Exemplo n.º 1
0
 /**
  * 检查权限
  */
 public function power_check()
 {
     /**
      * var_dump(request()->method());
      *      string 'GET' (length=3)
      * var_dump(Route::currentRouteAction());
      *      string 'App\Http\Controllers\Admin\GroupController@get_list' (length=51)
      */
     // route
     $route = Route::currentRouteAction();
     $temp_r = explode('@', $route);
     $temp_ctl = explode('\\', $temp_r[0]);
     // controller acction method
     $controller = end($temp_ctl);
     // controller
     $action = end($temp_r);
     // action
     $method = request()->method();
     // method
     // delete temp var
     unset($temp_r);
     unset($temp_ctl);
     $oAdmin = Admin::findOrFail(session('admin_id'));
     $oGroups = AdminGroup::whereIn('id', json_decode($oAdmin->groups))->get();
     $oPowers = Power::where('controller', $controller)->where('action', $action)->get();
     $aPowers = array_column($oPowers->toArray(), 'method', 'id');
     /**
      * 选出继续操作需要的权限ID
      */
     $iNeedPower = null;
     // id
     foreach ($aPowers as $key => $value) {
         if ($value === $method || $value === '') {
             $iNeedPower = $key;
             break;
         }
     }
     if ($iNeedPower === null) {
         // 没有此权限记录
         return False;
     }
     /**
      * 检查用户所属的组中有没有拥有这种权限的组
      */
     $flag = False;
     foreach ($oGroups as $oGroup) {
         $powers = json_decode($oGroup->power);
         $powers = empty($powers) ? array() : $powers;
         if (in_array($iNeedPower, $powers)) {
             $flag = True;
             break;
         }
     }
     return $flag;
 }
Exemplo n.º 2
0
 /**
  * Show the form for editing the specified resource.
  *
  * @param  int  $id
  * @return \Illuminate\Http\Response
  */
 public function edit(Request $request, $id)
 {
     //
     $oGroup = Group::findOrFail($id);
     // 需要更新的组
     $powers = Group::get_group_power($id);
     // 组拥有的权限
     $oAllPowers = Power::select(['id', 'category', 'name'])->get();
     // 全部的权限
     // 按分类分开
     $aCategoryPowers = array();
     foreach ($oAllPowers as $k => $v) {
         $aCategoryPowers[$v->category][] = ['id' => $v->id, 'name' => $v->name];
     }
     if ($request->isMethod('get')) {
         return view('admin.group.edit', ['group' => $oGroup, 'power_categorys' => $aCategoryPowers, 'powers' => $powers]);
     }
     // post
     $sGroupName = $request->input('groupname', $oGroup->groupname);
     $aGroupPower = $request->input('powers', array());
     $aAllPowers = array_column($oAllPowers->toArray(), 'id');
     try {
         $j = count($aGroupPower);
         for ($i = 0; $i < $j; $i++) {
             $aGroupPower[$i] = intval($aGroupPower[$i]);
             if (!in_array($aGroupPower[$i], $aAllPowers)) {
                 // 权限不存在
                 unset($aGroupPower[$i]);
             }
         }
     } catch (Exception $e) {
         App::abort(404);
     }
     // 超级管理员的权限永远是所有,无法更改的
     // 只有名字可以修改
     if ($oGroup->id != 1) {
         Group::update_powers($id, $aGroupPower);
     }
     $oGroup->save();
     session()->flash('msg_success', '修改成功');
     return back();
 }
Exemplo n.º 3
0
 /**
  * @return \yii\db\ActiveQuery
  */
 public function getPowers()
 {
     return $this->hasMany(Power::className(), ['admin_id' => 'admin_id']);
 }