From fb588924e22fd5f1e182a0e34c82badc35ad12af Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 17 Feb 2017 17:11:54 +0800 Subject: [PATCH 1/2] =?UTF-8?q?Add=20hasAdminPermission=20function=20to=20?= =?UTF-8?q?Member,=20=E4=BF=AE=E6=94=B9=20Member::hasPermission=20?= =?UTF-8?q?=E5=8F=AF=E4=BB=A5=E5=8C=B9=E9=85=8D=E9=80=9A=E9=85=8D=E7=AC=A6?= =?UTF-8?q?=20admin*=20=E8=BF=99=E6=A0=B7=E7=9A=84=E5=BD=A2=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Member/Member.php | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/src/Member/Member.php b/src/Member/Member.php index ba657728..80a0cc05 100644 --- a/src/Member/Member.php +++ b/src/Member/Member.php @@ -130,7 +130,7 @@ class Member extends Authenticatable /** * Checks if the member has a permission by its name. - *cachedPermissions + * * @param string|array $name Permission name or array of permission names. * @param bool $requireAll All permissions in the array are required. * @@ -155,7 +155,7 @@ class Member extends Authenticatable return $requireAll; } else { foreach ($this->cachedPermissions() as $permission) { - if ($permission->name == $name) { + if (str_is($name, $permission->name)) { return true; } } @@ -164,6 +164,30 @@ class Member extends Authenticatable return false; } + /** + * Checks if the member has a admin permission by its name. + * + * @param string|array $name Permission name or array of permission names. + * @param bool $requireAll All permissions in the array are required. + * + * @return bool + */ + public function hasAdminPermission($name, $requireAll = false) + { + $adminName = $name; + if (! str_contains($name, '*')) { + if (is_array($name)) { + $adminName = array_map(function ($val) { + return Permission::ADMIN_PREFIX . $val; + }, $name); + } else { + $adminName = Permission::ADMIN_PREFIX . $name; + } + } + + return $this->hasPermission($adminName, $requireAll); + } + /** * Attach permission to current role. * -- Gitee From bd64611004be80535a946e668d2522ce339ae5ce Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 17 Feb 2017 17:31:30 +0800 Subject: [PATCH 2/2] =?UTF-8?q?fix=20Member::hasAdminPermission=20?= =?UTF-8?q?=E4=BD=86=E5=8F=82=E6=95=B0=E6=98=AF=E6=95=B0=E7=BB=84=E6=98=AF?= =?UTF-8?q?=20bug,=20add=20AdminPermission=20Middleware=20=E7=94=A8?= =?UTF-8?q?=E4=BA=8E=E5=88=A4=E6=96=AD=E5=90=8E=E5=8F=B0=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Member/Member.php | 18 +++++++---- src/Member/MemberServiceProvider.php | 4 ++- src/Member/Middleware/AdminPermission.php | 39 +++++++++++++++++++++++ 3 files changed, 54 insertions(+), 7 deletions(-) create mode 100644 src/Member/Middleware/AdminPermission.php diff --git a/src/Member/Member.php b/src/Member/Member.php index 80a0cc05..5b66baef 100644 --- a/src/Member/Member.php +++ b/src/Member/Member.php @@ -175,12 +175,18 @@ class Member extends Authenticatable public function hasAdminPermission($name, $requireAll = false) { $adminName = $name; - if (! str_contains($name, '*')) { - if (is_array($name)) { - $adminName = array_map(function ($val) { - return Permission::ADMIN_PREFIX . $val; - }, $name); - } else { + + if (is_array($name)) { + $adminName = array_map(function ($val) { + if (str_contains($val, '*')) { + return $val; + } + + return Permission::ADMIN_PREFIX . $val; + }, $name); + } else { + + if (! str_contains($name, '*')) { $adminName = Permission::ADMIN_PREFIX . $name; } } diff --git a/src/Member/MemberServiceProvider.php b/src/Member/MemberServiceProvider.php index ae7892c6..144600fe 100644 --- a/src/Member/MemberServiceProvider.php +++ b/src/Member/MemberServiceProvider.php @@ -9,8 +9,9 @@ namespace Notadd\Foundation\Member; use Illuminate\Support\ServiceProvider; -use Notadd\Foundation\Member\Commands\PermissionCommand; use Notadd\Foundation\Member\Middleware\Permission; +use Notadd\Foundation\Member\Middleware\AdminPermission; +use Notadd\Foundation\Member\Commands\PermissionCommand; /** * Class MemberServiceProvider. @@ -41,6 +42,7 @@ class MemberServiceProvider extends ServiceProvider public function registerMiddleware() { $this->app['router']->middleware('permission', Permission::class); + $this->app['router']->middleware('admin-permission', AdminPermission::class); } public function registerCommands() diff --git a/src/Member/Middleware/AdminPermission.php b/src/Member/Middleware/AdminPermission.php new file mode 100644 index 00000000..2b85934b --- /dev/null +++ b/src/Member/Middleware/AdminPermission.php @@ -0,0 +1,39 @@ + + * @copyright (c) 2017, iBenchu.org + * @datetime 2017-02-17 17:20 + */ + +namespace Notadd\Foundation\Member\Middleware; + +use Closure; +use Illuminate\Http\Request; +use Illuminate\Http\JsonResponse; + +class AdminPermission extends Permission +{ + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param Closure $next + * @param $permissions + * + * @return mixed + */ + public function handle(Request $request, Closure $next, $permissions, $guard = 'admin') + { + if ($this->auth->guard($guard)->guest() || ! $request->user($guard)->hasAdminPermission(explode('|', $permissions))) { + if ($this->wantsJson()) { + return new JsonResponse('Forbidden', 403); + } + + abort(403); + } + + return $next($request); + } +} -- Gitee