【程序目录】优化权限逻辑

crmeb/app/adminapi/controller/v1/setting/SystemRole.php

@@ -35,8 +35,7 @@ class SystemRole extends AuthController
 
     /**
      * 显示资源列表
-     *
-     * @return \think\Response
+     * @return mixed
      */
     public function index()
     {
@@ -49,9 +48,12 @@ class SystemRole extends AuthController
     }
 
     /**
-     * 显示创建资源表单页.
-     *
-     * @return \think\Response
+     * 显示创建资源表单页
+     * @param SystemMenusServices $services
+     * @return mixed
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function create(SystemMenusServices $services)
     {
@@ -88,10 +90,13 @@ class SystemRole extends AuthController
     }
 
     /**
-     * 显示编辑资源表单页.
-     *
-     * @param int $id
-     * @return \think\Response
+     * 显示编辑资源表单页
+     * @param SystemMenusServices $services
+     * @param $id
+     * @return mixed
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function edit(SystemMenusServices $services, $id)
     {

crmeb/app/adminapi/middleware/AdminCkeckRoleMiddleware.php

@@ -18,12 +18,18 @@ use crmeb\interfaces\MiddlewareInterface;
 
 /**
  * 权限规则验证
- * Class AdminCkeckRoleMiddleware
+ * Class AdminCheckRoleMiddleware
  * @package app\http\middleware
  */
-class AdminCkeckRoleMiddleware implements MiddlewareInterface
+class AdminCheckRoleMiddleware implements MiddlewareInterface
 {
-
+    /**
+     * 权限规则验证
+     * @param Request $request
+     * @param \Closure $next
+     * @return mixed
+     * @throws \throwable
+     */
     public function handle(Request $request, \Closure $next)
     {
         if (!$request->adminId() || !$request->adminInfo())
@@ -32,7 +38,7 @@ class AdminCkeckRoleMiddleware implements MiddlewareInterface
         if ($request->adminInfo()['level']) {
             /** @var SystemRoleServices $systemRoleService */
             $systemRoleService = app()->make(SystemRoleServices::class);
-            $systemRoleService->verifiAuth($request);
+            $systemRoleService->verifyAuth($request);
         }
 
         return $next($request);

crmeb/app/adminapi/route/agent.php

@@ -74,6 +74,6 @@ Route::group('agent', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/app.php

@@ -109,6 +109,6 @@ Route::group('app', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/cms.php

@@ -31,6 +31,6 @@ Route::group('cms', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/common.php

@@ -46,7 +46,7 @@ Route::group(function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);
 

crmeb/app/adminapi/route/diy.php

@@ -72,6 +72,6 @@ Route::group('diy', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/export.php

@@ -43,6 +43,6 @@ Route::group('export', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/file.php

@@ -35,6 +35,6 @@ Route::group('file', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/finance.php

@@ -52,6 +52,6 @@ Route::group('finance', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/freight.php

@@ -28,6 +28,6 @@ Route::group('freight', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/live.php

@@ -66,6 +66,6 @@ Route::group('live', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/marketing.php

@@ -192,6 +192,6 @@ Route::group('marketing', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/merchant.php

@@ -51,6 +51,6 @@ Route::group('merchant', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/notify.php

@@ -46,6 +46,6 @@ Route::group('notify', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/order.php

@@ -109,7 +109,7 @@ Route::group('order', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);
 
@@ -136,6 +136,6 @@ Route::group('refund', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/product.php

@@ -96,6 +96,6 @@ Route::group('product', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/serve.php

@@ -63,6 +63,6 @@ Route::group('serve', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/setting.php

@@ -192,6 +192,6 @@ Route::group('setting', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/statistic.php

@@ -74,6 +74,6 @@ Route::group('statistic', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/system.php

@@ -103,6 +103,6 @@ Route::group('system', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/user.php

@@ -145,6 +145,6 @@ Route::group('user', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/adminapi/route/widget.php

@@ -18,6 +18,6 @@ Route::group('widget', function () {
 })->middleware([
     \app\http\middleware\AllowOriginMiddleware::class,
     \app\adminapi\middleware\AdminAuthTokenMiddleware::class,
-    \app\adminapi\middleware\AdminCkeckRoleMiddleware::class,
+    \app\adminapi\middleware\AdminCheckRoleMiddleware::class,
     \app\adminapi\middleware\AdminLogMiddleware::class
 ]);

crmeb/app/services/system/admin/SystemRoleServices.php

@@ -90,41 +90,40 @@ class SystemRoleServices extends BaseServices
     /**
      * 后台验证权限
      * @param Request $request
+     * @return bool|void
+     * @throws \throwable
      */
-    public function verifiAuth(Request $request)
+    public function verifyAuth(Request $request)
     {
-
+        // 获取当前的接口于接口类型
         $rule = trim(strtolower($request->rule()->getRule()));
         $method = trim(strtolower($request->method()));
+
+        // 判断接口是一下两种的时候放行
         if (in_array($rule, ['setting/admin/logout', 'menuslist'])) {
             return true;
         }
 
-        //权限菜单未添加时返回true
+        // 获取所有接口类型以及对应的接口
         $allAuth = Cache::remember('all_auth', function () {
             /** @var SystemMenusServices $menusService */
             $menusService = app()->make(SystemMenusServices::class);
-            return $menusService->getColumn([['api_url', '<>', ''], ['auth_type', '=', 2]], 'api_url,methods');
+            $allList = $menusService->getColumn([['api_url', '<>', ''], ['auth_type', '=', 2]], 'api_url,methods');
+            $allAuth = [];
+            foreach ($allList as $item) {
+                $allAuth[trim(strtolower($item['methods']))][] = trim(strtolower(str_replace(' ', '', $item['api_url'])));
+            }
+            return $allAuth;
         });
-        if (!in_array($rule, array_map(function ($item) {
-            return trim(strtolower(str_replace(' ', '', $item)));
-        }, array_column($allAuth, 'api_url')))) {
-            return true;
-        }
 
-        //菜单按钮能看到的情况下所有接口都能访问
+        // 权限菜单未添加时放行
+        if (!in_array($rule, $allAuth[$method])) return true;
+
+        // 获取管理员的接口权限列表，存在时放行
         $auth = $this->getRolesByAuth($request->adminInfo()['roles'], 2);
-        //验证访问接口是否存在
-        if (!in_array($rule, array_map(function ($item) {
-            return trim(strtolower(str_replace(' ', '', $item)));
-        }, array_column($auth, 'api_url')))) {
+        if (in_array($rule, $auth[$method])) {
             return true;
-        }
-        //验证访问接口是否有权限
-        if (empty(array_filter($auth, function ($item) use ($rule, $method) {
-            if (trim(strtolower($item['api_url'])) === $rule && $method === trim(strtolower($item['methods'])))
-                return true;
-        }))) {
+        } else {
             throw new AuthException(110000);
         }
     }
@@ -144,7 +143,12 @@ class SystemRoleServices extends BaseServices
         return Cache::remember($cacheName, function () use ($rules, $type) {
             /** @var SystemMenusServices $menusService */
             $menusService = app()->make(SystemMenusServices::class);
-            return $menusService->getColumn([['id', 'IN', $this->getRoleIds($rules)], ['auth_type', '=', $type]], 'api_url,methods');
+            $authList = $menusService->getColumn([['id', 'IN', $this->getRoleIds($rules)], ['auth_type', '=', $type]], 'api_url,methods');
+            $rolesAuth = [];
+            foreach ($authList as $item) {
+                $rolesAuth[trim(strtolower($item['methods']))][] = trim(strtolower(str_replace(' ', '', $item['api_url'])));
+            }
+            return $rolesAuth;
         });
     }
 

crmeb/app/services/user/LoginServices.php

@@ -246,6 +246,10 @@ class LoginServices extends BaseServices
      * 重置密码
      * @param $account
      * @param $password
+     * @return bool
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function reset($account, $password)
     {
@@ -263,15 +267,16 @@ class LoginServices extends BaseServices
      * 手机号登录
      * @param $phone
      * @param $spread
+     * @param string $user_type
      * @return array
      * @throws \think\db\exception\DataNotFoundException
      * @throws \think\db\exception\DbException
      * @throws \think\db\exception\ModelNotFoundException
      */
-    public function mobile($phone, $spread, $user_type = 'h5')
+    public function mobile($phone, $spread, string $user_type = 'h5')
     {
         //数据库查询
-        $user = $this->dao->getOne(['phone' => $phone, 'is_del' => 0]);
+        $user = $this->dao->getOne(['account|phone' => $phone, 'is_del' => 0]);
         if (!$user) {
             $user = $this->register($phone, '123456', $spread, $user_type);
             if (!$user) {
@@ -297,6 +302,10 @@ class LoginServices extends BaseServices
      * 切换登录
      * @param $user
      * @param $from
+     * @return array
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function switchAccount($user, $from)
     {
@@ -329,12 +338,14 @@ class LoginServices extends BaseServices
 
     /**
      * 绑定手机号(静默还没写入用户信息)
-     * @param $user
      * @param $phone
-     * @param $step
-     * @return mixed
+     * @param string $key
+     * @return array
+     * @throws \Psr\SimpleCache\InvalidArgumentException
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\ModelNotFoundException
      */
-    public function bindind_phone($phone, $key = '')
+    public function bindind_phone($phone, string $key = '')
     {
         if (!$key) {
             throw new ApiException(410037);
@@ -361,10 +372,13 @@ class LoginServices extends BaseServices
 
     /**
      * 用户绑定手机号
-     * @param $user
+     * @param int $uid
      * @param $phone
      * @param $step
-     * @return mixed
+     * @return array
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function userBindindPhone(int $uid, $phone, $step)
     {
@@ -393,10 +407,12 @@ class LoginServices extends BaseServices
 
     /**
      * 用户绑定手机号
-     * @param $user
+     * @param int $uid
      * @param $phone
-     * @param $step
-     * @return mixed
+     * @return array
+     * @throws \think\db\exception\DataNotFoundException
+     * @throws \think\db\exception\DbException
+     * @throws \think\db\exception\ModelNotFoundException
      */
     public function updateBindindPhone(int $uid, $phone)
     {

crmeb/public/install/crmeb.sql

@@ -33040,7 +33040,7 @@ INSERT INTO `eb_system_menus` (`id`, `pid`, `icon`, `menu_name`, `module`, `cont
 (468, 125, '', '附加权限', 'admin', '', '', '', '', '[]', 0, 0, 0, 1, '/admin*', '', 1, '', 0, '', 0),
 (469, 468, '', '添加配置字段表单', 'admin', '', '', 'setting/config/create', 'GET', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),
 (470, 468, '', '保存配置字段', 'admin', '', '', 'setting/config', 'POST', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),
-(471, 468, '', '编辑配置字段表单', 'admin', '', '', 'setting/config/<id>/edit', '', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),
+(471, 468, '', '编辑配置字段表单', 'admin', '', '', 'setting/config/<id>/edit', 'GET', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),
 (472, 468, '', '编辑配置分类', 'admin', '', '', 'setting/config/<id>', 'PUT', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),
 (473, 468, '', '删除配置', 'admin', '', '', 'setting/config/<id>', 'DELETE', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),
 (474, 468, '', '修改配置状态', 'admin', '', '', 'setting/config/set_status/<id>/<status>', 'PUT', '[]', 0, 0, 0, 1, '', '', 2, '', 0, '', 0),