add：新增GET方法单独的认证标识

2020-10-12 12:22:05 +08:00 · 2020-10-12 12:22:05 +08:00 · 3908c26e2c
commit 3908c26e2c
parent f17570deef
3 changed files with 47 additions and 2 deletions
--- a/catch/permissions/middleware/PermissionsMiddleware.php
+++ b/catch/permissions/middleware/PermissionsMiddleware.php
@ -32,6 +32,7 @@ class PermissionsMiddleware

        // 模块忽略
        [$module, $controller, $action] = Utils::parseRule($rule);
+
        // toad
        if (in_array($module, $this->ignoreModule())) {
            return $next($request);
@ -42,11 +43,11 @@ class PermissionsMiddleware
            throw new PermissionForbiddenException('Login is invalid', Code::LOST_LOGIN);
        }
        // 超级管理员
-        if ($request->user()->id === config('catch.permissions.super_admin_id')) {
+        if (Utils::isSuperAdmin()) {
            return $next($request);
        }
        // Get 请求
-        if ($request->isGet() && config('catch.permissions.is_allow_get')) {
+        if ($this->allowGet($request)) {
            return $next($request);
        }
        // 判断权限
@ -106,4 +107,21 @@ class PermissionsMiddleware
            'permission' => $permission,
        ]);
    }
+
+    /**
+     * get allow
+     *
+     * @time 2020年10月12日
+     * @param $request
+     * @return bool
+     * @throws \ReflectionException
+     */
+    protected function allowGet($request)
+    {
+        if (Utils::isMethodNeedAuth($request->rule()->getName())) {
+            return false;
+        }
+
+        return $request->isGet() && config('catch.permissions.is_allow_get');
+    }
 }
--- a/config/catch.php
+++ b/config/catch.php
@ -22,6 +22,14 @@ return [
        *
        */
        'super_admin_id' => 1,
+
+        /**
+         * 方法认证标记
+         *
+         * 尽量使用唯以字符
+         *
+         */
+        'method_auth_mark' => '@CatchAuth'
    ],
    /**
    *  auth 认证
--- a/extend/catcher/Utils.php
+++ b/extend/catcher/Utils.php
@ -119,6 +119,25 @@ class Utils
        return [$module, $controllerName, $action];
    }

+
+    /**
+     * get controller & action
+     *
+     * @time 2020年10月12日
+     * @param $rule
+     * @return false|string[]
+     * @throws \ReflectionException
+     */
+    public static function isMethodNeedAuth($rule)
+    {
+        list($controller, $action) = explode(Str::contains($rule, '@') ? '@' : '/', $rule);
+
+        $docComment = (new \ReflectionClass($controller))->getMethod($action)->getDocComment();
+
+        return strpos($docComment, config('catch.permissions.method_auth_mark')) !== false;
+    }
+
+
    /**
     * 表前缀
     *