diff --git a/src/Http/Kernel.php b/src/Http/Kernel.php index 7dbda74ddfec511563957392721188612b746273..45fb350459ec3da806f3905c1294938e7ad69078 100644 --- a/src/Http/Kernel.php +++ b/src/Http/Kernel.php @@ -34,6 +34,7 @@ use Notadd\Foundation\Bootstrap\LoadConfiguration; use Notadd\Foundation\Bootstrap\LoadSetting; use Notadd\Foundation\Bootstrap\RegisterFacades; use Notadd\Foundation\Bootstrap\RegisterRouter; +use Notadd\Foundation\Http\Middlewares\CheckForCloseMode; use Notadd\Foundation\Http\Events\RequestHandled; use Notadd\Foundation\Http\Middlewares\CheckForMaintenanceMode; use Notadd\Foundation\Http\Middlewares\EnableCrossRequest; @@ -84,6 +85,7 @@ class Kernel implements KernelContract */ protected $middlewareGroups = [ 'web' => [ + CheckForCloseMode::class, EncryptCookies::class, AddQueuedCookiesToResponse::class, StartSession::class, diff --git a/src/Http/Middlewares/CheckForCloseMode.php b/src/Http/Middlewares/CheckForCloseMode.php new file mode 100644 index 0000000000000000000000000000000000000000..e163e34c1ebdd3b54ae8d033753b055c9a6ac5f4 --- /dev/null +++ b/src/Http/Middlewares/CheckForCloseMode.php @@ -0,0 +1,71 @@ + + * @copyright (c) 2017, iBenchu.org + * @datetime 2017-03-05 18:52 + */ +namespace Notadd\Foundation\Http\Middlewares; + +use Closure; +use Illuminate\Contracts\Foundation\Application; +use Illuminate\Contracts\Routing\ResponseFactory; +use Illuminate\Routing\Router; +use Illuminate\Support\Str; +use Notadd\Foundation\Setting\Contracts\SettingsRepository; + +/** + * Class CheckForCloseMode. + */ +class CheckForCloseMode +{ + /** + * @var \Illuminate\Contracts\Foundation\Application|\Notadd\Foundation\Application + */ + protected $application; + + /** + * @var \Illuminate\Routing\Router + */ + protected $router; + + /** + * @var \Illuminate\Contracts\Routing\ResponseFactory + */ + protected $response; + + /** + * CheckForMaintenanceMode constructor. + * + * @param \Illuminate\Contracts\Foundation\Application|\Notadd\Foundation\Application $application + * @param \Illuminate\Contracts\Routing\ResponseFactory $response + * @param \Illuminate\Routing\Router $router + */ + public function __construct(Application $application, ResponseFactory $response, Router $router) + { + $this->application = $application; + $this->response = $response; + $this->router = $router; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * + * @throws \Symfony\Component\HttpKernel\Exception\HttpException + * @return mixed + */ + public function handle($request, Closure $next) + { + if ($this->application->isInstalled()) { + if (!$this->application->make(SettingsRepository::class)->get('site.enabled', true) && !Str::is('admin*', $this->router->current()->uri()) && !Str::is('api*', $this->router->current()->uri())) { + return $this->response->make('网站已经关闭!'); + } + } + + return $next($request); + } +} diff --git a/src/Member/Commands/PermissionCommand.php b/src/Member/Commands/PermissionCommand.php index cbebe8accff3e0db18d4b2a8529830d8396319e2..b02362f5cee6c5a7a064dcd8081e598aa9074ee1 100644 --- a/src/Member/Commands/PermissionCommand.php +++ b/src/Member/Commands/PermissionCommand.php @@ -77,20 +77,20 @@ class PermissionCommand extends Command $i = 0; - $frontendPermissions = array_get($permissions, 'frontend', []); + $frontPermissions = array_get($permissions, 'front', []); $adminPermissions = array_get($permissions, 'admin', []); // 添加前台权限 - foreach ($frontendPermissions as $frontendPermission) { - if (! isset($frontendPermission['display_name']) || ! isset($frontendPermission['name']) || empty($frontendPermission['display_name']) || empty($frontendPermission['name'])) { + foreach ($frontPermissions as $frontPermission) { + if (! isset($frontPermission['display_name']) || ! isset($frontPermission['name']) || empty($frontPermission['display_name']) || empty($frontPermission['name'])) { continue; } - if (Permission::where('name', $frontendPermission['name'])->count()) { + if (Permission::whereFront($frontPermission['name'])->count()) { continue; } - Permission::addPermission($frontendPermission['name'], $frontendPermission['display_name'], isset($frontendPermission['description']) ? $frontendPermission['description'] : ''); + Permission::addFrontPermission($frontPermission['name'], $frontPermission['display_name'], isset($frontPermission['description']) ? $frontPermission['description'] : ''); $i++; } diff --git a/src/Member/Member.php b/src/Member/Member.php index 5b66baef50fe3ba895fa0a2e29f9285b48e135c9..62ac502a5c10b17bcdce5736360a7e49c7d68362 100644 --- a/src/Member/Member.php +++ b/src/Member/Member.php @@ -164,6 +164,34 @@ class Member extends Authenticatable return false; } + /** + * 判断是否有前台的权限, 支持 * 通赔符 + * + * @param $name + * @param bool $requireAll + * + * @return bool + */ + public function hasFrontPermission($name, $requireAll = false) + { + if (is_array($name)) { + $name = array_map(function ($val) { + if (ends_with($val, '*')) { + return $val; + } + + return Permission::FRONT_PREFIX . $val; + }, $name); + } else { + + if (! ends_with($name, '*')) { + $name = Permission::FRONT_PREFIX . $name; + } + } + + return $this->hasPermission($name, $requireAll); + } + /** * Checks if the member has a admin permission by its name. * @@ -174,11 +202,9 @@ class Member extends Authenticatable */ public function hasAdminPermission($name, $requireAll = false) { - $adminName = $name; - if (is_array($name)) { - $adminName = array_map(function ($val) { - if (str_contains($val, '*')) { + $name = array_map(function ($val) { + if (ends_with($val, '*')) { return $val; } @@ -186,12 +212,12 @@ class Member extends Authenticatable }, $name); } else { - if (! str_contains($name, '*')) { - $adminName = Permission::ADMIN_PREFIX . $name; + if (! ends_with($name, '*')) { + $name = Permission::ADMIN_PREFIX . $name; } } - return $this->hasPermission($adminName, $requireAll); + return $this->hasPermission($name, $requireAll); } /** diff --git a/src/Member/MemberServiceProvider.php b/src/Member/MemberServiceProvider.php index ef4cf938c8cfd680a4385c102eaed80aa9b7e9c4..8a95d859e0d08eab0f773e5b338f63116f9cbe31 100644 --- a/src/Member/MemberServiceProvider.php +++ b/src/Member/MemberServiceProvider.php @@ -10,6 +10,7 @@ namespace Notadd\Foundation\Member; use Illuminate\Support\ServiceProvider; use Notadd\Foundation\Member\Middleware\Permission; +use Notadd\Foundation\Member\Middleware\FrontPermission; use Notadd\Foundation\Member\Middleware\AdminPermission; use Notadd\Foundation\Member\Commands\PermissionCommand; @@ -42,7 +43,8 @@ class MemberServiceProvider extends ServiceProvider public function registerMiddleware() { $this->app['router']->aliasMiddleware('permission', Permission::class); - $this->app['router']->aliasMiddleware('admin-permission', AdminPermission::class); + $this->app['router']->aliasMiddleware('permission.admin', AdminPermission::class); + $this->app['router']->aliasMiddleware('permission.front', FrontPermission::class); } public function registerCommands() diff --git a/src/Member/Middleware/FrontPermission.php b/src/Member/Middleware/FrontPermission.php new file mode 100644 index 0000000000000000000000000000000000000000..4abdd7c4cebaec1487a9f31003124a5f53e862f7 --- /dev/null +++ b/src/Member/Middleware/FrontPermission.php @@ -0,0 +1,39 @@ + + * @copyright (c) 2017, iBenchu.org + * @datetime 2017-03-10 15:08 + */ + +namespace Notadd\Foundation\Member\Middleware; + +use Closure; +use Illuminate\Http\Request; +use Illuminate\Http\JsonResponse; + +class FrontPermission extends Permission +{ + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param Closure $next + * @param $permissions + * + * @return mixed + */ + public function handle(Request $request, Closure $next, $permissions, $guard = 'admin') + { + if ($this->auth->guard($guard)->guest() || ! $request->user($guard)->hasFrontPermission(explode('|', $permissions))) { + if ($this->wantsJson()) { + return new JsonResponse('Forbidden', 403); + } + + abort(403); + } + + return $next($request); + } +} diff --git a/src/Member/Permission.php b/src/Member/Permission.php index 3f477f8790c0aba1e81a973def50413d55eb7d50..abe6ecdf13195f33f4edaa5a140113bfcbbcebc7 100644 --- a/src/Member/Permission.php +++ b/src/Member/Permission.php @@ -9,6 +9,7 @@ namespace Notadd\Foundation\Member; +use Illuminate\Support\Str; use Notadd\Foundation\Database\Model; /** @@ -25,7 +26,15 @@ use Notadd\Foundation\Database\Model; */ class Permission extends Model { - const ADMIN_PREFIX = 'admin-'; + /** + * 前台的权限前缀 + */ + const FRONT_PREFIX = 'front.'; + + /** + * 后台的权限前缀 + */ + const ADMIN_PREFIX = 'admin.'; protected $table = 'permissions'; @@ -41,6 +50,15 @@ class Permission extends Model return $this->belongsToMany(Member::class, 'member_permission', 'permission_id', 'member_id'); } + /** + * 添加权限 + * + * @param $name + * @param null $display_name + * @param null $description + * + * @return static + */ public static function addPermission($name, $display_name = null, $description = null) { $permission = static::where('name', $name)->first(); @@ -56,6 +74,24 @@ class Permission extends Model return $permission; } + /** + * 添加前台权限 + * + * @param $name + * @param null $display_name + * @param null $description + * + * @return \Notadd\Foundation\Member\Permission + */ + public static function addFrontPermission($name, $display_name = null, $description = null) + { + return static::addPermission( + Str::startsWith($name, static::FRONT_PREFIX) ? $name : static::FRONT_PREFIX . $name, + $display_name, + $description + ); + } + /** * 添加后台权限 * @@ -67,17 +103,34 @@ class Permission extends Model */ public static function addAdminPermission($name, $display_name = null, $description = null) { - return static::addPermission(static::ADMIN_PREFIX . $name, $display_name, $description); + return static::addPermission( + Str::startsWith($name, static::ADMIN_PREFIX) ? $name : static::ADMIN_PREFIX . $name, + $display_name, + $description + ); } /** - * 查询后台权限 + * 查询前台权限 * * @param $query * @param $name * * @return mixed */ + public function scopeWhereFront($query, $name) + { + return $query->where('name', static::FRONT_PREFIX . $name); + } + + /** + * 查询后台权限 + * + * @param $query + * @param $nameMember + * + * @return mixed + */ public function scopeWhereAdmin($query, $name) { return $query->where('name', static::ADMIN_PREFIX . $name);