Merge remote-tracking branch 'origin/release-1.0.0' into release-1.0.0

5 years ago · 4d06b52b9d
parent c6b8f99b6e b3e09ad5db
commit 4d06b52b9d
1 changed files with 29 additions and 26 deletions
--- a/Application/Admin/Controller/AdminController.class.php
+++ b/Application/Admin/Controller/AdminController.class.php
@ -16,7 +16,6 @@ use Admin\Model\AuthGroupModel;
 * @author 麦当苗儿 <zuojiazi@vip.qq.com>
 */
 class AdminController extends Controller {
-
    /**
     * 后台控制器初始化
     */
@ -49,6 +48,7 @@ class AdminController extends Controller {
            if ( false === $access ) {
                $this->error('403:禁止访问');
            }elseif(null === $access ){
+                if(CONTROLLER_NAME !== "Ajax"){//ajax放行
                    //检测访问权限
                    $rule  = strtolower(MODULE_NAME.'/'.CONTROLLER_NAME.'/'.ACTION_NAME);
                    if ( !$this->checkRule($rule,array('in','1,2')) ){
@ -63,7 +63,8 @@ class AdminController extends Controller {
                                D('Member')->logout();
                                session('[destroy]');
                            }
-                        $where['id'] = substr($qx[0]['rules'],0,1);;
+                            $where['id'] = substr($qx[0]['rules'],0,strpos($qx[0]['rules'], ','));
+                            //$where['id'] = substr($qx[0]['rules'],0,1)
                            $dz = M("auth_rule")->field('name')->where($where)->find();
                            $red = substr($dz['name'],6);
                            redirect(U("$red"));
@ -80,6 +81,8 @@ class AdminController extends Controller {
                    }
                }
            }
+                
+        }   
        $map2['uid'] = session("user_auth.uid");
        $res = M('auth_group_access','sys_')->field('uid,group_id')->where($map2)->find();
        $map1['id'] = $res['group_id'];