Merge remote-tracking branch 'origin/release-1.0.0' into release-1.0.0

5 years ago · 4d06b52b9d
parent c6b8f99b6e b3e09ad5db
commit 4d06b52b9d
1 changed files with 29 additions and 26 deletions
--- a/Application/Admin/Controller/AdminController.class.php
+++ b/Application/Admin/Controller/AdminController.class.php
@ -16,7 +16,6 @@ use Admin\Model\AuthGroupModel;
 * @author 麦当苗儿 <zuojiazi@vip.qq.com>
 */
 class AdminController extends Controller {
-
    /**
     * 后台控制器初始化
     */
@ -49,36 +48,40 @@ class AdminController extends Controller {
            if ( false === $access ) {
                $this->error('403:禁止访问');
            }elseif(null === $access ){
-                //检测访问权限
-                $rule  = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME);
-                if ( !$this->checkRule($rule,array('in','1,2')) ){
-
-                if ($rule == "admin/index/index"){
-                        //如果首页没有访问权限 自动检测有访问权限的页面然后跳转过去
-                        $qx = M("Auth_group")->table("__AUTH_GROUP__ as ag")
-                            ->join("__AUTH_GROUP_ACCESS__ as aga on(ag.id=aga.group_id and aga.uid=".UID.")",'right')
-                            ->where("ag.status=1")->limit(1)->select();
-                        if (empty($qx)){
-                            //如果没有任何权限 直接登出
-                            D('Member')->logout();
-                            session('[destroy]');
+                if(CONTROLLER_NAME !== "Ajax"){//ajax放行
+                    //检测访问权限
+                    $rule  = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME);
+                    if ( !$this->checkRule($rule,array('in','1,2')) ){
+
+                    if ($rule == "admin/index/index"){
+                            //如果首页没有访问权限 自动检测有访问权限的页面然后跳转过去
+                            $qx = M("Auth_group")->table("__AUTH_GROUP__ as ag")
+                                ->join("__AUTH_GROUP_ACCESS__ as aga on(ag.id=aga.group_id and aga.uid=".UID.")",'right')
+                                ->where("ag.status=1")->limit(1)->select();
+                            if (empty($qx)){
+                                //如果没有任何权限 直接登出
+                                D('Member')->logout();
+                                session('[destroy]');
+                            }
+                            $where['id'] = substr($qx[0]['rules'],0,strpos($qx[0]['rules'], ','));
+                            //$where['id'] = substr($qx[0]['rules'],0,1)
+                            $dz = M("auth_rule")->field('name')->where($where)->find();
+                            $red = substr($dz['name'],6);
+                            redirect(U("$red"));
+                        }else{
+                            $this->error('未授权访问!');
                        }
-                        $where['id'] = substr($qx[0]['rules'],0,1);;
-                        $dz = M("auth_rule")->field('name')->where($where)->find();
-                        $red = substr($dz['name'],6);
-                        redirect(U("$red"));
-                    }else{
-                        $this->error('未授权访问!');
-                    }

-                }else{
-                    // 检测分类及内容有关的各项动态权限
-                    $dynamic    =   $this->checkDynamic();
-                    if( false === $dynamic ){
-                        $this->error('未授权访问!');
+                    }else{
+                        // 检测分类及内容有关的各项动态权限
+                        $dynamic    =   $this->checkDynamic();
+                        if( false === $dynamic ){
+                            $this->error('未授权访问!');
+                        }
                    }
                }
            }
+                
        }   
        $map2['uid'] = session("user_auth.uid");
        $res = M('auth_group_access','sys_')->field('uid,group_id')->where($map2)->find();