controllerObject->isNotNeedLogin()) { return $next($request); } if ($request->adminInfo['login_ip'] != request()->ip()) { return JsonService::fail('ip地址发生变化,请重新登录', [], -1); } // 非 root 待绑企微:放行绑定 / 解绑 / 个人信息 / 退出(避免无菜单权限;action 与路由大小写一致) if (LoginLogic::adminMustBindWorkWechat($request->adminInfo)) { if (LoginLogic::isWorkWechatBindExemptActionName((string) $request->action())) { return $next($request); } } //系统默认超级管理员,无需权限验证 if (1 === $request->adminInfo['root']) { return $next($request); } // 面诊进度看板:仅登录即可拉医生列表 + 预约列表(须带 progress_board=1,见 AdminLists / AppointmentLists 内限制) if ($this->isFaceProgressBoardPublicLists($request)) { return $next($request); } $adminAuthCache = new AdminAuthCache($request->adminInfo['admin_id']); // 当前访问路径 $accessUri = strtolower($request->controller() . '/' . $request->action()); // 全部路由 $allUri = $this->formatUrl($adminAuthCache->getAllUri()); // 判断该当前访问的uri是否存在,不存在无需验证 if (!in_array($accessUri, $allUri)) { return $next($request); } // 当前管理员拥有的路由权限 $AdminUris = $adminAuthCache->getAdminUri() ?? []; $AdminUris = $this->formatUrl($AdminUris); if (in_array($accessUri, $AdminUris) || $this->matchPermissionAlias($accessUri, $AdminUris)) { return $next($request); } return JsonService::fail('权限不足,无法访问或操作'); } /** * @notes 格式化URL * @param array $data * @return array|string[] * @author 段誉 * @date 2022/7/7 15:39 */ public function formatUrl(array $data) { return array_map(function ($item) { return strtolower(Str::camel($item)); }, $data); } /** * 日常记录权限域:前端统一收口到 tcm.diagnosis/dailyRecord, * 但待办/跟踪备注接口仍保留历史路由名,故在鉴权层做精确别名映射。 */ private function matchPermissionAlias(string $accessUri, array $adminUris): bool { if (!in_array('tcm.diagnosis/dailyrecord', $adminUris, true)) { return false; } return in_array($accessUri, [ 'tcm.diagnosistodo/lists', 'tcm.diagnosistodo/add', 'tcm.diagnosistodo/cancel', 'tcm.diagnosis/trackingnotes', 'tcm.diagnosis/addtrackingnote', ], true); } /** * 面诊进度专用:auth.admin/lists、doctor.appointment/lists + progress_board=1,不校验菜单权限 */ private function isFaceProgressBoardPublicLists($request): bool { if ((int) $request->param('progress_board', 0) !== 1) { return false; } if (strtolower((string) $request->action()) !== 'lists') { return false; } $c = strtolower((string) $request->controller()); return in_array($c, ['auth.admin', 'doctor.appointment'], true); } }