/**
* 权限判断
*
* @return void
* @author
**/
public function beforeAction()
{
// 系统默认全局URI
$allow_uri = ['signin', 'signup'];
// 默认全局AJAX
$allow_ajax_uri = ["member/change", "weixin/delete", "auth/invest-remark", "auth/auth-remark", "project/delete", "project/setstatus", "project/setcomment", "order/modify", "article/delete", "weixin/delete-msg", "ads/delete", "admin/change", "menu/change-status", "file/uploads", "type/change"];
$allow_uri = array_merge($allow_uri, $allow_ajax_uri);
$user = Yii::$app->user;
$menu_model = new Menu();
$uri = Yii::$app->request->pathInfo;
$path_info = substr_count($uri, '/') == 2 ? substr($uri, 0, strrpos($uri, '/')) : $uri;
$is_menu = $menu_model->get_menu_by_auth_rules($path_info);
if ($path_info && !in_array($path_info, $allow_uri) && !$is_menu && !$user->can('administrator')) {
$auth = Yii::$app->getAuthManager();
$role = $auth->getRolesByUser(Yii::$app->user->getId());
$roles = array_keys($role);
if (strpos($path_info, '/')) {
$paths = explode('/', $path_info);
$controller = $paths[0];
$action = $paths[1];
} else {
$controller = $path_info;
$action = 'index';
}
if (is_array($roles)) {
$this->rules[] = ['controllers' => [$controller], 'allow' => false, 'roles' => $roles, 'actions' => [$action]];
$this->rules[] = ['controllers' => [$controller], 'allow' => false, 'actions' => [$action]];
}
}
// common
$this->rules[] = ['controllers' => ['admin'], 'allow' => true, 'roles' => ['@'], 'actions' => ['home']];
$this->rules[] = ['controllers' => ['debug/default'], 'allow' => true, 'roles' => ['?']];
$this->rules[] = ['allow' => true];
// echo '<pre>';print_r($this->rules);exit;
$this->denyCallback = function ($rule, $action) use($user) {
if ($user->getIsGuest()) {
$user->loginRequired();
} else {
throw new \yii\web\ForbiddenHttpException('对不起,此页面需要更高的权限账户才能访问。');
}
};
Yii::$app->controller->attachBehavior('access', ['class' => $this->accessControlFilter, 'denyCallback' => $this->denyCallback, 'rules' => $this->rules]);
}
