Skip to content

O
openApi
Commit a9b57605 authored by hangjun83's avatar hangjun83
Browse files
Options

后端:权限逻辑更新

parent adce86e5
Hide whitespace changes
Inline Side-by-side
Showing with 59 additions and 19 deletions
server/app/Http/Controllers/Middleware/Authenticate.php
View file @ a9b57605
...@@ -64,9 +64,11 @@ class Authenticate ...@@ -64,9 +64,11 @@ class Authenticate
/** /**
* 如果路由是登出或者是修改密码的时候,需要对token进行处理,否则jwt处理时会出错 * 如果路由是登出或者是修改密码的时候,需要对token进行处理,否则jwt处理时会出错
*/ */
if(Str::endsWith(strtolower((string) $request->getPathInfo()), 'logout') || if(
Str::endsWith(strtolower((string) $request->getPathInfo()), 'logout') ||
Str::endsWith(strtolower((string) $request->getPathInfo()), 'resetpassword') Str::endsWith(strtolower((string) $request->getPathInfo()), 'resetpassword')
){ )
{
$token = trim(str_ireplace('bearer', '', $request->header('authorization'))); $token = trim(str_ireplace('bearer', '', $request->header('authorization')));
$decodeToken = $this->decodeToken($token); $decodeToken = $this->decodeToken($token);
...@@ -107,25 +109,26 @@ class Authenticate ...@@ -107,25 +109,26 @@ class Authenticate
$routeParams = $request->route()[1]; $routeParams = $request->route()[1];
// 如果该路由不存在权限,或者在白名单中,直接不做权限验证 if(!isset($routeParams['permission'])){
if(isset($routeParams['permission']) && in_array($routeParams['permission'],$this->whiteList)){
return true; return true;
} }
$routePermissions = explode(',',$routeParams['permission']);
if(in_array($routeParams['uri'],$this->whiteList)){ // 如果该路由不存在权限,或者在白名单中,直接不做权限验证
if(empty($routePermissions) || count($routePermissions) == 0){
return true; return true;
} }
// 获取用户的所有角色组对应的权限 // 获取用户的所有角色组对应的权限
$roles = $user->roles; $roles = $user->roles;
collect($roles)->map(function($role) use (&$userPermissions){ collect($roles)->map(function($role) use (&$userPermissions){
$permissions = $role->permissions; $permissions = $role->permissions;
collect($permissions)->map(function($permission) use (&$userPermissions){ collect($permissions)->map(function($permission) use (&$userPermissions){
$userPermissions[$permission['id']] = $permission->toArray(); $userPermissions[] = $permission->toArray()['action'];
}); });
}); });
$userPermissions = array_values(array_filter($userPermissions));
$hasPermission = false; $hasPermission = false;
// 获取 dingo 对应的版本的路由列表 // 获取 dingo 对应的版本的路由列表
$routeList = []; $routeList = [];
...@@ -134,11 +137,48 @@ class Authenticate ...@@ -134,11 +137,48 @@ class Authenticate
return ; return ;
} }
// 此逻辑是,可能页面搜索和列表使用的是同一个request请求,如果用搜索来做请求的话,必须把权限设置为搜索权限,否则权限将出现漏洞
// 支持泛权限 如果最后是*号结束,代表只要是前缀相同的都有访问资格
if(
!Str::endsWith(strtolower((string) $routeParams['permission']), '*'))
{
if(
$request->has('buttonAction') &&
$action = $request->input('buttonAction'))
{
$uriPermission = explode(',',$routeParams['permission']);
$permission = explode('.',current($uriPermission));
$permission[count($permission) - 1] = $action;
$requestPermission = implode('.',$permission);
foreach($userPermissions as &$permission){
if(in_array($permission,$uriPermission)){
$permission = $requestPermission;
}
}
}
}
$filterRoute = []; $filterRoute = [];
foreach($routes as $key =>$route){ foreach($routes as $route){
foreach($userPermissions as $key => $permission){ foreach($userPermissions as $permission){
if(isset($route['permission']) && $permission['action'] == $route['permission']){ if(isset($route['permission']) &&
$filterRoute[] = $route['uri']; Str::endsWith(strtolower((string) $route['permission']), '*'))
{
$uriPermission = explode('.',$route['permission']);
unset($uriPermission[count($uriPermission) - 1]);
if(
Str::startsWith($permission,strtolower((string) implode('.',$uriPermission)))
){
$filterRoute[] = $route['uri'];
}
}else{
if(isset($route['permission']) && in_array($permission,explode(',',$route['permission']))){
$filterRoute[] = $route['uri'];
}
} }
} }
} }
......
server/database/seeds/local/MenusSeeder.php
View file @ a9b57605
...@@ -141,7 +141,7 @@ class MenusSeeder extends Seeder ...@@ -141,7 +141,7 @@ class MenusSeeder extends Seeder
'parent_id' => 0, 'parent_id' => 0,
'menu_type' => 'page', 'menu_type' => 'page',
'menu_icon' => 'ios-document', 'menu_icon' => 'ios-document',
'component' => 'doc/doc-manage/docManage', 'component' => 'doc-manage/server',
'status' => 1, 'status' => 1,
'is_show' => 1, 'is_show' => 1,
'sys_default' => 1, 'sys_default' => 1,
......
server/routes/api/auth.php
View file @ a9b57605
...@@ -19,11 +19,11 @@ $api->version('v1', function($api) { ...@@ -19,11 +19,11 @@ $api->version('v1', function($api) {
$api->post('/adminapi/user/add', ['permission' => 'user.add', 'uses'=>'AuthUserController@addUser']); $api->post('/adminapi/user/add', ['permission' => 'user.add', 'uses'=>'AuthUserController@addUser']);
$api->post('/adminapi/user/edit', ['permission' => 'user.edit', 'uses'=>'AuthUserController@editUser']); $api->post('/adminapi/user/edit', ['permission' => 'user.edit', 'uses'=>'AuthUserController@editUser']);
$api->get('/adminapi/user/info', ['uses'=>'AuthUserController@info']); $api->get('/adminapi/user/info', ['uses'=>'AuthUserController@info']);
$api->post('/adminapi/auth/resetPassword', ['permission' => 'auth.reset_password', 'uses'=>'AuthUserController@resetPassword']); $api->post('/adminapi/auth/resetPassword', ['permission' => 'user.reset_password', 'uses'=>'AuthUserController@resetPassword']);
$api->get('/adminapi/user/listByPage', ['permission' => 'user.list_by_page', 'uses'=>'AuthUserController@listByPage']); $api->get('/adminapi/user/listByPage', ['permission' => 'user.list.*', 'uses'=>'AuthUserController@listByPage']);
$api->post('/adminapi/user/disable/{id}', ['permission' => 'user.disable', 'uses'=>'AuthUserController@changeUserStatus']); $api->post('/adminapi/user/disable/{id}', ['permission' => 'user.edit.status', 'uses'=>'AuthUserController@changeUserStatus']);
$api->post('/adminapi/user/enable/{id}', ['permission' => 'user.enable', 'uses'=>'AuthUserController@changeUserStatus']); $api->post('/adminapi/user/enable/{id}', ['permission' => 'user.edit.status', 'uses'=>'AuthUserController@changeUserStatus']);
$api->post('/adminapi/user/delByIds', ['permission' => 'user.del_by_ids', 'uses'=>'AuthUserController@delUserByIds']); $api->post('/adminapi/user/delByIds', ['permission' => 'user.del.ids', 'uses'=>'AuthUserController@delUserByIds']);
}); });
......
server/routes/api/permissions.php
View file @ a9b57605
...@@ -16,7 +16,7 @@ $api->version('v1', function($api) { ...@@ -16,7 +16,7 @@ $api->version('v1', function($api) {
$api->group(['namespace'=>'App\Http\Controllers\V1','middleware' => ['api.auth','permissions'], 'providers' => 'jwt'], function($api) { $api->group(['namespace'=>'App\Http\Controllers\V1','middleware' => ['api.auth','permissions'], 'providers' => 'jwt'], function($api) {
//菜单相关 //菜单相关
$api->get('/adminapi/permission/menu/userRoleMenuList', ['permission' => 'menu.permission.list', 'uses'=>'PermissionsController@getUserRoleMenuList']); $api->get('/adminapi/permission/menu/userRoleMenuList', ['uses'=>'PermissionsController@getUserRoleMenuList']);
$api->post('/adminapi/permission/menu/edit', ['permission' => 'menu.permission.edit', 'uses'=>'PermissionsController@editMenus']); $api->post('/adminapi/permission/menu/edit', ['permission' => 'menu.permission.edit', 'uses'=>'PermissionsController@editMenus']);
$api->post('/adminapi/permission/menu/subAdd', ['permission' => 'menu.permission.add', 'uses'=>'PermissionsController@addSubMenus']); $api->post('/adminapi/permission/menu/subAdd', ['permission' => 'menu.permission.add', 'uses'=>'PermissionsController@addSubMenus']);
$api->post('/adminapi/permission/menu/del', ['permission' => 'menu.permission.del','uses'=>'PermissionsController@deleteMenus']); $api->post('/adminapi/permission/menu/del', ['permission' => 'menu.permission.del','uses'=>'PermissionsController@deleteMenus']);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment