40 lines
1.0 KiB
PHP
40 lines
1.0 KiB
PHP
<?php
|
|
namespace app\admin\middleware;
|
|
|
|
use Webman\MiddlewareInterface;
|
|
use Webman\Http\Request;
|
|
use Webman\Http\Response;
|
|
|
|
class PermissionMiddleware implements MiddlewareInterface
|
|
{
|
|
public function process(Request $request, callable $handler): Response
|
|
{
|
|
$admin = $request->admin ?? null;
|
|
if (!$admin) {
|
|
return jsonResponse(null, '未登录', 401);
|
|
}
|
|
if (intval($admin->is_super) === 1) {
|
|
return $handler($request);
|
|
}
|
|
|
|
$route = $request->route;
|
|
$permissionCode = $route ? $route->getName() : null;
|
|
if (!$permissionCode) {
|
|
return $handler($request);
|
|
}
|
|
|
|
$admin->loadMissing(['roles.permissions']);
|
|
$codes = [];
|
|
foreach ($admin->roles as $role) {
|
|
foreach ($role->permissions as $permission) {
|
|
$codes[$permission->code] = true;
|
|
}
|
|
}
|
|
if (!isset($codes[$permissionCode])) {
|
|
return jsonResponse(null, '无权限', 403);
|
|
}
|
|
return $handler($request);
|
|
}
|
|
}
|
|
|