增加权限check，明天考虑把错误页面美化一下

shixinzi · Nov 24, 2014 · 635f0a3 · 635f0a3
1 parent 0e36fc9
commit 635f0a3
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 7 deletions.
diff --git a/publisher/app/controllers/BaseController.php b/publisher/app/controllers/BaseController.php
@@ -15,4 +15,16 @@ protected function setupLayout()
 		}
 	}
 
+	protected function check_own($prj_id)
+	{
+		if(!Auth::user()->pj_is_mine($prj_id))
+		{
+			//if(Request::ajax())
+			//{
+			//	return Response::json(array("result"=>false,'msg' => '403 Unauthorized action'));
+			//}
+			//TODO 美化一下403返回页
+			App::abort(403, 'Unauthorized action.');
+		}
+	}
 }
diff --git a/publisher/app/controllers/ProjectsController.php b/publisher/app/controllers/ProjectsController.php
@@ -7,18 +7,17 @@ class ProjectsController extends BaseController {
 	*/
 	public function allProjects()
 	{
-        //TODO 根据用户权限筛选
-		$all_projects = Project::all();
+		$all_projects = Project::whereIn('id',Auth::user()->pj_ids())->get();
 		return View::make('projects/index',array('projects' => $all_projects));
 	}
 
     public function editProject()
     {
-        //TODO 根据用户权限判断
         $id = Input::get('id');
         $project = null;
         if($id)
         {
+            $this->check_own($id);
             $project = Project::find($id);
         }
         $src_addr = trim(Input::get('src_addr'));
@@ -82,8 +81,8 @@ public function editProject()
 
     public function publish()
     {
-        //TODO 根据用户权限判断
         $id = intval(Input::get('id'));
+        $this->check_own($id);
         $project = Project::with('servers')->find($id);
         if(!$id || !$project)
         {
@@ -94,8 +93,8 @@ public function publish()
 
     public function dopublish()
     {
-        //TODO 根据用户权限判断
         $id = intval(Input::get('id'));
+        $this->check_own($id);
         $project = Project::find($id);
         if(!$id || !$project)
         {
@@ -131,8 +130,8 @@ public function queryStatus()
 
     public function getSrclog()
     {
-        //TODO 根据用户权限判断
         $id = intval(Input::get('id'));
+        $this->check_own($id);
         $project = Project::with('servers')->find($id);
         if(!$id || !$project)
         {

diff --git a/publisher/app/controllers/ServersController.php b/publisher/app/controllers/ServersController.php
@@ -15,6 +15,11 @@ public function editServer()
             $server = Server::find($id);
         }
         $project_id = intval(Input::get("project_id"));
+        //权限
+        if(!Auth::user()->pj_is_mine($project_id))
+        {
+            $project_id = 0;
+        }
         $error = '';
         if (Request::isMethod('post'))
         {
@@ -44,7 +49,7 @@ public function editServer()
             }
         }
         //当前用户拥有的所有项目
-        $projects = Project::all();
+        $projects = Project::whereIn('id',Auth::user()->pj_ids())->get();
         $prj_list = array();
         foreach ($projects as $value) {
             $prj_list[$value->id] = $value->title;

diff --git a/publisher/app/models/User.php b/publisher/app/models/User.php
@@ -24,4 +24,26 @@ class User extends Eloquent implements UserInterface, RemindableInterface {
 	 */
 	protected $hidden = array('password', 'remember_token');
 
+	public function pj_ids()
+	{
+		if(!Session::has("pj_ids"))
+		{
+			$ids = array();
+			if($this->is_superadmin)
+			{
+				$ids = Project::lists("id");
+			}
+			else
+			{
+				$ids = UserProjectRelation::where('uid',$this->id)->lists("prj_id");
+			}
+			Session::put("pj_ids",$ids);
+		}
+		return Session::get("pj_ids");
+	}
+
+	public function pj_is_mine($id)
+	{
+		return in_array($id, $this->pj_ids());
+	}
 }
diff --git a/publisher/app/models/UserProjectRelation.php b/publisher/app/models/UserProjectRelation.php
@@ -0,0 +1,7 @@
+<?php
+
+class UserProjectRelation extends Eloquent {
+
+    protected $table = 'user_projects';
+    public $timestamps = false;
+}
diff --git a/publisher/app/routes.php b/publisher/app/routes.php
@@ -33,6 +33,7 @@
 Route::any('login','HomeController@login');
 Route::get('logout',function(){
 	Auth::logout();
+    Session::flush();
 	return Redirect::guest('login');
 });