Home Verkennen Help
Inloggen
liu
/
merchant_admin
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

优化权限及登录白名单规则

aiden 4 maanden geleden
bovenliggende
0798c19537
commit
6f13f5b56d
3 gewijzigde bestanden met toevoegingen van 111 en 46 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 53 8
      app/middleware/AuthMiddleware.php
  2. 28 0
      app/service/MenuService.php
  3. 30 38
      config/menu.php

+ 53 - 8
app/middleware/AuthMiddleware.php
Bestand weergeven 

@@ -20,14 +20,8 @@ class AuthMiddleware
 
         $controller = $request->controller();
 
         $action = $request->action();
 
         
-        // 白名单:不需要登录验证的操作
 
-        $whiteList = [
 
-            'User.login',
 
-            'User.logout',
 
-        ];
 
-        
-        $current = $controller . '.' . $action;
 
-        if (in_array($current, $whiteList)) {
 
+        // 检查是否在登录白名单中(不需要登录验证)
 
+        if ($this->isLoginWhitelisted($controller, $action)) {
 
             return $next($request);
 
         }
 
         
@@ -41,6 +35,11 @@ class AuthMiddleware
 
         $request->userInfo = $userInfo;
 
         $request->userId = (int)$userInfo['user_id'];
 
         
+        // 检查是否在权限白名单中(需要登录但不需要权限验证)
 
+        if ($this->isPermissionWhitelisted($controller, $action)) {
 
+            return $next($request);
 
+        }
 
+        
         // 验证权限
 
         if (!$this->checkPermission((int)$userInfo['user_id'], $controller, $action)) {
 
             return json_error([], '无权限访问', 403);
 
@@ -75,4 +74,50 @@ class AuthMiddleware
 
         // 使用MenuService检查权限
 
         return MenuService::checkPermission($userId, $controller, $action);
 
     }
 
+    
+    /**
 
+     * 检查是否在登录白名单中
 
+     */
 
+    protected function isLoginWhitelisted(string $controller, string $action): bool
 
+    {
 
+        $whitelist = Config::get('menu.login_whitelist', []);
 
+        
+        // 检查控制器级别白名单
 
+        $controllers = $whitelist['controllers'] ?? [];
 
+        if (in_array($controller, $controllers)) {
 
+            return true;
 
+        }
 
+        
+        // 检查具体方法白名单
 
+        $actions = $whitelist['actions'] ?? [];
 
+        $current = $controller . '/' . $action;
 
+        if (in_array($current, $actions)) {
 
+            return true;
 
+        }
 
+        
+        return false;
 
+    }
 
+    
+    /**
 
+     * 检查是否在权限白名单中
 
+     */
 
+    protected function isPermissionWhitelisted(string $controller, string $action): bool
 
+    {
 
+        $whitelist = Config::get('menu.permission_whitelist', []);
 
+        
+        // 检查控制器级别白名单
 
+        $controllers = $whitelist['controllers'] ?? [];
 
+        if (in_array($controller, $controllers)) {
 
+            return true;
 
+        }
 
+        
+        // 检查具体方法白名单
 
+        $actions = $whitelist['actions'] ?? [];
 
+        $current = $controller . '/' . $action;
 
+        if (in_array($current, $actions)) {
 
+            return true;
 
+        }
 
+        
+        return false;
 
+    }
 
 }

+ 28 - 0
app/service/MenuService.php
Bestand weergeven 

@@ -169,6 +169,11 @@ class MenuService
 
      */
 
     public static function checkPermission(int $userId, string $controller, string $action): bool
 
     {
 
+        // 检查是否在白名单中
 
+        if (self::isWhitelisted($controller, $action)) {
 
+            return true;
 
+        }
 
+        
         $roleId = getUserRoleId($userId);
 
         if (!$roleId) {
 
             return false;
 
@@ -186,6 +191,29 @@ class MenuService
 
         return in_array($permission, $permissions);
 
     }
 
     
+    /**
 
+     * 检查是否在白名单中
 
+     */
 
+    private static function isWhitelisted(string $controller, string $action): bool
 
+    {
 
+        $whitelist = Config::get('menu.permission_whitelist', []);
 
+        
+        // 检查控制器级别白名单
 
+        $controllers = $whitelist['controllers'] ?? [];
 
+        if (in_array($controller, $controllers)) {
 
+            return true;
 
+        }
 
+        
+        // 检查具体方法白名单
 
+        $actions = $whitelist['actions'] ?? [];
 
+        $current = $controller . '/' . $action;
 
+        if (in_array($current, $actions)) {
 
+            return true;
 
+        }
 
+        
+        return false;
 
+    }
 
+    
     /**
 
      * 获取权限组配置
 
      */

+ 30 - 38
config/menu.php
Bestand weergeven 

@@ -4,6 +4,36 @@ return [
 
     // 超级管理员角色ID(可以配置多个)
 
     'super_admin_role_ids' => [1],
 
     
+    // 登录白名单(不需要登录验证的控制器/方法)
 
+    'login_whitelist' => [
 
+        // 控制器级别白名单
 
+        'controllers' => [
 
+            'Login',
 
+            'Public'
 
+        ],
 
+        // 具体方法白名单(控制器/方法)
 
+        'actions' => [
 
+            'User/login',
 
+            'User/logout',
 
+            'Common/captcha'
 
+        ]
 
+    ],
 
+    
+    // 权限白名单(需要登录但不需要权限验证的控制器/方法)
 
+    'permission_whitelist' => [
 
+        // 控制器级别白名单(该控制器下所有方法都不需要权限)
 
+        'controllers' => [
 
+            'Test'
 
+        ],
 
+        // 具体方法白名单(控制器/方法)
 
+        'actions' => [
 
+            'User/profile',
 
+            'User/updatePassword',
 
+            'Menu/getUserMenus',
 
+            'Common/upload'
 
+        ]
 
+    ],
 
+    
     // 菜单配置
 
     'menus' => [
 
         [
 
@@ -151,43 +181,5 @@ return [
 
                 ]
 
             ]
 
         ]
 
-    ],
 
-
 
-    // 权限组合(用于快速分配角色权限)
 
-    'permission_groups' => [
 
-        'viewer' => [
 
-            'name' => '查看者',
 
-            'description' => '只有查看权限',
 
-            'permissions' => [
 
-                'User' => ['list', 'detail'],
 
-                'Player' => ['list', 'detail', 'statistics'],
 
-                'Game' => ['list', 'detail', 'statistics'],
 
-                'UserRole' => ['list', 'detail'],
 
-                'Statistics' => ['user', 'merchant']
 
-            ]
 
-        ],
 
-        'operator' => [
 
-            'name' => '操作员',
 
-            'description' => '有基本的增删改查权限',
 
-            'permissions' => [
 
-                'User' => ['list', 'create', 'update', 'detail'],
 
-                'Player' => ['list', 'detail', 'updateStatus', 'statistics'],
 
-                'Game' => ['list', 'detail', 'updateStatus', 'statistics'],
 
-                'UserRole' => ['list', 'detail'],
 
-                'Statistics' => ['user', 'merchant']
 
-            ]
 
-        ],
 
-        'admin' => [
 
-            'name' => '管理员',
 
-            'description' => '有完整的管理权限',
 
-            'permissions' => [
 
-                'User' => ['list', 'create', 'update', 'delete', 'detail'],
 
-                'Player' => ['list', 'detail', 'updateStatus', 'updateAdjustStatus', 'statistics', 'batchUpdate', 'export'],
 
-                'Game' => ['list', 'detail', 'create', 'update', 'updateStatus', 'batchUpdate', 'delete', 'statistics', 'export'],
 
-                'UserRole' => ['list', 'create', 'update', 'delete', 'detail', 'permissions'],
 
-                'Menu' => ['getUserMenus', 'getAllPermissions'],
 
-                'Statistics' => ['user', 'merchant']
 
-            ]
 
-        ]
 
     ]
 
 ];