/** * 权限判断 * * @return void * @author **/ public function beforeAction() { // 系统默认全局URI $allow_uri = ['signin', 'signup']; // 默认全局AJAX $allow_ajax_uri = ["member/change", "weixin/delete", "auth/invest-remark", "auth/auth-remark", "project/delete", "project/setstatus", "project/setcomment", "order/modify", "article/delete", "weixin/delete-msg", "ads/delete", "admin/change", "menu/change-status", "file/uploads", "type/change"]; $allow_uri = array_merge($allow_uri, $allow_ajax_uri); $user = Yii::$app->user; $menu_model = new Menu(); $uri = Yii::$app->request->pathInfo; $path_info = substr_count($uri, '/') == 2 ? substr($uri, 0, strrpos($uri, '/')) : $uri; $is_menu = $menu_model->get_menu_by_auth_rules($path_info); if ($path_info && !in_array($path_info, $allow_uri) && !$is_menu && !$user->can('administrator')) { $auth = Yii::$app->getAuthManager(); $role = $auth->getRolesByUser(Yii::$app->user->getId()); $roles = array_keys($role); if (strpos($path_info, '/')) { $paths = explode('/', $path_info); $controller = $paths[0]; $action = $paths[1]; } else { $controller = $path_info; $action = 'index'; } if (is_array($roles)) { $this->rules[] = ['controllers' => [$controller], 'allow' => false, 'roles' => $roles, 'actions' => [$action]]; $this->rules[] = ['controllers' => [$controller], 'allow' => false, 'actions' => [$action]]; } } // common $this->rules[] = ['controllers' => ['admin'], 'allow' => true, 'roles' => ['@'], 'actions' => ['home']]; $this->rules[] = ['controllers' => ['debug/default'], 'allow' => true, 'roles' => ['?']]; $this->rules[] = ['allow' => true]; // echo '<pre>';print_r($this->rules);exit; $this->denyCallback = function ($rule, $action) use($user) { if ($user->getIsGuest()) { $user->loginRequired(); } else { throw new \yii\web\ForbiddenHttpException('对不起,此页面需要更高的权限账户才能访问。'); } }; Yii::$app->controller->attachBehavior('access', ['class' => $this->accessControlFilter, 'denyCallback' => $this->denyCallback, 'rules' => $this->rules]); }