diff --git a/app/Http/Middleware/CheckPermission.php b/app/Http/Middleware/CheckPermission.php index 0fd1071..8924571 100644 --- a/app/Http/Middleware/CheckPermission.php +++ b/app/Http/Middleware/CheckPermission.php @@ -22,15 +22,16 @@ class CheckPermission { if (Auth::guard('sanctum')->check()) { $action = $request->route()->getCompiled()->getStaticPrefix(); + $method = $request->route()->getActionMethod(); $user = Auth::guard('sanctum')->user(); $user_id = $user->id; -// $uriArr = AdminMenuService::auth($user_id); -// if ($this->passedOrNot($action, $uriArr)) { -// return (new ApiResponseService())->error( -// __('middleware.check.user_auth'), -// 400 -// ); -// } + $uriArr = AdminMenuService::auth($user_id); + if ($this->passedOrNot($action, $uriArr, $method)) { + return (new ApiResponseService())->error( + __('middleware.check.user_auth'), + 400 + ); + } } return $next($request); } @@ -38,9 +39,10 @@ class CheckPermission /** * @param $action * @param $uriArr + * @param $targetMethod * @return bool */ - protected function passedOrNot($action, $uriArr): bool + protected function passedOrNot($action, $uriArr, $targetMethod): bool { $search = '/api/admin/'; $action = str_replace($search, '', $action); @@ -54,13 +56,21 @@ class CheckPermission $method = $actionArr[1] ?? ''; $newAction = $actionArr[0] ?? ''; + // 短写法接口 + if (empty($method)) { + $targetAction = $newAction . '.' . $targetMethod; + if (in_array($targetAction, $uriArr)) { + return false; + } + } + // 特殊 if (in_array($newAction, ['logout', 'me', 'menu'])) { return false; } // 特殊 - if (in_array($method, ['rule', 'import', 'search'])) { + if (in_array($method, ['rule', 'uploadImage', 'search'])) { return false; }