Merge remote-tracking branch 'origin/release-1.0.0' into release-1.0.0

Application/Admin/Controller/AdminController.class.php

@@ -16,7 +16,6 @@ use Admin\Model\AuthGroupModel;
  * @author 麦当苗儿 <zuojiazi@vip.qq.com>
  */
 class AdminController extends Controller {
-
     /**
      * 后台控制器初始化
      */
@@ -49,6 +48,7 @@ class AdminController extends Controller {
             if ( false === $access ) {
                 $this->error('403:禁止访问');
             }elseif(null === $access ){
+                if(CONTROLLER_NAME !== "Ajax"){//ajax放行
                     //检测访问权限
                     $rule  = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME);
                     if ( !$this->checkRule($rule,array('in','1,2')) ){
@@ -63,7 +63,8 @@ class AdminController extends Controller {
                                 D('Member')->logout();
                                 session('[destroy]');
                             }
-                        $where['id'] = substr($qx[0]['rules'],0,1);;
+                            $where['id'] = substr($qx[0]['rules'],0,strpos($qx[0]['rules'], ','));
+                            //$where['id'] = substr($qx[0]['rules'],0,1)
                             $dz = M("auth_rule")->field('name')->where($where)->find();
                             $red = substr($dz['name'],6);
                             redirect(U("$red"));
@@ -80,6 +81,8 @@ class AdminController extends Controller {
                     }
                 }
             }
+                
+        }   
         $map2['uid'] = session("user_auth.uid");
         $res = M('auth_group_access','sys_')->field('uid,group_id')->where($map2)->find();
         $map1['id'] = $res['group_id'];