# 進階篇三 實戰開發之權限控制 [TOC] ## 權限控制的作用 >[info] 在項目中,特別是后臺管理的項目中,權限控制非常重要,有些頁面要求不限制訪問,有些頁面要求登陸后才能訪問,還有些重要頁面,必須是指定的角色才能訪問.在MVC項目中,我們可以通過控制每一個控制器的節點的權限達到我們的需求. ## 巧用控制器基類 達到權限控制的目的 首先 咱們先點有一套 驗證登錄 設置登錄 設置退出的方法, 注意這個方法都是放在 base/controller中 ### 全局登錄函數組 詳細使用方法參照 http://www.hmoore.net/mikkle/thinkphp5_study/349347 * 檢查全局登錄 ~~~ /** * 檢測是否登錄 * Power by Mikkle * QQ:776329498 * @return bool */ public function checkLoginGlobal() { $check_success = false; switch ($this->loginType) { case 1; case "session"; $this->uuid = Session::get('uuid', 'Global'); $this->member_info = Session::get('member_info', 'Global'); if ($this->uuid && $this->member_info) { $check_success = true; } break; case 2; case "cache"; $session_id_check = Cookie::get("session_id"); $this->uuid = Cache::get("uuid_{$session_id_check}"); $this->member_info = Cache::get("member_info_{$session_id_check}"); if ($this->uuid && $this->member_info) { $check_success = true; } //刷新 緩存有效期 Cache::set("uuid_{$session_id_check}", $this->uuid); Cache::set("member_info_{$session_id_check}", $this->member_info); break; case 3: case "redis": //這部分不方便共享 不好意思 break; } return $check_success; } ~~~ * 設置全局登錄 ~~~ /** * 設置全局登錄 * #User: Mikkle * #Email:776329498@qq.com * #Date: */ public function setLoginGlobal($member_info = [], $login_code = 0) { $set_success = false ; if ($member_info) { switch ($this->loginType) { case 1: case "session": Session::set('member_info', $member_info, 'Global'); Session::set('uuid', $member_info['uuid'], 'Global'); if ((Session::has("uuid", "Global"))) { $set_success = true; } break; case 2: case "cache": $session_id = $this->create_uuid("SN"); Cookie::set("session_id", $session_id); Cache::set("member_info_$session_id", $member_info); Cache::set("uuid_$session_id", $member_info['uuid']); $session_id_check = Cookie::get("session_id"); if ((Cache::get("uuid_{$session_id_check}"))) { $set_success = true; } break; case 3:case "redis": //這部分不方便共享 不好意思 break; } } if (!$set_success) return false; //保存登錄記錄 $this->saveLoginInfo($member_info['uuid'],$login_code); return true; } ~~~ * 設置全局退出 ~~~ /** * 全局退出 * Power by Mikkle * QQ:776329498 * @return bool */ protected function logoutGlobal(){ switch ($this->loginType) { case 1: case "session": Session::delete('uuid', 'Global'); Session::delete('member_info', 'Global'); break; case 2: case "cache": $session_id_check = Cookie::get("session_id"); Cache::rm("uuid_{$session_id_check}"); Cache::rm("member_info_{$session_id_check}"); Cookie::delete("session_id"); break; case 3:case "redis": //這部分不方便共享 不好意思 break; } $this->member_info = null; $this->uuid = null; return true; } ~~~ ### 在模塊控制器基類的構造函數檢驗權限 比如說現在的wechat 模塊 ~~~ <?php /** * Created by PhpStorm. * Power by Mikkle * QQ:776329498 * Date: 2017/4/17 * Time: 9:33 */ namespace app\wechat\controller; class Base extends \app\base\controller\Base { protected $isLogin = false; //判斷是否登陸 protected $uuid; //登陸后的UUID protected $config_list=[]; /** * 檢查登陸信息 * Power by Mikkle * QQ:776329498 */ public function _initialize() { if ($this->checkLoginGlobal()) { $this->isLogin = true; } } } ~~~ 這樣繼承這個基類的方法 都可以通過 $this->uuid 是否存在 來判斷是否登錄 ~~~ public function test(){ //檢驗用戶是否登錄 if (!$this->uuid){ return self::showReturnCodeWithOutData(1004); } //使用用戶信息 dump($this->member_info); } ~~~ ### 重要節點的權限判斷 接下來 我們再建立一個Auth權限基類 看源碼 ~~~ <?php /** * Created by PhpStorm. * Power by Mikkle * QQ:776329498 * Date: 2017/4/17 * Time: 14:47 */ namespace app\wechat\controller; use app\base\model\PersonnelNode; use app\base\model\PersonnelRoleNodeAccess; use think\Session; abstract class Auth extends Base { //權限跳過檢驗的節點 protected $index_array=[ 'Index'=>[ 'index'=>true, 'login'=>true, 'getmenujson'=>true, ], ]; protected $log_string; protected $member_info; public function _initialize() { parent::_initialize(); // TODO: Change the autogenerated stub //檢測是否登陸 if(!$this->isLogin) { $this->redirect('index/login'); } //檢測登陸權限 $auth =$this->checkNodeAuth(); //dump($auth); if($auth!=true || $auth==false || is_string($auth)){ // dump($this->log_string); $this->error($this->log_string,"index/index"); } $this->member_info = Session::get('member_info','Global'); } /** * 獲取當前訪問節點 * Power: Mikkle * Email：776329498@qq.com * @return bool */ protected function checkNodeAuth() { if ($this->checkIsAdmin()) { return true; } else { $request = $this->request; if ($this->checkIsIndex($request->controller(), $request->action())) { return true; } //檢測權限// 當前模塊名 $node = new PersonnelNode(); //跳過登錄系列的檢測以及主頁權限 $node_info = $node->getNodeInfo($request->module(), $request->controller(), $request->action()); if (empty($node_info)) { $this->log_string='此頁面訪問權限未開放，請聯系管理員'; return false; } if ($node_info['auth_grade'] > 0) { return $this->checkUserNodeAuthByNodeGuId($node_info['guid']); } return true; } } /** * 檢測節點是否可以默認登錄 * Power: Mikkle * Email：776329498@qq.com * @param $controller * @param $action * @return bool */ protected function checkIsIndex($controller,$action) { return isset($this->index_array[$controller][$action])? true : false ; } /** * 判斷用戶是否有節點權限 * Power: Mikkle * Email：776329498@qq.com * @param $Guid * @return bool */ protected function checkUserNodeAuthByNodeGuId($Guid) { $member = $this->member_info; $node_list =[]; if (Session::has("role_node_list_{$Guid}")){ $node_list=Session::has("role_node_list_{$Guid}"); }else{ $model = new PersonnelRoleNodeAccess(); $node_list = $model->getRoleMenuList($member['role_id'],1); } if (!in_array($Guid, $node_list)) { $this->log_string="你沒有權限，請聯系系統管理員"; return false; }else{ return true; } } /** * 檢測是否是管理員 * Power: Mikkle * Email：776329498@qq.com * @return bool */ protected function checkIsAdmin() { if (Session::has('is_admin')) { return true; } else { return false; } } } ~~~ OK 剩余的就是把授權節點的信息寫入權限表[PersonnelRoleNodeAccess]中即可! ### 控制器繼承Auth類 即可驗證權限 剩余要做的 就是需要驗證登錄的控制器繼承Auth ~~~ <?php /** * Created by PhpStorm. * User: Administrator * Date: 2017/5/23 * Time: 13:02 */ namespace app\wechat\controller; class Project extends Auth { } ~~~ 感謝大家關注 交流請加QQ群 321449759