From b3e09ad5dbdf2c51510b17f39f899aaa15009774 Mon Sep 17 00:00:00 2001 From: chenzhi Date: Sat, 21 Dec 2019 14:15:39 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=BE=E8=A1=8Cajax,=E9=A6=96=E9=A1=B5?= =?UTF-8?q?=E6=97=A0=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Controller/AdminController.class.php | 55 ++++++++++--------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/Application/Admin/Controller/AdminController.class.php b/Application/Admin/Controller/AdminController.class.php index 29e5b8242..15a92dfd5 100644 --- a/Application/Admin/Controller/AdminController.class.php +++ b/Application/Admin/Controller/AdminController.class.php @@ -16,7 +16,6 @@ use Admin\Model\AuthGroupModel; * @author 麦当苗儿 */ class AdminController extends Controller { - /** * 后台控制器初始化 */ @@ -49,36 +48,40 @@ class AdminController extends Controller { if ( false === $access ) { $this->error('403:禁止访问'); }elseif(null === $access ){ - //检测访问权限 - $rule = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME); - if ( !$this->checkRule($rule,array('in','1,2')) ){ - - if ($rule == "admin/index/index"){ - //如果首页没有访问权限 自动检测有访问权限的页面然后跳转过去 - $qx = M("Auth_group")->table("__AUTH_GROUP__ as ag") - ->join("__AUTH_GROUP_ACCESS__ as aga on(ag.id=aga.group_id and aga.uid=".UID.")",'right') - ->where("ag.status=1")->limit(1)->select(); - if (empty($qx)){ - //如果没有任何权限 直接登出 - D('Member')->logout(); - session('[destroy]'); + if(CONTROLLER_NAME !== "Ajax"){//ajax放行 + //检测访问权限 + $rule = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME); + if ( !$this->checkRule($rule,array('in','1,2')) ){ + + if ($rule == "admin/index/index"){ + //如果首页没有访问权限 自动检测有访问权限的页面然后跳转过去 + $qx = M("Auth_group")->table("__AUTH_GROUP__ as ag") + ->join("__AUTH_GROUP_ACCESS__ as aga on(ag.id=aga.group_id and aga.uid=".UID.")",'right') + ->where("ag.status=1")->limit(1)->select(); + if (empty($qx)){ + //如果没有任何权限 直接登出 + D('Member')->logout(); + session('[destroy]'); + } + $where['id'] = substr($qx[0]['rules'],0,strpos($qx[0]['rules'], ',')); + //$where['id'] = substr($qx[0]['rules'],0,1) + $dz = M("auth_rule")->field('name')->where($where)->find(); + $red = substr($dz['name'],6); + redirect(U("$red")); + }else{ + $this->error('未授权访问!'); } - $where['id'] = substr($qx[0]['rules'],0,1);; - $dz = M("auth_rule")->field('name')->where($where)->find(); - $red = substr($dz['name'],6); - redirect(U("$red")); - }else{ - $this->error('未授权访问!'); - } - }else{ - // 检测分类及内容有关的各项动态权限 - $dynamic = $this->checkDynamic(); - if( false === $dynamic ){ - $this->error('未授权访问!'); + }else{ + // 检测分类及内容有关的各项动态权限 + $dynamic = $this->checkDynamic(); + if( false === $dynamic ){ + $this->error('未授权访问!'); + } } } } + } $map2['uid'] = session("user_auth.uid"); $res = M('auth_group_access','sys_')->field('uid,group_id')->where($map2)->find();