当用户登录的时候:去数据库查询校验用户名密码 然后查出它的权限列表 把用户id 用户名和权限列表 保存到session中
不满足的时候返回各种错误
login.php
<?php namespace iqiyi\Http\Controllers; use iqiyi\Models\SysRoleMenu; use iqiyi\Models\SysUserRole; use iqiyi\Models\SysRole; use Illuminate\Http\Request; use Illuminate\Support\Facades\Session; use iqiyi\Models\SysUser; use Illuminate\Support\Facades\DB; class Login extends Controller { public function __construct() { DB::connection()->enableQueryLog(); // 开启查询日志 } /** * @param Request $request * @return $this|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|void * */ public function index(Request $request) { $username = $request->username; $password = $request->password; $errors = $request->errors; $password = md5($password.config('iqiyi.md5key','Iqiyi')); $users = SysUser::where(['login_name'=>$username,'password_md5'=>$password])->first(); //echo $users['id']; //dd($users); $pri = []; // if($users){ // // 角色 // $roleids = []; // $role = SysUserRole::where('user_id',$users->id)->select('role_id')->where('role_id','<>','')->get(); // foreach ($role as $k=>$v){ // $roleids[] = $v['role_id']; // } // // 权限 // $menu = SysRoleMenu::whereIn('role_id',$roleids)->select('m.href')->leftjoin('sys_menu as m','sys_role_menu.menu_id','=','m.id')->get()->toArray(); // // foreach ($menu as $k=>$v){ // $pri[] = $v['href']; // } //// print_r(DB::getQueryLog()); //// dd($users, $menu, $pri); // } if($users){ // 角色 $roleids = []; $role = SysUserRole::where('user_ids',$users->ids)->select('role_ids')->where('role_ids','<>','')->get(); foreach ($role as $k=>$v){ $roleids[] = $v['role_ids']; } // 权限 $menu = SysRoleMenu::whereIn('role_ids',$roleids)->select('m.href')->leftjoin('sys_menu as m','sys_role_menu.menu_id','=','m.id')->get()->toArray(); foreach ($menu as $k=>$v){ $pri[] = $v['href']; } // print_r(DB::getQueryLog()); // dd($users, $role, $roleids, $menu, $pri); } // 权限判断 if($pri && $users){ // Session::put('userid',$users['id']); Session::put('userids',$users['ids']); Session::put('login_name',$users['login_name']); Session::put('pri',json_encode($pri)); // echo 1; // die; return redirect('/'); } $error = ''; if($username && !$users){ $error = '用户名或密码错误'; } if(!$pri && $users){ $error = '用户没有权限'; } return view('login')->with([ 'error'=>$error, 'errors'=>$errors, ]); } /** * @param Request $request */ public function logout(Request $request){ Session::forget('userids'); return redirect('/'); } //$queries = \DB::getQueryLog(); // 获取查询日志 //dd($queries); // 即可查看执行的sql,传入的参数等等 }
然后每个页面在访问的时候 都要进行权限校验 我们把逻辑放在中间件中
authAdmin.php
<?php namespace iqiyi\Http\Middleware; use Closure; use Illuminate\Support\Facades\Session; class authAdmin { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { // $userid = Session::get('userid'); $userid = Session::get('userids'); //dd(json_decode($pri,true)); $pri = Session::get('pri'); // dump($userid, $pri); if (!$userid || !$pri) { return redirect('/login'); } $url = $request->getRequestUri(); $postion = strpos($url, '?'); // 有?的标志 if ($postion) { $url = substr($url, 0, strpos($url, '?')); // 把路径后面的?参数去掉 } $pri = json_decode($pri,true); // dd($userid, $url, $postion, $pri); if ($url =='/') { return $next($request); } if( !in_array($url,$pri)){ // 显示没有操作权限的页面 return response()->view('error'); } if( !$userid){ return redirect('/login?errors=没有权限'); } return $next($request); } }