From 54676c2988bfe8bf42e6d8e8d07977a4a5a35665 Mon Sep 17 00:00:00 2001 From: twilroad <269044570@qq.com> Date: Sun, 5 Mar 2017 19:09:01 +0800 Subject: [PATCH 1/9] add middleware to check site is close --- src/Http/Kernel.php | 2 + src/Http/Middlewares/CheckForCloseMode.php | 71 ++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 src/Http/Middlewares/CheckForCloseMode.php diff --git a/src/Http/Kernel.php b/src/Http/Kernel.php index 425b50ba..89b6d32b 100644 --- a/src/Http/Kernel.php +++ b/src/Http/Kernel.php @@ -34,6 +34,7 @@ use Notadd\Foundation\Bootstrap\LoadConfiguration; use Notadd\Foundation\Bootstrap\LoadSetting; use Notadd\Foundation\Bootstrap\RegisterFacades; use Notadd\Foundation\Bootstrap\RegisterRouter; +use Notadd\Foundation\Http\Middlewares\CheckForCloseMode; use Notadd\Foundation\Http\Middlewares\CheckForMaintenanceMode; use Notadd\Foundation\Http\Middlewares\EnableCrossRequest; use Notadd\Foundation\Http\Middlewares\RedirectIfAuthenticated; @@ -83,6 +84,7 @@ class Kernel implements KernelContract */ protected $middlewareGroups = [ 'web' => [ + CheckForCloseMode::class, EncryptCookies::class, AddQueuedCookiesToResponse::class, StartSession::class, diff --git a/src/Http/Middlewares/CheckForCloseMode.php b/src/Http/Middlewares/CheckForCloseMode.php new file mode 100644 index 00000000..e163e34c --- /dev/null +++ b/src/Http/Middlewares/CheckForCloseMode.php @@ -0,0 +1,71 @@ + + * @copyright (c) 2017, iBenchu.org + * @datetime 2017-03-05 18:52 + */ +namespace Notadd\Foundation\Http\Middlewares; + +use Closure; +use Illuminate\Contracts\Foundation\Application; +use Illuminate\Contracts\Routing\ResponseFactory; +use Illuminate\Routing\Router; +use Illuminate\Support\Str; +use Notadd\Foundation\Setting\Contracts\SettingsRepository; + +/** + * Class CheckForCloseMode. + */ +class CheckForCloseMode +{ + /** + * @var \Illuminate\Contracts\Foundation\Application|\Notadd\Foundation\Application + */ + protected $application; + + /** + * @var \Illuminate\Routing\Router + */ + protected $router; + + /** + * @var \Illuminate\Contracts\Routing\ResponseFactory + */ + protected $response; + + /** + * CheckForMaintenanceMode constructor. + * + * @param \Illuminate\Contracts\Foundation\Application|\Notadd\Foundation\Application $application + * @param \Illuminate\Contracts\Routing\ResponseFactory $response + * @param \Illuminate\Routing\Router $router + */ + public function __construct(Application $application, ResponseFactory $response, Router $router) + { + $this->application = $application; + $this->response = $response; + $this->router = $router; + } + + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param \Closure $next + * + * @throws \Symfony\Component\HttpKernel\Exception\HttpException + * @return mixed + */ + public function handle($request, Closure $next) + { + if ($this->application->isInstalled()) { + if (!$this->application->make(SettingsRepository::class)->get('site.enabled', true) && !Str::is('admin*', $this->router->current()->uri()) && !Str::is('api*', $this->router->current()->uri())) { + return $this->response->make('网站已经关闭!'); + } + } + + return $next($request); + } +} -- Gitee From 1c74ae6e59e0be83da2c06a69bd3d688f43d890a Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 13:47:32 +0800 Subject: [PATCH 2/9] Renamed Permission::ADMIN_PREFIX value to admin. --- src/Member/Permission.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Member/Permission.php b/src/Member/Permission.php index 3f477f87..c30ecb80 100644 --- a/src/Member/Permission.php +++ b/src/Member/Permission.php @@ -25,7 +25,7 @@ use Notadd\Foundation\Database\Model; */ class Permission extends Model { - const ADMIN_PREFIX = 'admin-'; + const ADMIN_PREFIX = 'admin.'; protected $table = 'permissions'; -- Gitee From 168f8d8a66b63b1e44de286187ef9c1f1e9df15e Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 13:54:09 +0800 Subject: [PATCH 3/9] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=89=8D=E5=8F=B0?= =?UTF-8?q?=E6=9D=83=E9=99=90=E6=B7=BB=E5=8A=A0=E6=96=B9=E6=B3=95=E5=92=8C?= =?UTF-8?q?=E7=9B=B8=E5=BA=94=E7=9A=84=E5=89=8D=E5=8F=B0=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=89=8D=E7=BC=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Member/Permission.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/Member/Permission.php b/src/Member/Permission.php index c30ecb80..79c8c74d 100644 --- a/src/Member/Permission.php +++ b/src/Member/Permission.php @@ -25,6 +25,14 @@ use Notadd\Foundation\Database\Model; */ class Permission extends Model { + /** + * 前台的权限前缀 + */ + const FRONT_PREFIX = 'front.'; + + /** + * 后台的权限前缀 + */ const ADMIN_PREFIX = 'admin.'; protected $table = 'permissions'; @@ -56,6 +64,20 @@ class Permission extends Model return $permission; } + /** + * 添加前台权限 + * + * @param $name + * @param null $display_name + * @param null $description + * + * @return \Notadd\Foundation\Member\Permission + */ + public static function addFrontPermission($name, $display_name = null, $description = null) + { + return static::addPermission(static::FRONT_PREFIX . $name, $display_name, $description); + } + /** * 添加后台权限 * -- Gitee From b4082f4c57c0a1bac13443cc51de28718b1a32fb Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 13:56:25 +0800 Subject: [PATCH 4/9] Add scopeWhereFront function to Permission model --- src/Member/Permission.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/Member/Permission.php b/src/Member/Permission.php index 79c8c74d..f6c32fbb 100644 --- a/src/Member/Permission.php +++ b/src/Member/Permission.php @@ -92,6 +92,19 @@ class Permission extends Model return static::addPermission(static::ADMIN_PREFIX . $name, $display_name, $description); } + /** + * 查询前台权限 + * + * @param $query + * @param $name + * + * @return mixed + */ + public function scopeWhereFront($query, $name) + { + return $query->where('name', static::FRONT_PREFIX . $name); + } + /** * 查询后台权限 * -- Gitee From cb095be7e222ff8036429e17a01d1ff506b0985d Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 14:05:27 +0800 Subject: [PATCH 5/9] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=89=8D=E5=8F=B0?= =?UTF-8?q?=E6=9D=83=E9=99=90=E5=88=86=E7=BB=84=E7=9A=84=20key=20=E4=B8=BA?= =?UTF-8?q?=20front,=20=E5=B9=B6=E4=BF=AE=E6=94=B9=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E5=89=8D=E5=8F=B0=E6=9D=83=E9=99=90=E7=9A=84=E6=96=B9=E6=B3=95?= =?UTF-8?q?=E4=B8=BA=20Permission::addFrontPermission?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Member/Commands/PermissionCommand.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Member/Commands/PermissionCommand.php b/src/Member/Commands/PermissionCommand.php index cbebe8ac..b02362f5 100644 --- a/src/Member/Commands/PermissionCommand.php +++ b/src/Member/Commands/PermissionCommand.php @@ -77,20 +77,20 @@ class PermissionCommand extends Command $i = 0; - $frontendPermissions = array_get($permissions, 'frontend', []); + $frontPermissions = array_get($permissions, 'front', []); $adminPermissions = array_get($permissions, 'admin', []); // 添加前台权限 - foreach ($frontendPermissions as $frontendPermission) { - if (! isset($frontendPermission['display_name']) || ! isset($frontendPermission['name']) || empty($frontendPermission['display_name']) || empty($frontendPermission['name'])) { + foreach ($frontPermissions as $frontPermission) { + if (! isset($frontPermission['display_name']) || ! isset($frontPermission['name']) || empty($frontPermission['display_name']) || empty($frontPermission['name'])) { continue; } - if (Permission::where('name', $frontendPermission['name'])->count()) { + if (Permission::whereFront($frontPermission['name'])->count()) { continue; } - Permission::addPermission($frontendPermission['name'], $frontendPermission['display_name'], isset($frontendPermission['description']) ? $frontendPermission['description'] : ''); + Permission::addFrontPermission($frontPermission['name'], $frontPermission['display_name'], isset($frontPermission['description']) ? $frontPermission['description'] : ''); $i++; } -- Gitee From 63b9d1ced91d54fdf4bc0919581f1cd6212a411e Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 14:12:32 +0800 Subject: [PATCH 6/9] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20Permission::addFrontPe?= =?UTF-8?q?rmission=20and=20Permission::addAdminPermission,=20=E5=88=A4?= =?UTF-8?q?=E6=96=AD=E5=A6=82=E6=9E=9C=E6=9C=89=E7=9B=B8=E5=BA=94=E7=9A=84?= =?UTF-8?q?=E5=89=8D=E7=BC=80=E5=B0=B1=E4=B8=8D=E5=86=8D=E8=BF=BD=E5=8A=A0?= =?UTF-8?q?=E5=89=8D=E7=BC=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Member/Permission.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/Member/Permission.php b/src/Member/Permission.php index f6c32fbb..99475564 100644 --- a/src/Member/Permission.php +++ b/src/Member/Permission.php @@ -9,6 +9,7 @@ namespace Notadd\Foundation\Member; +use Illuminate\Support\Str; use Notadd\Foundation\Database\Model; /** @@ -75,7 +76,11 @@ class Permission extends Model */ public static function addFrontPermission($name, $display_name = null, $description = null) { - return static::addPermission(static::FRONT_PREFIX . $name, $display_name, $description); + return static::addPermission( + Str::startsWith($name, static::FRONT_PREFIX) ? $name : static::FRONT_PREFIX . $name, + $display_name, + $description + ); } /** @@ -89,7 +94,11 @@ class Permission extends Model */ public static function addAdminPermission($name, $display_name = null, $description = null) { - return static::addPermission(static::ADMIN_PREFIX . $name, $display_name, $description); + return static::addPermission( + Str::startsWith($name, static::ADMIN_PREFIX) ? $name : static::ADMIN_PREFIX . $name, + $display_name, + $description + ); } /** -- Gitee From 60002ebbc360370193a599419ed1e57feb40effd Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 14:27:39 +0800 Subject: [PATCH 7/9] =?UTF-8?q?=E4=BF=AE=E6=94=B9=20User::hasAdminPermissi?= =?UTF-8?q?on=20=E9=87=8C=E5=88=A4=E6=96=AD=E6=9D=83=E9=99=90=E6=98=AF?= =?UTF-8?q?=E5=90=A6=E6=9C=89=20*=20=E5=8F=B7=E7=9A=84=E9=80=BB=E8=BE=91,?= =?UTF-8?q?=20=E6=94=B9=E4=B8=BA=E5=88=A4=E6=96=AD=E6=9C=AB=E5=B0=BE?= =?UTF-8?q?=E6=98=AF=E5=90=A6=E6=9C=89=20*?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Member/Member.php | 4 ++-- src/Member/Permission.php | 11 ++++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/Member/Member.php b/src/Member/Member.php index 5b66baef..2b64605b 100644 --- a/src/Member/Member.php +++ b/src/Member/Member.php @@ -178,7 +178,7 @@ class Member extends Authenticatable if (is_array($name)) { $adminName = array_map(function ($val) { - if (str_contains($val, '*')) { + if (ends_with($val, '*')) { return $val; } @@ -186,7 +186,7 @@ class Member extends Authenticatable }, $name); } else { - if (! str_contains($name, '*')) { + if (! ends_with($name, '*')) { $adminName = Permission::ADMIN_PREFIX . $name; } } diff --git a/src/Member/Permission.php b/src/Member/Permission.php index 99475564..abe6ecdf 100644 --- a/src/Member/Permission.php +++ b/src/Member/Permission.php @@ -50,6 +50,15 @@ class Permission extends Model return $this->belongsToMany(Member::class, 'member_permission', 'permission_id', 'member_id'); } + /** + * 添加权限 + * + * @param $name + * @param null $display_name + * @param null $description + * + * @return static + */ public static function addPermission($name, $display_name = null, $description = null) { $permission = static::where('name', $name)->first(); @@ -118,7 +127,7 @@ class Permission extends Model * 查询后台权限 * * @param $query - * @param $name + * @param $nameMember * * @return mixed */ -- Gitee From ffc53a80d6da7e96d74cf650fbd0001d53b9fe3a Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 14:31:54 +0800 Subject: [PATCH 8/9] Add hasFrontPermission function to Member model --- src/Member/Member.php | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/src/Member/Member.php b/src/Member/Member.php index 2b64605b..62ac502a 100644 --- a/src/Member/Member.php +++ b/src/Member/Member.php @@ -164,6 +164,34 @@ class Member extends Authenticatable return false; } + /** + * 判断是否有前台的权限, 支持 * 通赔符 + * + * @param $name + * @param bool $requireAll + * + * @return bool + */ + public function hasFrontPermission($name, $requireAll = false) + { + if (is_array($name)) { + $name = array_map(function ($val) { + if (ends_with($val, '*')) { + return $val; + } + + return Permission::FRONT_PREFIX . $val; + }, $name); + } else { + + if (! ends_with($name, '*')) { + $name = Permission::FRONT_PREFIX . $name; + } + } + + return $this->hasPermission($name, $requireAll); + } + /** * Checks if the member has a admin permission by its name. * @@ -174,10 +202,8 @@ class Member extends Authenticatable */ public function hasAdminPermission($name, $requireAll = false) { - $adminName = $name; - if (is_array($name)) { - $adminName = array_map(function ($val) { + $name = array_map(function ($val) { if (ends_with($val, '*')) { return $val; } @@ -187,11 +213,11 @@ class Member extends Authenticatable } else { if (! ends_with($name, '*')) { - $adminName = Permission::ADMIN_PREFIX . $name; + $name = Permission::ADMIN_PREFIX . $name; } } - return $this->hasPermission($adminName, $requireAll); + return $this->hasPermission($name, $requireAll); } /** -- Gitee From 08de0800fe0e6039566561db37845e6e4afe0958 Mon Sep 17 00:00:00 2001 From: qiyueshiyi Date: Fri, 10 Mar 2017 15:12:28 +0800 Subject: [PATCH 9/9] Add FrontPermission middleware class and add permission.front middleware, renamed admin-permission to permission.admin middleware --- src/Member/MemberServiceProvider.php | 4 ++- src/Member/Middleware/FrontPermission.php | 39 +++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 src/Member/Middleware/FrontPermission.php diff --git a/src/Member/MemberServiceProvider.php b/src/Member/MemberServiceProvider.php index 144600fe..85319ec6 100644 --- a/src/Member/MemberServiceProvider.php +++ b/src/Member/MemberServiceProvider.php @@ -10,6 +10,7 @@ namespace Notadd\Foundation\Member; use Illuminate\Support\ServiceProvider; use Notadd\Foundation\Member\Middleware\Permission; +use Notadd\Foundation\Member\Middleware\FrontPermission; use Notadd\Foundation\Member\Middleware\AdminPermission; use Notadd\Foundation\Member\Commands\PermissionCommand; @@ -42,7 +43,8 @@ class MemberServiceProvider extends ServiceProvider public function registerMiddleware() { $this->app['router']->middleware('permission', Permission::class); - $this->app['router']->middleware('admin-permission', AdminPermission::class); + $this->app['router']->middleware('permission.admin', AdminPermission::class); + $this->app['router']->middleware('permission.front', FrontPermission::class); } public function registerCommands() diff --git a/src/Member/Middleware/FrontPermission.php b/src/Member/Middleware/FrontPermission.php new file mode 100644 index 00000000..4abdd7c4 --- /dev/null +++ b/src/Member/Middleware/FrontPermission.php @@ -0,0 +1,39 @@ + + * @copyright (c) 2017, iBenchu.org + * @datetime 2017-03-10 15:08 + */ + +namespace Notadd\Foundation\Member\Middleware; + +use Closure; +use Illuminate\Http\Request; +use Illuminate\Http\JsonResponse; + +class FrontPermission extends Permission +{ + /** + * Handle an incoming request. + * + * @param \Illuminate\Http\Request $request + * @param Closure $next + * @param $permissions + * + * @return mixed + */ + public function handle(Request $request, Closure $next, $permissions, $guard = 'admin') + { + if ($this->auth->guard($guard)->guest() || ! $request->user($guard)->hasFrontPermission(explode('|', $permissions))) { + if ($this->wantsJson()) { + return new JsonResponse('Forbidden', 403); + } + + abort(403); + } + + return $next($request); + } +} -- Gitee