Control.php
2.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
namespace app\ht\exts\rbac;
use Yii;
use yii\web\ForbiddenHttpException;
use yii\base\ActionFilter;
use yii\db\Query;
use common\models\SysUser as SysUserModel;
use function is_array;
use function trim;
class Control extends ActionFilter
{
public $allowActions = [];
/**
* @inheritdoc
*/
public function beforeAction($action)
{
$actionId = $action->getUniqueId();
$user = Yii::$app->getUser();
if ($this->checkRoute($actionId, $user)) {
return true;
}
$this->denyAccess($user);
}
/**
* 拒绝当前用户的访问.
* @param User $user the current user
* @throws ForbiddenHttpException if the user is already logged in.
*/
protected function denyAccess($user)
{
if ($user->getIsGuest()) {
$user->loginRequired();
} else {
throw new ForbiddenHttpException('您没有权限访问此页面');
}
}
/**
* Check access route for user.
* @param string|array $route
* @param array $param
* @param User $user
* @return boolean
*/
protected function checkRoute($route, $user = null)
{
if ($user === null) {
$user = Yii::$app->getUser();
}
$routes = $this->getAllRoutes();
if (isset($routes[$route])) {
$perms = $routes[$route];
foreach ($perms as $perm) {
if ($user->can($perm)) {
return true;
}
}
}
return false;
}
/**
* @inheritdoc
*/
protected function isActive($action)
{
// 对site/error无效
$uniqueId = $action->getUniqueId();
if ($uniqueId === Yii::$app->getErrorHandler()->errorAction) {
return false;
}
// 对调试等路由无效
foreach ($this->allowActions as $route) {
if ($route == $uniqueId) {
return false;
}
}
// 对登陆页面无效
$user = Yii::$app->getUser();
if ($user->getIsGuest() && is_array($user->loginUrl) && isset($user->loginUrl[0]) && $uniqueId === trim($user->loginUrl[0], '/')) {;
return false;
}
// 对超级管理员无效
if ($user->id == SysUserModel::ROOT_ID) {
return false;
}
return true;
}
protected function getAllRoutes()
{
static $routes = [];
if (!empty($routes)) {
return $routes;
}
$routeQuery = new Query();
$routeQuery->select(['auth_perms_routes.*']);
$routeQuery->from('auth_perms_routes');
$result = $routeQuery->all();
$routes = [];
foreach($result as $r) {
$routes[$r['route']][] = $r['perm_id'];
}
return $routes;
}
}