HardAdminAppearance
权限验证
权限验证
1.前端验证
- 使用
/@/utils/authFunction中auth方法,以菜单权限标识为参数,进行验证,无权限则不显示按钮
ts
<el-button v-if="auth('admin:admin:save')" >修改</el-button>2. 后端验证
- 根据用户访问地址,进行权限验证,并记录操作日志
ts
//获取访问模块:控制器:方法
$url = request()->baseUrl();
$url = explode('/',$url);
$url = $url[1].':'.$url[2].':'.$url[3];
//获取当前用户权限
$menu = AuthRuleService::getAuthByGroupId($this->user->group_id)->toArray();
$auths = array_column($menu,'permission');
$titles = array_column($menu,'name','permission');
//判断是否在权限管辖范围内
$permission = AuthRuleService::getColumnByWhere([['status','=',1]],'permission');
if(in_array($url,$permission) && $this->user->group_id !== 1){
if(empty($auths) || !in_array($url,$auths)){
throw new \app\MyException(10001,'无操作权限');
}
}
if(in_array($url,$permission)){
$group = AuthGroupService::getInfoById($this->user->group_id);
event('AdminDone', [$this->user, $group, $titles[$url], $url, request()->param()]);
}