mirror of
https://gitee.com/koogua/course-tencent-cloud.git
synced 2025-06-24 12:05:39 +08:00
154 lines
3.6 KiB
PHP
154 lines
3.6 KiB
PHP
<?php
|
||
/**
|
||
* @copyright Copyright (c) 2021 深圳市酷瓜软件有限公司
|
||
* @license https://opensource.org/licenses/GPL-2.0
|
||
* @link https://www.koogua.com
|
||
*/
|
||
|
||
namespace App\Http\Admin\Controllers;
|
||
|
||
use App\Models\Audit as AuditModel;
|
||
use App\Models\Role as RoleModel;
|
||
use App\Models\User as UserModel;
|
||
use App\Services\Auth\Admin as AdminAuth;
|
||
use App\Traits\Response as ResponseTrait;
|
||
use App\Traits\Security as SecurityTrait;
|
||
use Phalcon\Mvc\Dispatcher;
|
||
|
||
class Controller extends \Phalcon\Mvc\Controller
|
||
{
|
||
|
||
/**
|
||
* @var array
|
||
*/
|
||
protected $authInfo;
|
||
|
||
/**
|
||
* @var UserModel
|
||
*/
|
||
protected $authUser;
|
||
|
||
use ResponseTrait;
|
||
use SecurityTrait;
|
||
|
||
public function beforeExecuteRoute(Dispatcher $dispatcher)
|
||
{
|
||
if ($this->isNotSafeRequest()) {
|
||
$this->checkHttpReferer();
|
||
$this->checkCsrfToken();
|
||
}
|
||
|
||
$this->authInfo = $this->getAuthInfo();
|
||
|
||
if (!$this->authInfo) {
|
||
$dispatcher->forward([
|
||
'controller' => 'public',
|
||
'action' => 'auth',
|
||
]);
|
||
return false;
|
||
}
|
||
|
||
$this->authUser = $this->getAuthUser();
|
||
|
||
/**
|
||
* demo分支拒绝数据提交,100001帐号除外
|
||
*/
|
||
if ($this->isNotSafeRequest() && $this->authUser->id != 100001) {
|
||
$dispatcher->forward([
|
||
'controller' => 'public',
|
||
'action' => 'forbidden',
|
||
]);
|
||
return false;
|
||
}
|
||
|
||
/**
|
||
* root用户忽略权限检查
|
||
*/
|
||
if ($this->authUser->admin_role == RoleModel::ROLE_ROOT) {
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
* 特例白名单
|
||
*/
|
||
$whitelist = [
|
||
'controllers' => ['public', 'index', 'upload', 'test'],
|
||
'routes' => [],
|
||
];
|
||
|
||
$controller = $dispatcher->getControllerName();
|
||
|
||
/**
|
||
* 特定控制器忽略权限检查
|
||
*/
|
||
if (in_array($controller, $whitelist['controllers'])) {
|
||
return true;
|
||
}
|
||
|
||
$route = $this->router->getMatchedRoute();
|
||
|
||
/**
|
||
* 特定路由忽略权限检查
|
||
*/
|
||
if (in_array($route->getName(), $whitelist['routes'])) {
|
||
return true;
|
||
}
|
||
|
||
/**
|
||
* 执行路由权限检查
|
||
*/
|
||
if (!in_array($route->getName(), $this->authInfo['routes'])) {
|
||
$dispatcher->forward([
|
||
'controller' => 'public',
|
||
'action' => 'forbidden',
|
||
]);
|
||
return false;
|
||
}
|
||
|
||
return true;
|
||
}
|
||
|
||
public function initialize()
|
||
{
|
||
$this->view->setVar('auth_user', $this->authUser);
|
||
}
|
||
|
||
public function afterExecuteRoute(Dispatcher $dispatcher)
|
||
{
|
||
if ($this->request->isPost()) {
|
||
|
||
$audit = new AuditModel();
|
||
|
||
$audit->user_id = $this->authUser->id;
|
||
$audit->user_name = $this->authUser->name;
|
||
$audit->user_ip = $this->request->getClientAddress();
|
||
$audit->req_route = $this->router->getMatchedRoute()->getName();
|
||
$audit->req_path = $this->request->getServer('REQUEST_URI');
|
||
$audit->req_data = $this->request->getPost();
|
||
|
||
$audit->create();
|
||
}
|
||
}
|
||
|
||
protected function getAuthInfo()
|
||
{
|
||
/**
|
||
* @var AdminAuth $auth
|
||
*/
|
||
$auth = $this->getDI()->get('auth');
|
||
|
||
return $auth->getAuthInfo();
|
||
}
|
||
|
||
protected function getAuthUser()
|
||
{
|
||
/**
|
||
* @var AdminAuth $auth
|
||
*/
|
||
$auth = $this->getDI()->get('auth');
|
||
|
||
return $auth->getCurrentUser();
|
||
}
|
||
|
||
}
|