39 lines
871 B
PHP
39 lines
871 B
PHP
<?php
|
|
|
|
namespace PdAuth\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
|
|
class CheckRole
|
|
{
|
|
|
|
public function handle(Request $request, Closure $next)
|
|
{
|
|
$uses = $request->route()[1]['uses'];
|
|
list($controller, $action) = explode('@', $uses);
|
|
$roles = $controller::Privileges;
|
|
|
|
if (empty($roles) || empty($roles[$action])) {
|
|
abort(403, '未定义权限');
|
|
}
|
|
|
|
if (is_string($roles[$action]) && $roles[$action] == '*') {
|
|
return $next($request);
|
|
}
|
|
|
|
$user = $request->user('auth');
|
|
|
|
if (empty($user) || empty($user['roles'])) {
|
|
abort(403, '无权访问');
|
|
}
|
|
|
|
if (empty(array_intersect($roles[$action], $user['roles']))) {
|
|
abort(403, '无权访问,请联系管理员授权');
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
}
|