public function actionUpdate($uid) { $user = User::findOne($uid); if (empty($user)) { throw new HttpException(404, '用户不存在!'); } if ($this->user->rid > 1 && $user->rid == 2) { throw new MethodNotAllowedHttpException('权限不够!'); } UserPermission::deleteAll(['uid' => $uid]); if (isset($_POST['pmenus'])) { $pmenus = $_POST['pmenus']; foreach ($pmenus as $pmenu) { $userPermission = new UserPermission(); $userPermission->uid = $uid; $userPermission->mid = $pmenu; $userPermission->save(); } } $this->redirect('/user/index'); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!\Auth::check()) { return redirect('/login'); } else { $namespace = $request->segment(2); $hasPermissions = UserPermission::join('packages', 'user_permissions.package_id', '=', 'packages.id')->where('user_id', \Auth::id())->where('namespace', $namespace)->get(); if ($hasPermissions->isEmpty()) { return response('Access Denied.', 401); } } return $next($request); }
/** * Run the database seeds. * * @return void */ public function run() { \App\Models\UserPermission::create(['group_id' => 1, 'permission' => '*']); \App\Models\UserPermission::create(['group_id' => 2, 'permission' => '*']); \App\Models\UserPermission::create(['group_id' => 3, 'permission' => 'view_appointments']); \App\Models\UserPermission::create(['group_id' => 3, 'permission' => 'update_appointments']); \App\Models\UserPermission::create(['group_id' => 3, 'permission' => 'create_appointments']); \App\Models\UserPermission::create(['group_id' => 3, 'permission' => 'view_doctors']); \App\Models\UserPermission::create(['group_id' => 3, 'permission' => 'create_doctors']); \App\Models\UserPermission::create(['group_id' => 3, 'permission' => 'create_doctors']); \App\Models\UserPermission::create(['group_id' => 5, 'permission' => 'create_appointments']); \App\Models\UserPermission::create(['group_id' => 5, 'permission' => 'view_appointments']); \App\Models\UserPermission::create(['group_id' => 5, 'permission' => 'cancel_appointments']); \App\Models\UserPermission::create(['group_id' => 5, 'permission' => 'reschedule_appointments']); }
/** * Initializes the controller */ public function init() { $this->user = Yii::$app->session->get('user'); if ($this->user == null && !Yii::$app->user->isGuest) { Yii::$app->user->logout(); $this->redirect('/'); } if (Yii::$app->user->isGuest) { $order = ['label' => '提交订单', 'url' => ['/order/guest-create']]; array_push($this->menu, $order); $login = ['label' => '登录', 'url' => ['/site/login']]; array_push($this->menu, $login); return; } //init user permissions $userPermissions = UserPermission::find()->where('uid = :uid', [':uid' => $this->user->id])->all(); foreach ($userPermissions as $userPermission) { $this->permissions[$userPermission->mid] = $userPermission->mid; } //init menu $index = ['label' => '首页', 'url' => ['/site/index']]; array_push($this->menu, $index); $menus = Menu::find()->orderBy('sortNum desc')->all(); if ($menus) { foreach ($menus as $menu) { if (!$this->checkMenuPermission($menu->id)) { continue; } if ($menu->pid != 0) { continue; } $item_menus = array(); foreach ($menus as $row) { if (!$this->checkMenuPermission($row->id)) { continue; } if ($menu->id == $row->pid) { $item = array('label' => $row->name, 'url' => array($row->url)); if (empty($row->url)) { $item = array('label' => $row->name); } array_push($item_menus, $item); } } $parent_menu = array(); if (count($item_menus) > 0) { $parent_menu = array('label' => $menu->name, 'items' => $item_menus); } else { $parent_menu = array('label' => $menu->name, 'url' => array($menu->url)); if (empty($menu->url)) { $parent_menu = array('label' => $menu->name); } } array_push($this->menu, $parent_menu); } } if (!Yii::$app->user->isGuest) { $updatepwd = ['label' => '修改密码', 'url' => ['/user/updatepwd'], 'linkOptions' => ['data-method' => 'post']]; array_push($this->menu, $updatepwd); $logout = ['label' => '退出 (' . Yii::$app->user->identity->username . ')', 'url' => ['/site/logout'], 'linkOptions' => ['data-method' => 'post']]; array_push($this->menu, $logout); } }
/** * Remove the specified resource from storage. * * @param int $id * @return \Illuminate\Http\Response */ public function destroy($id) { $permission = UserPermission::find($id); $permission->delete(); return redirect('/permissions/permissions')->withMessage('<i class="glyphicon glyphicon-ok"></i> This user permission has been deleted'); }