Accueil Explorer Aide
Connexion
SmartCost
/
ConstructionOperation
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

加入超级管理员不受权限控制

caiaolin il y a 8 ans
Parent
fbc7e2bfaf
commit
35349f3c2d
2 fichiers modifiés avec 24 ajouts et 21 suppressions
Vue séparée Afficher les stats Diff
  1. 22 19
      modules/common/base/base_controller.js
  2. 2 2
      modules/users/controllers/login_controller.js

+ 22 - 19
modules/common/base/base_controller.js
Voir le fichier 

@@ -59,28 +59,30 @@ class BaseController {
 
         }
 
 
         try {
 
-            // 校验权限
 
-            let currentPermission = request.session.managerData.permission;
 
-            currentPermission = currentPermission.split(',');
 
-            let withoutPermission = ['login', 'dashboard'];
 
-            // 工具页面整合
 
-            let toolPermission = ['rationRepository', 'stdBillsmain'];
 
-            let hasToolPermission = false;
 
-            if (controller === 'tool') {
 
-                for (let tmpPermission of toolPermission) {
 
-                    if (currentPermission.indexOf(tmpPermission) >= 0) {
 
-                        hasToolPermission = true;
 
-                        break;
 
+            // 如果不适超级管理员则判断权限
 
+            let sessionManager = request.session.managerData;
 
+            if (sessionManager.superAdmin !== 1) {
 
+                let currentPermission = sessionManager.permission;
 
+                // 校验权限
 
+                currentPermission = currentPermission.split(',');
 
+                let withoutPermission = ['login', 'dashboard'];
 
+                // 工具页面整合
 
+                let toolPermission = ['rationRepository', 'stdBillsmain'];
 
+                let hasToolPermission = false;
 
+                if (controller === 'tool') {
 
+                    for (let tmpPermission of toolPermission) {
 
+                        if (currentPermission.indexOf(tmpPermission) >= 0) {
 
+                            hasToolPermission = true;
 
+                            break;
 
+                        }
 
                     }
 
                 }
 
-            }
 
 
-            if (!hasToolPermission && withoutPermission.indexOf(controller) < 0 &&
 
-                (currentPermission.length <= 0 || currentPermission.indexOf(controller)) < 0) {
 
-                console.log(currentPermission);
 
-                console.log(controller);
 
+                if (!hasToolPermission && withoutPermission.indexOf(controller) < 0 &&
 
+                    (currentPermission.length <= 0 || currentPermission.indexOf(controller)) < 0) {
 
 
-                throw '没有权限';
 
+                    throw '没有权限';
 
+                }
 
             }
 
 
             // 菜单数据
 
@@ -95,7 +97,7 @@ class BaseController {
 
             response.locals.action = action;
 
 
             // 用户session数据
 
-            response.locals.manager = request.session.managerData;
 
+            response.locals.manager = sessionManager;
 
 
             // moment工具
 
             response.locals.moment = Moment;
 
@@ -141,6 +143,7 @@ class BaseController {
 
 
         next();
 
     }
 
+
 
 }
 
 
 export default BaseController;

+ 2 - 2
modules/users/controllers/login_controller.js
Voir le fichier 

@@ -52,13 +52,13 @@ class LoginController extends BaseController {
 
             let currentTime = new Date().getTime();
 
             let sessionToken = crypto.createHmac('sha1', currentTime + '').update(managerData.username)
 
                 .digest().toString('base64');
 
-
 
             let managerSession = {
 
                 username: managerData.username,
 
                 loginTime: currentTime,
 
                 sessionToken: sessionToken,
 
                 userID: managerData.id,
 
-                permission: managerData.permission === undefined ? '' : managerData.permission
 
+                permission: managerData.permission === undefined ? '' : managerData.permission,
 
+                superAdmin: managerData.super_admin
 
             };
 
             request.session.managerData = managerSession;
 
         } catch (error) {