YDM
/
caiping


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
							<?php
/**
 * @copyright Copyright (c) 2021 勾股工作室
 * @license https://opensource.org/licenses/Apache-2.0
 * @link https://www.gougucms.com
 */

declare (strict_types=1);

namespace app\admin\middleware;

use think\facade\Cache;
use think\facade\Db;
use think\facade\Session;

class Auth
{

    public $Authconfig;

    public function __construct()
    {
        $this->Authconfig = [
            "admin/field.field/add",    // 财政局属性设置
            "admin/field.fieldcompany/add",     // 公司属性设置
            "admin/field.fieldproprietor/add",  // 业主属性设置

            "admin/project.cost_company/get_yezhu_tree",    // 获取业主
            "admin/project.cost_company/get_employee",  // 获取雇主
            "admin/api/upload",     // 上传文件
            "admin/project.cost/getemployeelist",   // 获取单位
            "admin/project.cost_company/get_department_tree",   // 获取部门

            "admin/project.cost/get_customer_head", // 委托单位负责人
            "admin/project.cost/get_customer",  // 选择委托单位

            // "admin/project.api/add_file",   // 上传附件
            // "admin/project.api/delete_file", // 删除附件
            "admin/message/index",  // 消息中心
            "admin/message/read", //消息中心的已读
            "admin/project.api/eliminate",//小红点消息消除
            "admin/project.api/add_file",
            
            "admin/project.received/get_department_tree",
            "admin/project.received/get_employee",
            
            "admin/index/people",//公司
            "admin/project.api/get_department_tree",//获取人
            "admin/project.api/get_employee",
            "admin/project.api/get_all_people_company",
            "admin/project.api/get_all_people",

            "admin/project.api/test", //zjl的测试方法
            "admin/project.api/get_project",

            "admin/project.appropriation/edit_company",
            "admin/project.appropriation/c_edit",
//            "admin/project.audit/read_company",

//            "admin/project.appropriation/c_read",

            "admin/project.comment/add_company",
            "admin/project.comment/add",
            "admin/project.comment/add_proprietor",
            
             "admin/project.api/get_entrust",
            "admin/project.api/get_entrust_people",
            
            "admin/contract.api/check_node",
            "admin/contract.api/relevancy_p",
            "admin/project.api/get_self_project",
            "admin/contract.api/get_contract",
            
            "admin/project.api/get_sent_review",
            "admin/project.api/get_sent_review_people",
            
            "admin/datastat.datastat/test",
        ];
    }


    public function handle($request, \Closure $next)
    {
        //获取模块名称
        $controller = app('http')->getName();
        $pathInfo = str_replace('' . $request->ext(), '', $request->pathInfo());
        // dump($pathInfo);
        $action = explode('/', $pathInfo)[0];
        //var_dump($pathInfo);exit;
        if ($pathInfo == '' || $action == '') {
            redirect('/admin/index/index.html')->send();
            exit;
        }

        //验证用户登录
        if ($action !== 'login') {
            $session_admin = get_config('app.session_admin');

            if (!Session::has($session_admin)) {
                if ($request->isAjax()) {
                    return to_assign(404, '请先登录');
                } else {
                    redirect('/admin/login/index.html')->send();
                    exit;
                }
            }


            $uid = Session::get($session_admin)['id'];
            // 检查上次密码更换时间
            $lastPasswordChange = Db::name('Admin')->where('id', $uid)->value('last_password_change');

            if($pathInfo != "api/password_submit"){
                // 检查是否需要更新密码
                if ($lastPasswordChange === null && $pathInfo != "api/edit_password.") {
                    redirect('/admin/api/edit_password.html')->send();
                } else if ($lastPasswordChange != null && $pathInfo != "api/edit_password.") {

                    $daysSinceLastChange = (time() - $lastPasswordChange) / (60 * 60 * 24);
                    if ($daysSinceLastChange > 180) {
                        redirect('/admin/api/edit_password.html')->send();
                    }
                }
            }

            //验证用户访问权限
            // if ($action !== 'index' && $action !== 'api') {
            //     if (!$this->checkAuth($controller, $pathInfo, $action, $uid)) {
            //          if ($request->isAjax()) {
            //              return to_assign(202, '没有使用权限！');
            //          } else {
            //              echo '<div style="text-align:center;color:red;margin-top:20%;">没有使用权限！</div>';
            //              exit;
            //          }
            //     }

            // }
        }

        $response = $next($request);
        // dump($request);
        // dump($response);
        return $response;
    }

    /**
     * 验证用户访问权限
     * @DateTime 2020-12-21
     * @param string $controller 当前访问控制器
     * @param string $action 当前访问方法
     * @param string $uid 当前用户id
     * @return   [type]
     */
    protected function checkAuth($controller, $pathInfo, $action, $uid)
    {
        //Cache::delete('RulesSrc' . $uid);
        if (!Cache::get('RulesSrc' . $uid) || !Cache::get('RulesSrc0')) {
            //用户所在权限组及所拥有的权限
            // 执行查询
            $user_groups = Db::name('AdminGroupAccess')
                ->alias('a')
                ->join("AdminGroup g", "a.group_id=g.id", 'LEFT')
                ->where("a.uid='{$uid}' and g.status='1'")
                ->select()
                ->toArray();
            $groups = $user_groups ?: [];

            $ids = []; //保存用户所属用户组设置的所有权限规则id
            foreach ($groups as $g) {
                $ids = array_merge($ids, explode(',', trim($g['rules'], ',')));
            }
            $ids = array_unique($ids);
            //读取所有权限规则
            $rules_all = Db::name('AdminRule')->field('src')->select();
            //读取用户组所有权限规则
            $rules = Db::name('AdminRule')->where('id', 'in', $ids)->field('src')->select();
            //循环规则，判断结果。
            $auth_list_all = [];
            $auth_list = [];
            foreach ($rules_all as $rule_all) {
                $auth_list_all[] = strtolower($rule_all['src']);
            }
            foreach ($rules as $rule) {
                $auth_list[] = strtolower($rule['src']);
            }
            //规则列表结果保存到Cache
            Cache::tag('adminRules')->set('RulesSrc0', $auth_list_all, 36000);
            Cache::tag('adminRules')->set('RulesSrc' . $uid, $auth_list, 36000);
        } else {
            $auth_list_all = Cache::get('RulesSrc0');
            $auth_list = Cache::get('RulesSrc' . $uid);
        }
        // dump($auth_list);
        $pathUrl = $controller . '/' . $pathInfo;
        // dump($pathUrl);
        if (!in_array($pathUrl, $auth_list)) {
            if (in_array($pathUrl, $this->Authconfig)) {
                // dump($this->Authconfig);
                return true;
            }
            return false;
        } else {
            return true;
        }
    }
}