You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
2.4 KiB
72 lines
2.4 KiB
<?php
|
|
// +----------------------------------------------------------------------
|
|
// | Description: WEB端权限判断
|
|
// +----------------------------------------------------------------------
|
|
// | Author: Michael_xu | gengxiaoxu@5kcrm.com
|
|
// +----------------------------------------------------------------------
|
|
namespace app\common\behavior;
|
|
|
|
use think\Cache;
|
|
use think\Request;
|
|
use think\Db;
|
|
use think\Session;
|
|
|
|
class AuthenticateBehavior
|
|
{
|
|
public function run(&$params)
|
|
{
|
|
/*防止跨域*/
|
|
header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
|
|
header('Access-Control-Allow-Credentials: true');
|
|
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
|
|
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, authKey, sessionId");
|
|
$request = Request::instance();
|
|
$m = strtolower($request->module());
|
|
$c = strtolower($request->controller());
|
|
$a = strtolower($request->action());
|
|
//提交方式拦截
|
|
$scan = new \com\Scan();
|
|
$response = $scan->webscan_Check();
|
|
|
|
$allow = $params['allow']; //登录用户可访问
|
|
$permission = $params['permission']; //无限制
|
|
/*获取头部信息*/
|
|
$header = $request->header();
|
|
$authKey = trim($header['authkey']);
|
|
if ($authKey == "wxwork" && Session::get('user_id')) {
|
|
return true;
|
|
}
|
|
|
|
$paramArr = $request->param();
|
|
$platform = $paramArr['platform'] ? '_'.$paramArr['platform'] : ''; //请求分类(mobile,ding)
|
|
$cache = Cache::get('Auth_'.$authKey.$platform);
|
|
$userInfo = $cache['userInfo'];
|
|
|
|
if (in_array($a, $permission)) {
|
|
return true;
|
|
}
|
|
|
|
if (empty($userInfo['id'])) {
|
|
header('Content-Type:application/json; charset=utf-8');
|
|
exit(json_encode(['code'=>101,'error'=>'请先登录']));
|
|
}
|
|
if ($userInfo['id'] == 1) {
|
|
return true;
|
|
}
|
|
if (in_array($a, $allow)) {
|
|
return true;
|
|
}
|
|
//管理员角色
|
|
$adminTypes = adminGroupTypes($userInfo['id']);
|
|
if (in_array(1,$adminTypes)) {
|
|
return true;
|
|
}
|
|
//操作权限
|
|
$res_per = checkPerByAction($m, $c, $a);
|
|
if (!$res_per) {
|
|
header('Content-Type:application/json; charset=utf-8');
|
|
exit(json_encode(['code'=>102,'error'=>'无权操作']));
|
|
}
|
|
}
|
|
}
|