1. 新建中间件
<?php namespace App\Base\Middleware; use App\AuthRule; use App\Base\Exceptions\ApiException; use Illuminate\Support\Facades\Route; use Closure; class PermissionMiddleware { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { define("UID", is_login()); //判断是否登陆,定义用户常量 if (!UID) { return redirect("admin/public/login"); //跳转登陆页面 } define("IS_ROOT", is_administrator()); //定义超级管理员 //定义一个前缀,操作前缀 $route = Route::current(); $path = $request->path(); $rmodel = $route->action["prefix"]; //前加 if (!empty($rmodel)) { $rmodel = substr($rmodel, 1); } else { $rmodel = ""; } define("MODULE_NAME", $rmodel); //定义一个前缀 if (!IS_ROOT) { $access = $this->accessControl(); if (false === $access) { throw new ApiException(ApiException::ERROR_ACCESS_NOT_ENABLE); } elseif (null === $access) { //检测访问权限 $rule = $path; if (!$this->checkRule($rule, array(1, 2))) { throw new ApiException(ApiException::ERROR_UNAUTHORIZE_ACCESS); } else { // 检测分类及内容有关的各项动态权限 $dynamic = $this->checkDynamic(); if (false === $dynamic) { throw new ApiException(ApiException::ERROR_UNAUTHORIZE_ACCESS); } } } } return $next($request); } final protected function accessControl() { $route = Route::current(); $route_name = Route::currentRouteName(); $rmodel = $route->action["prefix"]; $allow = config('lzy.ALLOW_VISIT'); $deny = config('lzy.DENY_VISIT'); $check = strtolower($rmodel . '/' . $route_name); if (!empty($deny) && in_array_case($check, $deny)) { return false; //非超管禁止访问deny中的方法 } if (!empty($allow) && in_array_case($check,