<?php
namespace App\Http\Middleware;
use App\User;
use Closure;
use Illuminate\Support\Facades\DB;
class AdminCheck
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
private $Allow = [];
private $ignore = ['admin-login','admin-captcha','tips','admin-logout'];
public function handle($request, Closure $next)
{
$data = $request->all();
$ignore = [];
foreach ($this->ignore as $urls){
$ignore[] = Route($urls);
}
$url = $request->url();
if(in_array($url,$ignore)){
return $next($request);
}
$id = $request->session()->get('admin_id');
$username = $request->session()->get('admin_username');
$salt = $request->session()->get('salt');
if(empty($id)
|| empty($username)
|| empty($salt)
){
return redirect()->Route('admin-login');
}
$check = self::checkUser($id);
if(false==$check){
$request->session()->forget('admin_id');
$request->session()->forget('admin_username');
$salt = $request->session()->forget('salt');
return redirect()->Route('admin-login');
}
//查询是否是超级管理员
if($check->is_admin==1){
//可以跳过所有的检查
return $next($request);
}
self::getRoleAcess($id);
if(!in_array($url,$this->Allow)){
//echo '您没有权限访问,请联系管理员!';
return redirect()->Route('tips');
exit();
}
return $next($request);
}
private function checkUser($uid){
$user = User::find($uid);
return $user;
// dd($user);
/*if($user){
return true;
}else{
return false;
}*/
}
private function getRoleAcess($uid){
//查询出用户所属的角色ID
$roles = DB::table('role_user')->where('user_id',$uid)->get();
$roles = $roles->toArray();
$roleIds = array_column($roles,'role_id');
//根据角色ID查询角色所有的功能
//sql= SELECT * FROM role_access where id in(1,2,3,4);
$role_access = DB::table('role_access')->wherein('role_id',$roleIds)->get();
$role_access = $role_access->toArray();
$accessIds = array_column($role_access,'access_id');
//根据AccessId 来查询功能表所有功能URL路由
$access = DB::table('access')->wherein('id',$accessIds)->get();
foreach ($access as $v){
$temp_url = explode('|',$v->route);
foreach ($temp_url as $tv){
if(empty($tv)) continue;
$url = Route($tv);
$this->Allow[] = $url;
}
}
}
}