加入超级管理员不受权限控制

modules/common/base/base_controller.js

@@ -59,28 +59,30 @@ class BaseController {
         }
 
         try {
-            // 校验权限
-            let currentPermission = request.session.managerData.permission;
-            currentPermission = currentPermission.split(',');
-            let withoutPermission = ['login', 'dashboard'];
-            // 工具页面整合
-            let toolPermission = ['rationRepository', 'stdBillsmain'];
-            let hasToolPermission = false;
-            if (controller === 'tool') {
-                for (let tmpPermission of toolPermission) {
-                    if (currentPermission.indexOf(tmpPermission) >= 0) {
-                        hasToolPermission = true;
-                        break;
+            // 如果不适超级管理员则判断权限
+            let sessionManager = request.session.managerData;
+            if (sessionManager.superAdmin !== 1) {
+                let currentPermission = sessionManager.permission;
+                // 校验权限
+                currentPermission = currentPermission.split(',');
+                let withoutPermission = ['login', 'dashboard'];
+                // 工具页面整合
+                let toolPermission = ['rationRepository', 'stdBillsmain'];
+                let hasToolPermission = false;
+                if (controller === 'tool') {
+                    for (let tmpPermission of toolPermission) {
+                        if (currentPermission.indexOf(tmpPermission) >= 0) {
+                            hasToolPermission = true;
+                            break;
+                        }
                     }
                 }
-            }
 
-            if (!hasToolPermission && withoutPermission.indexOf(controller) < 0 &&
-                (currentPermission.length <= 0 || currentPermission.indexOf(controller)) < 0) {
-                console.log(currentPermission);
-                console.log(controller);
+                if (!hasToolPermission && withoutPermission.indexOf(controller) < 0 &&
+                    (currentPermission.length <= 0 || currentPermission.indexOf(controller)) < 0) {
 
-                throw '没有权限';
+                    throw '没有权限';
+                }
             }
 
             // 菜单数据
@@ -95,7 +97,7 @@ class BaseController {
             response.locals.action = action;
 
             // 用户session数据
-            response.locals.manager = request.session.managerData;
+            response.locals.manager = sessionManager;
 
             // moment工具
             response.locals.moment = Moment;
@@ -141,6 +143,7 @@ class BaseController {
 
         next();
     }
+
 }
 
 export default BaseController;

modules/users/controllers/login_controller.js

@@ -52,13 +52,13 @@ class LoginController extends BaseController {
             let currentTime = new Date().getTime();
             let sessionToken = crypto.createHmac('sha1', currentTime + '').update(managerData.username)
                 .digest().toString('base64');
-
             let managerSession = {
                 username: managerData.username,
                 loginTime: currentTime,
                 sessionToken: sessionToken,
                 userID: managerData.id,
-                permission: managerData.permission === undefined ? '' : managerData.permission
+                permission: managerData.permission === undefined ? '' : managerData.permission,
+                superAdmin: managerData.super_admin
             };
             request.session.managerData = managerSession;
         } catch (error) {