摘要://在基类控制器中实现访问控制 <?php namespace app\admins\controller; use think\Controller; use util\SysDb; class Base extends Controller { public function __co
//在基类控制器中实现访问控制
<?php
namespace app\admins\controller;
use think\Controller;
use util\SysDb;
class Base extends Controller
{
public function __construct()
{
parent::__construct();
$this->_admin = session('admin');
if(empty($this->_admin)){
$this->redirect('Account/login');
}
$this->db = new SysDb;
$role = $this->db->table('roles')->where(['gid'=>$this->_admin['gid']])->item();
if($this->_admin['username']!='admin' && empty($role)){
session('admin',null);
$this->errorInfo('对不起,您还没有分配角色,无法访问后台');
}
$controller = request()->controller();
$method = request()->action();
$res = $this->db->table('menus')->where(['controller'=>$controller,'method'=>$method])->item();
if(!$res){
$this->errorInfo('对不起,您访问的菜单不存在');
}
if($res['status']){
$this->errorInfo('对不起,您访问的菜单已禁用');
}
if($this->_admin['username']!='admin'){
$rights = !empty($role['rights'])?json_decode($role['rights'],true):[];
if(!in_array($res['menu_id'],$rights)){
$this->errorInfo('对不起,您没有权限访问该菜单');
}
}
}
private function errorInfo($msg)
{
if(request()->isAjax()){
exit(json_encode(['code'=>1,'msg'=>$msg]));
}else{
exit($msg);
}
}
}
?>
批改老师:韦小宝批改时间:2019-03-12 09:26:45
老师总结:写的非常不错 权限在网站中还是很重要的 没个人的角色不同给定的权限当然也是不同的
