Merge remote-tracking branch 'origin/release-1.0.0' into release-1.0.0

master
zhengchanglong 5 years ago
commit 4d06b52b9d

@ -16,7 +16,6 @@ use Admin\Model\AuthGroupModel;
* @author 麦当苗儿 <zuojiazi@vip.qq.com> * @author 麦当苗儿 <zuojiazi@vip.qq.com>
*/ */
class AdminController extends Controller { class AdminController extends Controller {
/** /**
* 后台控制器初始化 * 后台控制器初始化
*/ */
@ -49,36 +48,40 @@ class AdminController extends Controller {
if ( false === $access ) { if ( false === $access ) {
$this->error('403:禁止访问'); $this->error('403:禁止访问');
}elseif(null === $access ){ }elseif(null === $access ){
//检测访问权限 if(CONTROLLER_NAME !== "Ajax"){//ajax放行
$rule = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME); //检测访问权限
if ( !$this->checkRule($rule,array('in','1,2')) ){ $rule = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME);
if ( !$this->checkRule($rule,array('in','1,2')) ){
if ($rule == "admin/index/index"){
//如果首页没有访问权限 自动检测有访问权限的页面然后跳转过去 if ($rule == "admin/index/index"){
$qx = M("Auth_group")->table("__AUTH_GROUP__ as ag") //如果首页没有访问权限 自动检测有访问权限的页面然后跳转过去
->join("__AUTH_GROUP_ACCESS__ as aga on(ag.id=aga.group_id and aga.uid=".UID.")",'right') $qx = M("Auth_group")->table("__AUTH_GROUP__ as ag")
->where("ag.status=1")->limit(1)->select(); ->join("__AUTH_GROUP_ACCESS__ as aga on(ag.id=aga.group_id and aga.uid=".UID.")",'right')
if (empty($qx)){ ->where("ag.status=1")->limit(1)->select();
//如果没有任何权限 直接登出 if (empty($qx)){
D('Member')->logout(); //如果没有任何权限 直接登出
session('[destroy]'); D('Member')->logout();
session('[destroy]');
}
$where['id'] = substr($qx[0]['rules'],0,strpos($qx[0]['rules'], ','));
//$where['id'] = substr($qx[0]['rules'],0,1)
$dz = M("auth_rule")->field('name')->where($where)->find();
$red = substr($dz['name'],6);
redirect(U("$red"));
}else{
$this->error('未授权访问!');
} }
$where['id'] = substr($qx[0]['rules'],0,1);;
$dz = M("auth_rule")->field('name')->where($where)->find();
$red = substr($dz['name'],6);
redirect(U("$red"));
}else{
$this->error('未授权访问!');
}
}else{ }else{
// 检测分类及内容有关的各项动态权限 // 检测分类及内容有关的各项动态权限
$dynamic = $this->checkDynamic(); $dynamic = $this->checkDynamic();
if( false === $dynamic ){ if( false === $dynamic ){
$this->error('未授权访问!'); $this->error('未授权访问!');
}
} }
} }
} }
} }
$map2['uid'] = session("user_auth.uid"); $map2['uid'] = session("user_auth.uid");
$res = M('auth_group_access','sys_')->field('uid,group_id')->where($map2)->find(); $res = M('auth_group_access','sys_')->field('uid,group_id')->where($map2)->find();

Loading…
Cancel
Save