基类地址:application/core/MY_Controller.php
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class MY_Controller extends CI_Controller {
public function __construct(){
parent::__construct();
}
}
/**
* CI仿thinkphp权限,鉴权,auth鉴权
* user 用户表 uid,username,password (1,admin,admin)
* role 规则表,记录每一个方法的ID值 rid,rname,model,controller,action (1,后台首页,admin,index,index)
* group 规则组表,将某一些规则归为一组 gid,gname,grole (1,超级管理员, 1,10,15,16 ) 1,10,15....为规则ID用,号分开
* user_group 用户规则表,记录用户拥有哪些组别权限 uid,gid (1,1) 用户uid为1的用户拥有所有gid为1内所有grole的权限
* 具体字段可参考thinkphp中auth类
*/
class AdminBase extends MY_Controller{
public function __construct(){
parent::__construct();
//判断是否登录
if(!isset($_SESSION['uid']) || $_SESSION['uid'] == ''){
redirect('admin/login/index');
}
//判断用户是否有权限访问;
//1.拿用户ID获取用户组 2.把所有用户组的规则ID合并 3.拿当前路径查询出所属的规则ID 4.拿规则ID去in_arry用户组ID 5.根据权限跳转
$super = $this->config->item('super'); //获取配置文件中超级管理员ID,与当前ID匹配如果是超级管理员则无需进行权限认证
if($super == $_SESSION['uid']){
return true;
}
$uid = $_SESSION['uid'];
$model = $this->uri->segment(1); //获取模块名
$controller = $this->uri->segment(2); //获取控制器名
$action = $this->uri->segment(3); //获取方法名
//1.拿用户ID获取用户组
$garr = $this->db->where(array('uid'=>$uid))->get('user_group')->result_array();
foreach ($garr as $item) {
$garrs[] = $item['gid'];
}
//2.把所有用户组的规则ID合并
foreach ($garrs as $ks) {
$list = $this->db->where(array('gid'=>$ks))->get('group')->row_array();
$arr[] = explode(',', $list['grole']);
}
$arrs = []; //将所有的数组装入这个数组并且去重得到用户最终的权限ID
foreach ($arr as $km) {
$arrs = array_unique(array_merge($arrs,$km));
}
//3.拿当前路径查询出所属的规则ID
$result = $this->db->where(array('model'=>$model,'controller'=>$controller,'action'=>$action))->get('role')->row_array();
$rid = $result['rid'];
//4.拿规则ID去in_arry用户组ID
$res = in_array($rid, $arrs);
//5.根据是否有权限进行跳转
if(!$res){
redirect('admin/login/index');
}
}
}