public function run(&$params) { //Behavior的行为是在加载控制器之前,也包含了登录页面的控制器和验证码,所以要先排除掉; //>>1.定义不验证的控制器和方法 $notInclude = array('Login/checkLogin', 'Verify/index'); //定义当前访问的控制器和方法 $ongoing = CONTROLLER_NAME . '/' . ACTION_NAME; if (in_array($ongoing, $notInclude)) { return false; } //判断用户是否登录 if (!isLogin()) { $LoginService = D('Login', 'Service'); //判断用户是否自动登录 if (!$LoginService->autoLogin()) { redirect(U('Login/checkLogin'), 1, '请登录'); } } if (superUser()) { return false; } //得到当前用户的权限 $userUrl = savePermissionURL(); if (!in_array($ongoing, $userUrl)) { echo "权限不足"; exit; } }
public function menu() { if (superUser()) { $menuModel = D('Menu'); $menus = $menuModel->changPage('id,name,url,level,parent_id'); } else { $ids = savePermissionID(); if ($ids) { $str = implode(',', $ids); $sql = "select distinct m.id,m.name,m.url,m.level,m.parent_id from shop_menu as m join shop_menu_permission as mp on m.id = mp.menu_id where mp.permission_id in ({$str})"; $menus = M()->query($sql); } } $this->assign('menus', $menus); $this->display('menu'); }