];
+                throw new HttpResponseException(json($result));
+            }
+            throw new HttpResponseException(redirect('@admin/login'));
+        }
+        // 访问权限节点检查
+        if (!empty($vars['checkLogin']) && !auth("{$module}/{$controller}/{$action}")) {
+            $result = ['code' => 0, 'msg' => '抱歉, 您没有访问该模块的权限!', 'data' => '', 'url' => '', 'wait' => 3];
+            throw new HttpResponseException(json($result));
+        }
+        // 权限正常, 默认赋值
+        $view = View::instance(Config::get('template'), Config::get('view_replace_str'));
+        $view->assign('classuri', strtolower("{$module}/{$controller}"));
+    }
+
+}

extend/service/NodeService.php

@@ -31,6 +31,9 @@ class NodeService {
      */
     public static function applyAuthNode() {
         cache('need_access_node', null);
+        if (($userid = session('user.id'))) {
+            session('user', Db::name('SystemUser')->where('id', $userid)->find());
+        }
         if (($authorize = session('user.authorize'))) {
             $authorizeids = Db::name('SystemAuth')->where('id', 'in', explode(',', $authorize))->where('status', '1')->column('id');
             if (empty($authorizeids)) {
@@ -61,7 +64,8 @@ class NodeService {
      * @return bool
      */
     public static function checkAuthNode($node) {
-        $auth_node = strtolower($node);
+        list($module, $controller, $action) = explode('/', str_replace(['?', '=', '&'], '/', $node . '///'));
+        $auth_node = strtolower(trim("{$module}/{$controller}/{$action}", '/'));
         if (session('user.username') === 'admin' || stripos($node, 'admin/index') === 0) {
             return true;
         }