diff --git a/app/Http/Admin/Controllers/Controller.php b/app/Http/Admin/Controllers/Controller.php index bed99de6..3620e4e0 100644 --- a/app/Http/Admin/Controllers/Controller.php +++ b/app/Http/Admin/Controllers/Controller.php @@ -21,17 +21,6 @@ class Controller extends \Phalcon\Mvc\Controller public function beforeExecuteRoute(Dispatcher $dispatcher) { - /** - * demo分支拒绝数据提交 - */ - if ($this->isNotSafeRequest()) { - $dispatcher->forward([ - 'controller' => 'public', - 'action' => 'forbidden', - ]); - return false; - } - if ($this->isNotSafeRequest()) { $this->checkHttpReferer(); $this->checkCsrfToken(); @@ -47,6 +36,17 @@ class Controller extends \Phalcon\Mvc\Controller return false; } + /** + * demo分支拒绝数据提交,100001帐号除外 + */ + if ($this->isNotSafeRequest() && $this->authInfo['id'] != 100001) { + $dispatcher->forward([ + 'controller' => 'public', + 'action' => 'forbidden', + ]); + return false; + } + /** * 管理员忽略权限检查 */ diff --git a/app/Http/Admin/Services/Setting.php b/app/Http/Admin/Services/Setting.php index cd668a42..07b48f56 100644 --- a/app/Http/Admin/Services/Setting.php +++ b/app/Http/Admin/Services/Setting.php @@ -118,7 +118,7 @@ class Setting extends Service $result = []; /** - * demo分支过滤敏感数据 + * demo分支过滤敏感数据,100001帐号除外 */ if ($items->count() > 0) { $pattern = '/(id|auth|key|secret|token|password|pwd|mobile|phone|mail|email)/'; @@ -126,7 +126,8 @@ class Setting extends Service foreach ($items as $item) { $case1 = preg_match($pattern, $item->item_key); $case2 = $controllerName == 'setting'; - if ($case1 && $case2) { + $case3 = $this->getLoginUser()->id != 100001; + if ($case1 && $case2 && $case3) { $item->item_value = '******'; } $result[$item->item_key] = $item->item_value;