public function index()
{
$m = M('auth_rule');
$field = 'id,name,title';
$where['pid'] = 0;
//顶级ID
$where['status'] = 1;
//显示状态
$data = $m->field($field)->where($where)->select();
$auth = new Auth();
//没有权限的菜单不显示
foreach ($data as $k => $v) {
if (!$auth->check($v['name'], session('aid')) && session('aid') != 1) {
unset($data[$k]);
} else {
// status = 1 为菜单显示状态
$data[$k]['sub'] = $m->field($field)->where('pid=' . $v['id'] . ' AND status=1')->select();
$data[$k]['default_name'] = $data[$k]['sub']['0']['name'];
$data[$k]['default_title'] = $data[$k]['sub']['0']['title'];
foreach ($data[$k]['sub'] as $k2 => $v2) {
if (!$auth->check($v2['name'], session('aid')) && session('aid') != 1) {
unset($data[$k]['sub'][$k2]);
}
}
}
}
$this->assign('data', $data);
// 顶级
$this->display();
}
protected function _initialize()
{
$auth = new Auth();
if ($auth->check()) {
$this->error("对不起,您没有权限", "login", 2);
}
}
protected function _initialize()
{
$this->_name = CONTROLLER_NAME;
if (isLogin()) {
define('AID', isLogin());
$this->uid = decrypt(cookie('admin_id'));
$this->admin_name = decrypt(cookie('admin_name'));
$this->assign('admin_name', $this->admin_name);
} else {
$this->redirect('Public/login');
exit;
}
import('ORG.Util.Auth');
//加载类库
$auth = new Auth();
if (in_array(isLogin(), C("ADMINISTRATOR"))) {
return true;
} else {
if ($auth->check(CONTROLLER_NAME . '-*', isLogin())) {
true;
} elseif (!$auth->check(CONTROLLER_NAME . '-' . ACTION_NAME, isLogin())) {
echo CONTROLLER_NAME . '-' . ACTION_NAME;
die;
$this->error('你没有权限');
}
}
}
public function admin_list()
{
$admin = M('admin');
$val = I('val');
$auth = new Auth();
$this->assign('testval', $val);
if ($val) {
$map['admin_username'] = array('like', "%" . $val . "%");
}
$count = $admin->where($map)->count();
// 查询满足要求的总记录数
$Page = new \Think\Page($count, C('DB_PAGENUM'));
// 实例化分页类 传入总记录数和每页显示的记录数
foreach ($map as $key => $val) {
$Page->parameter[$key] = urlencode($val);
}
$show = $Page->show();
// 分页显示输出
$admin_list = $admin->where($map)->order('admin_id')->limit($Page->firstRow . ',' . $Page->listRows)->select();
foreach ($admin_list as $k => $v) {
$group = $auth->getGroups($v['admin_id']);
$admin_list[$k]['group'] = $group[0]['title'];
}
$this->assign('admin_list', $admin_list);
$this->assign('page', $show);
$this->display();
}
/**
* AUTH认证类检测权限
* @param int $uid 会员id
* @param string $controller 控制器名称
* @param string $action 方法名称
* @param string $sign 数据库标识符
* @return boolean 成功true 失败false
*/
function checkAuth($uid, $controller = CONTROLLER_NAME, $action = ACTION_NAME, $sign = "-")
{
$name = $controller . $sign . $action;
import('ORG.Util.Auth');
//加载类库
$auth = new Auth();
$result = $auth->check($name, $uid);
return $result;
}
protected function _initialize()
{
$auth = new Auth();
if (!session('userName')) {
$this->error('您尚未登陆', U('/Home/Index/index'));
}
if (!$auth->check()) {
$this->error('您没有此操作权限');
}
}
protected function _initialize()
{
if (!session('admin')) {
$this->redirect('Login/index');
}
$Auth = new Auth();
if (!$Auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/', session('id'))) {
echo "<span style='color : red;'>对不起,您没有权限操作此栏目!</span>";
exit;
}
}
public function _initialize()
{
if (!session('uid')) {
//如果权限SESSION值为空则跳转进入登入界面
$this->error('跳转登入页面', U('Home/Login/Index'));
}
$auth = new Auth();
//初始化Auth类
//MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME 模块/控制器/方法
//MOUDLE_NAME.'-'.ACTION_NAME 模块/方法
if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, session('uid'))) {
$this->error('你没有权限');
}
}
/**
* 执行行为 run方法是Behavior唯一的接口
* @access public
* @param mixed $params 行为参数
* @return void
*/
public function run(&$params)
{
// 进行权限认证逻辑 如果认证通过 $return = true;
if (UID == C('ADMINISTRATOR')) {
buildMenu();
$params = true;
} else {
$controllerName = CONTROLLER_NAME;
$auth = new Auth();
if (!$auth->check($controllerName, UID) && !in_array($controllerName, C('NO_AUTH_CHECK'))) {
A('Public')->noauth();
} else {
$params = true;
}
}
}
protected function _initialize()
{
$sess_auth = session('auth');
if (!$sess_auth) {
$this->error('非法访问,请登录', U('Index/index'));
}
//超级管理员权限
if ($sess_auth['uid'] == 1) {
return true;
}
//其他权限
$auth = new Auth();
if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, $sess_auth['uid'])) {
$this->error('没有权限');
}
}
public function _initialize()
{
parent::_initialize();
//session不存在时,不允许直接访问
if (!session('aid')) {
$this->error('还没有登录,正在跳转到登录页', U('Public/login'));
}
//当前操作的请求 模块名/方法名
if (in_array(CONTROLLER_NAME . '/' . ACTION_NAME, $this->not_check)) {
return true;
}
//下面代码动态判断权限
$auth = new Auth();
if (!$auth->check(CONTROLLER_NAME . '/' . ACTION_NAME, session('aid')) && session('aid') != 1) {
$this->error('没有权限');
}
}
protected function _initialize()
{
$session = session('auth');
if (!$session) {
$this->error('非法访问', U('Login/index'));
}
if ($session['id'] == 1) {
return true;
}
$auth = new Auth();
if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, $session['id'])) {
$this->error('没有权限', U('Login/index'));
}
/* if($session['id']){
return true;
} */
}
protected function _initialize()
{
$sess_auth = session('auth');
if (!$sess_auth) {
$this->error('非法访问!正在跳转登录页面!', U('Login/index'));
}
//如果是超级管理员 就不用验证权限 这里的1要通过用户数据库
if ($sess_auth['uid'] == 1) {
return true;
//返回true 直接进入 表单提交页 后台首页
}
$auth = new Auth();
//权限控制 主要针对2 和 3
//2是test没有权限进入后台首页 退出 3是guest 有权限进入后台首页
if (!$auth->check(MODULE_NAME . '/' . CONTROLLER_NAME . '/' . ACTION_NAME, $sess_auth['uid'])) {
$this->error('没有权限', U('Login/logout'));
}
}
protected function _initialize()
{
//session不存在时,不允许直接访问
if (!session('aid')) {
$this->error('还没有登录,正在跳转到登录页', U('Login/login'));
}
//session存在时,不需要验证的权限
$not_check = array('Index/index', 'Index/main', 'Index/clear_cache', 'Index/edit_pwd', 'Index/logout', 'Admin/admin_list', 'Admin/admin_list', 'Admin/admin_edit', 'Admin/admin_add');
//当前操作的请求 模块名/方法名
if (in_array(CONTROLLER_NAME . '/' . ACTION_NAME, $not_check)) {
return true;
}
//下面代码动态判断权限
$auth = new Auth();
if (!$auth->check(CONTROLLER_NAME . '/' . ACTION_NAME, session('aid')) && session('aid') != 1) {
$this->error('没有权限');
}
}
public function _initialize()
{
//登录判定
if (!session('aid') || !session('a_role')) {
$this->error('你还没有登录,请先登录', U('Login/Login/index'));
}
//角色判定
if (session('a_role') != "ideaer") {
$url = ucfirst(session('a_role')) . "/Index/index";
$this->error("You are not an ideaer.", U($url));
}
//权限检查
$auth = new Auth();
$rules = MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME;
if (!$auth->check($rules, session('aid'))) {
$this->error("你没有权限", U("Ideaer/Index/index"));
}
}
/**
* 后台控制器初始化
*/
protected function _initialize()
{
//检查用户登入
if (!session('?' . C('USER_AUTH_KEY'))) {
$this->redirect('Public/login');
}
//判断是否为超级管理员 若是,则跳过权限检查
if (session('uname') == C('ADMIN_AUTH_KEY')) {
return TRUE;
}
//检查用户权限
$auth = new Auth();
$module_name = CONTROLLER_NAME . '/' . ACTION_NAME;
if (!$auth->check($module_name, session(C('USER_AUTH_KEY')))) {
$this->error(L('_VALID_ACCESS_'));
}
// url 语言参数
$this->vl = $vl = LANG_SET == accept_lang() ? '' : C('VAR_LANGUAGE') . '=' . LANG_SET;
$this->assign('vl', $vl);
//多语言操作html
$this->clang = $clang = cookie('lang');
$langs = '<div id="lang"><div class="btn btn-app btn-xs btn-purple ace-settings-btn">';
$langs .= '<span class="glyphicon glyphicon-globe"></span></div><div class="lang-list">';
foreach (S('langs') as $value) {
if (I('get.lang')) {
$btncolor = I('get.lang') == $value['value'] ? 'btn-primary' : 'btn-light';
} else {
if ($clang) {
$btncolor = $value['value'] == $clang ? 'btn-primary' : 'btn-light';
} else {
$btncolor = $value['value'] == LANG_SET ? 'btn-primary' : 'btn-light';
}
}
$langs .= '<a class="btn btn-xs ' . $btncolor . ' mr5 mb5" href="' . urlh($vl . '&lang=' . $value['value']) . '" ';
$langs .= 'onclick="load(event,this)">' . $value['name'] . '</a>';
}
$langs .= '</div></div>';
$this->assign('langs', S('langs') ? $langs : '');
//多语言操作cookie
if (array_key_exists('lang', I('get.'))) {
cookie('lang', I('get.lang'));
}
$this->assign('clang', $clang);
}
public function _initialize()
{
//用户登陆信息检测处理
$sess_User = session('user');
if (!is_array($sess_User)) {
$this->error('您还未登录 ' . C('TITLE'), U('Login/index'));
}
session('login_time', time());
//超级管理员免验证
if ($sess_User['info']['uid'] == C("ADMIN")) {
return true;
}
//检查普通用户权限
$AuthModel = new Auth();
if (!$AuthModel->check(CONTROLLER_NAME . '/' . ACTION_NAME, $sess_User['info']['uid'])) {
echo "<div style='padding:10px;'>没有权限</div>";
exit;
}
}
protected function _initialize()
{
//自动运行,为了判断左侧导航、右侧导航的选中状态,S为导航ID
session('se', I('se'));
//session不存在时,不允许直接访问
if (!$_SESSION['aid']) {
$this->error('还没有登录,正在跳转到登录页', U('Admin/Login/login'));
}
//session存在时,不需要验证的权限
$not_check = array('Index/index', 'Login/login', 'Sys/runsys', 'Sys/runemail', 'Sys/admin_list_add', 'Sys/admin_list_edit', 'Sys/admin_list_runedit', 'Sys/admin_list_del', 'Sys/admin_list_runedit', 'Sys/ruleorder', 'Sys/admin_rule_add', 'Sys/admin_rule_del', 'Sys/admin_rule_edit', 'Sys/admin_rule_runedit', 'Sys/admin_rule_state', 'Sys/admin_group_state', 'Sys/admin_group_access', 'Sys/admin_group_del', 'Sys/admin_group_edit', 'Sys/admin_group_runaccess');
//用户组设置:状态、配置、删除、修改
//当前操作的请求 模块名/方法名
if (in_array(CONTROLLER_NAME . '/' . ACTION_NAME, $not_check)) {
return true;
}
//下面代码动态判断权限
$auth = new Auth();
if (!$auth->check(CONTROLLER_NAME . '/' . ACTION_NAME, $_SESSION['aid']) && $_SESSION['aid'] != 1) {
$this->error('没有权限', 0, 0);
}
}
protected function _initialize()
{
$auth = new Auth();
$admin = session("admin");
if (!$admin) {
$this->error("请先登录!", U("Login/login"));
}
//超级管理员有全部权限
if ($admin['priv_id'] == 1) {
return true;
}
$url = MODULE_NAME . "/" . CONTROLLER_NAME . "/" . ACTION_NAME;
//默认都有访问后台首页的权限
$filter_auth = array(MODULE_NAME . "/" . "Index/index", MODULE_NAME . "/" . "Index/top", MODULE_NAME . "/" . "Index/menu", MODULE_NAME . "/" . "Index/main", MODULE_NAME . "/" . "Index/drag");
if (in_array($url, $filter_auth)) {
return true;
}
if (!$auth->check($url, $admin['admin_id'])) {
$this->error("没权限访问");
}
}
public function getLeftMenu()
{
$sess_Uid = session('uid');
$Auth = new Auth();
$AuthGroups = $Auth->getGroups($sess_Uid);
foreach ($AuthGroups as $v) {
$AuthRules[] = $v['rules'];
}
$AuthRules = implode(',', $AuthRules);
$where = array('rule_id' => I('id', '', 'int'), 'display' => 1, 'id' => array('in', $AuthRules));
$table_AuthRule = M("AuthRule")->where($where)->order("sort asc")->field("id,title")->select();
foreach ($table_AuthRule as $k => $v) {
$where = array('rule_id' => $v['id'], 'display' => 1, 'id' => array('in', $AuthRules));
$table_AuthRule_son = M("AuthRule")->where($where)->order("sort asc")->field("id,title as text,cls,name as url")->select();
foreach ($table_AuthRule_son as $k2 => $v2) {
$table_AuthRule_son[$k2]['url'] = __MODULE__ . "/" . $v2['url'];
$table_AuthRule_son[$k2]['type'] = true;
$table_AuthRule_son[$k2]['iconCls'] = $v2['cls'];
}
$table_AuthRule[$k]['children'] = $table_AuthRule_son;
}
$this->ajaxReturn($table_AuthRule);
}
<span class="btn btn-info"></span>
<span class="btn btn-warning"></span>
<span class="btn btn-danger"></span>
</div>
</div><!-- /.sidebar-shortcuts -->
<ul class="nav nav-list">
<?php
use Common\Controller\AuthController;
use Think\Auth;
$m = M('auth_rule');
$field = 'id,name,title,css';
$data = $m->field($field)->where('pid=0 AND status=1')->order('sort')->select();
$auth = new Auth();
foreach ($data as $k => $v) {
if (!$auth->check($v['name'], cookie('aid')) && cookie('aid') != 1) {
unset($data[$k]);
}
}
?>
<?php
if (is_array($data)) {
foreach ($data as $key => $v) {
?>
<li class="<?php
if (CONTROLLER_NAME == $v['name']) {
?>
active open<?php
public function admin_edit()
{
if (!empty($_POST)) {
//修改所属组
$access = M('auth_group_access');
if (empty($_POST['group_id'])) {
$this->error('请选择用户组');
}
$result = $access->where('uid=' . $_POST['id'])->find();
if (empty($result)) {
$map['uid'] = $_POST['id'];
$map['group_id'] = $_POST['group_id'];
$access->add($map);
} else {
$save['group_id'] = $_POST['group_id'];
$access->where('uid=' . $_POST['id'])->save($save);
}
$data['id'] = $_POST['id'];
$data['mobile'] = $_POST['mobile'];
$data['email'] = $_POST['email'];
if ($_POST['status'] >= 0) {
$data['status'] = $_POST['status'];
}
$m = M('admin');
$result = $m->where('id=' . $data['id'])->save($data);
if ($result === false) {
$this->error('修改失败');
} else {
$this->success('修改成功');
}
} else {
$m = M('admin');
$result = $m->where('id=' . I('id'))->find();
//获取当前所属组
$auth = new Auth();
$group = $auth->getGroups($result['id']);
$result['title'] = $group[0]['title'];
$result['group_id'] = $group[0]['group_id'];
$this->assign('vo', $result);
//获取所有组
$m = M('auth_group');
$group = $m->order('id DESC')->select();
$this->assign('group', $group);
$this->display();
}
}
<div class="sidebar-shortcuts" id="sidebar-shortcuts">
<!--四个毫无意义的按钮-->
<div class="sidebar-shortcuts-large" id="sidebar-shortcuts-large">
<button class="btn btn-success"><i class="ace-icon fa fa-signal"></i></button>
<button class="btn btn-info"><i class="ace-icon fa fa-pencil"></i></button>
<button class="btn btn-warning"><i class="ace-icon fa fa-users"></i></button>
<button class="btn btn-danger"><i class="ace-icon fa fa-cogs"></i></button>
</div>
</div>
<ul class="nav nav-list">
<?php
use Common\Controller\AuthController;
use Think\Auth;
$auth_rule = M('auth_rule');
$menu = $auth_rule->field("id,name,pid,title,css")->where('status=1')->order('sort')->select();
$auth = new Auth();
foreach ($menu as $k => $v) {
if (!$auth->check($v['name'], $_SESSION['aid']) && $_SESSION['aid'] != 1) {
unset($menu[$k]);
}
}
$menu = getMenu($menu);
?>
<?php
if (is_array($menu)) {
foreach ($menu as $key => $vo) {
?>
<li class="<?php
if (CONTROLLER_NAME == $vo['name']) {
?>
active open<?php
