Auth.php 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
  1. <?php
  2. // +----------------------------------------------------------------------
  3. // | A3Mall
  4. // +----------------------------------------------------------------------
  5. // | Copyright (c) 2020 http://www.a3-mall.com All rights reserved.
  6. // +----------------------------------------------------------------------
  7. // | Author: xzncit <158373108@qq.com>
  8. // +----------------------------------------------------------------------
  9. namespace app\admin\controller;
  10. use think\facade\Db;
  11. use think\facade\Request;
  12. use think\facade\Session;
  13. use think\facade\View;
  14. class Auth extends Base {
  15. public function initialize(){
  16. try{
  17. $this->checkAccess();
  18. }catch (\Exception $e){
  19. $code = $e->getCode();
  20. if(Request::isAjax()){
  21. exit(json_encode(["msg"=>$e->getMessage(),"code"=>$code],JSON_UNESCAPED_UNICODE));
  22. }
  23. switch($code){
  24. case -999:
  25. $this->error($e->getMessage());
  26. break;
  27. case -1000:
  28. $this->redirect(createUrl('login/index'));
  29. break;
  30. }
  31. }
  32. View::assign("sidebar",$this->sidebar());
  33. }
  34. public function sidebar(){
  35. $result = Db::name("system_menu")->where(["status"=>0,"pid"=>0])->order("sort","ASC")->select()->toArray();
  36. $controller = Request::controller(true);
  37. $action = Request::action(true);
  38. $data = Db::name("system_menu")
  39. ->where('status=0 AND ((controller="'.$controller.'" AND method="'.$action.'") OR (controller="'.$controller.'" AND FIND_IN_SET("'.$action.'",active)))')
  40. ->find();
  41. while (!empty($data) && $data["pid"] != 0){
  42. $data = Db::name("system_menu")
  43. ->where(["status"=>0,"id"=>$data["pid"]])
  44. ->find();
  45. }
  46. if(empty($data)){
  47. return ;
  48. }
  49. foreach($result as $key=>$value){
  50. $result[$key]["active"] = ($data["id"] == $value["id"]) ? true : false;
  51. $result[$key]["url"] = createUrl($value["controller"].'/'.$value['method']);
  52. }
  53. $menu = Db::name("system_menu")->where(["status"=>0,"pid"=>$data["id"]])->order("sort ASC")->select()->toArray();
  54. foreach($menu as $key=>$value){
  55. $menu[$key]["url"] = url($value["controller"].'/'.$value['method']);
  56. $menu[$key]["children"] = Db::name("system_menu")->where(["status"=>0,"pid"=>$value["id"]])->order("sort ASC")->select()->toArray();
  57. foreach($menu[$key]["children"] as $k=>$v){
  58. $menu[$key]["children"][$k]["active"] = (($controller.$action == $v["controller"].$v['method']) || ($controller == $v["controller"] && (!empty($v['active']) && in_array($action,explode(",", $v['active'])))));
  59. if(!isset($menu[$key]["active"]) || !$menu[$key]["active"]){
  60. $menu[$key]["active"] = $menu[$key]["children"][$k]["active"] ? true : false;
  61. }
  62. $menu[$key]["children"][$k]['url'] = (string)url($v["controller"].'/'.$v['method']);
  63. $menu[$key]["children"][$k]["children"] = Db::name("system_menu")->where(["status"=>0,"pid"=>$v["id"]])->order("sort ASC")->select()->toArray();
  64. foreach($menu[$key]["children"][$k]["children"] as $index=>$item){
  65. $menu[$key]["children"][$k]["children"][$index]['url'] = (string)url($item["controller"].'/'.$item['method']);
  66. $menu[$key]["children"][$k]["children"][$index]["active"] = (($controller.$action == $item["controller"].$item['method']) || ($controller == $item["controller"] && (!empty($item['active']) && in_array($action,explode(",", $item['active'])))));
  67. if(!$menu[$key]["children"][$k]["active"]){
  68. $menu[$key]["children"][$k]["active"] = $menu[$key]["children"][$k]["children"][$index]["active"] && $menu[$key]["children"][$k]["id"] == $item["pid"];
  69. }
  70. if(!$menu[$key]["active"]){
  71. $menu[$key]["active"] = $menu[$key]["children"][$k]["active"] && $menu[$key]["id"] == $v["pid"];
  72. }
  73. }
  74. }
  75. }
  76. return ["top"=>$this->filterMenu($result),"menu"=>$this->filterMenu($menu)];
  77. }
  78. private function filterMenu($data){
  79. $user = Db::name("system_users")->where("id",Session::get("system_user_id"))->find();
  80. $manage = Db::name("system_manage")->where("id",$user["role_id"])->find();
  81. if($manage["purview"] == '-1'){
  82. return $data;
  83. }
  84. $purview = json_decode($manage["purview"],true);
  85. $array = [];
  86. $keys = array_keys($purview);
  87. foreach($data as $key=>$value){
  88. // 如果children为空,顶部菜单
  89. if(empty($value["children"])){
  90. $method = isset($purview[$value["controller"]]) ? array_flip($purview[$value["controller"]]) : [];
  91. if(in_array($value["controller"],$keys) && in_array($value["method"],$method)){
  92. $array[$key] = $value;
  93. }
  94. }else{ // 左侧菜单
  95. $menu = [];
  96. foreach($value["children"] as $k=>$v){
  97. $method = isset($purview[$v["controller"]]) ? array_flip($purview[$v["controller"]]) : [];
  98. if(in_array($v["controller"],$keys) && in_array($v["method"],$method)){
  99. $menu[$k] = $v;
  100. }
  101. }
  102. if(!empty($menu)){
  103. $array[$key] = $value;
  104. $array[$key]["children"] = $menu;
  105. }
  106. }
  107. }
  108. return $array;
  109. }
  110. private function checkAccess(){
  111. if(!Session::has("system_user_id")){
  112. throw new \Exception("您还没有登录,请先登录。",-1000);
  113. }
  114. $user = Db::name("system_users")->where("id",Session::get("system_user_id"))->find();
  115. $manage = Db::name("system_manage")->where("id",$user["role_id"])->find();
  116. $user['title'] = $manage['title'];
  117. $user['purview'] = $manage['purview'];
  118. Session::set("users",$user);
  119. $controller = Request::controller(true);
  120. $action = Request::action(true);
  121. if($user["purview"] == '-1'){
  122. return true;
  123. }
  124. if($controller == 'platform.index' && $action == 'index'){
  125. return true;
  126. }
  127. $purview = json_decode($user["purview"],true);
  128. if(!empty($purview[$controller][$action])){
  129. return true;
  130. }
  131. if(in_array($controller,["common.ajax","common.uploadfiy","common.material","common.index","common.wechat"])){
  132. return true;
  133. }
  134. throw new \Exception("您无权限执行此操作",-999);
  135. }
  136. }