验证用户访问权限

wuxiao
Commit b835fbe5efd017fdc8c586c460de64a4fbf70c50 1 parent 3ac5719f
Showing 2 changed files with 65 additions and 1 deletions
backend/components/filters/AccessControl.php
backend/views/site/403.php
--- a/backend/components/filters/AccessControl.php
View file @b835fbe
+++ b/backend/components/filters/AccessControl.php
View file @b835fbe
@@ -30,18 +30,50 @@ class AccessControl extends \yii\filters\AccessControl
     public function init()
     {
         $rules = [];
+         
+         /**
+          * 验证用户访问权限
+          */
+         $route = Yii::$app->controller->id.'/'.Yii::$app->controller->action->id;
+         //var_dump($route);
+         if (!self::verifyAccess($route)){
+             $rules = [['allow'=>false]];
+         }
+         
         $this->rules = ArrayHelper::merge($rules, $this->rules);
         
         $this->denyCallback = function ($rule, $action) {
             if (Yii::$app->user->getIsGuest()) {
                 Yii::$app->user->loginRequired();
             } else {
-                 throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
+                 //throw new ForbiddenHttpException(Yii::t('yii', 'You are not allowed to perform this action.'));
+                 Yii::$app->response->content = Yii::$app->view->render('@app/views/site/403',['_refer'=>Yii::$app->request->referrer]);
+                 Yii::$app->response->send();
+                 Yii::$app->end(1);
             }
         };
         parent::init();
     }
     
+     /**
+      * 验证用户访问权限
+      * @param type $permission 权限标签
+      * @return boolean
+      */
+     static function verifyAccess($permission)
+     {
+         $auth = Yii::$app->authManager;
+         $permission = $auth->getPermission($permission);
+         if (!$permission){
+             return false;
+         }
+         $permissions = $auth->getPermissionsByUser(Yii::$app->user->getId());
+         if (in_array($permission,$permissions)){
+             return true;
+         }
+         return false;
+     }
+     
     public function beforeAction($action)
     {
         return parent::beforeAction($action);
--- a/backend/views/site/403.php 0 → 100644
View file @b835fbe
+++ b/backend/views/site/403.php 0 → 100644
View file @b835fbe
+ <!DOCTYPE html>
+ <html lang="en">
+     <head>
+         <meta charset="utf-8">
+         <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0">
+         <meta name="description" content="">
+         <meta name="author" content="">
+ 
+         <title>Chain Responsive Bootstrap3 Admin</title>
+ 
+         <link href="/css/style.default.css" rel="stylesheet">
+ 
+         <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+         <!--[if lt IE 9]>
+         <script src="/js/html5shiv.js"></script>
+         <script src="/js/respond.min.js"></script>
+         <![endif]-->
+     </head>
+ 
+     <body>
+         
+         <section>
+             <div class="notfoundpanel">
+                 <h1>403!</h1>
+                 <h3>你无权限访问这个页面!</h3>
+                 <p>这个页面可能被移除了，或者更名了，或者不可用，一般的原因是你的账户没有权限访问</p>
+                 <a class="btn btn-primary" href="<?=$_refer?>">返回上一页</a>
+             </div><!-- notfoundpanel -->
+         </section>
+ 
+     </body>
+ </html>