love_php/app/Http/Middleware/CheckPermission.php

<?php

namespace App\Http\Middleware;

use App\Models\Admin;
use App\Models\Rbac\Permission;
use App\Models\Rbac\RolePermission;
use App\Models\Rbac\RoleUser;
use App\Models\Rbac\UserPermission;
use App\Models\User;
use Closure;

class CheckPermission
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $user = auth()->user();
        if (empty($user)) {
            $user = $this->authCheck();
        }
        if (empty($user)) {
            return $this->failure('请登录后访问');
        }

        $has_permission_id = UserPermission::where('user_id', $user->id)->pluck('permission_id')->toArray();
        if(empty($has_permission_id)){
            return $this->failure('没有权限');
        }

        //是否是超级管理员
        $path = $request->path();
        $method = $request->method();
        $permission_id = Permission::where(function($query) use ($path, $method){
            $query->where('http_method', 'like', '%'.$method.'%')->where('http_path', 'like', '%'.$path.'%');
        })->orWhere(function($query) use ($path, $method){
            $query->where('http_method', 'like', '%'.$method.'%')->where('http_path', '*');
        })->orWhere(function($query) use ($path, $method){
            $query->where('http_method', 'ANY')->where('http_path', 'like', '%'.$path.'%');
        })->orWhere(function($query) use ($path, $method){
            $query->where('http_method', 'ANY')->where('http_path', '*');
        })->pluck('id')->toArray();
        if(!array_intersect($has_permission_id, $permission_id)){
            return $this->failure('没有权限');
        }

        return $next($request);
    }


    public function failure($msg)
    {
        $result = [
            'code'=> 1,
            'message'=> $msg,
        ];
        return Response()->json($result);
    }
}
first commit 2026-04-02 09:20:51 +08:00			`<?php`

			`namespace App\Http\Middleware;`

			`use App\Models\Admin;`
			`use App\Models\Rbac\Permission;`
			`use App\Models\Rbac\RolePermission;`
			`use App\Models\Rbac\RoleUser;`
			`use App\Models\Rbac\UserPermission;`
			`use App\Models\User;`
			`use Closure;`

			`class CheckPermission`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
			`* @return mixed`
			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`$user = auth()->user();`
			`if (empty($user)) {`
			`$user = $this->authCheck();`
			`}`
			`if (empty($user)) {`
			`return $this->failure('请登录后访问');`
			`}`

			`$has_permission_id = UserPermission::where('user_id', $user->id)->pluck('permission_id')->toArray();`
			`if(empty($has_permission_id)){`
			`return $this->failure('没有权限');`
			`}`

			`//是否是超级管理员`
			`$path = $request->path();`
			`$method = $request->method();`
			`$permission_id = Permission::where(function($query) use ($path, $method){`
			`$query->where('http_method', 'like', '%'.$method.'%')->where('http_path', 'like', '%'.$path.'%');`
			`})->orWhere(function($query) use ($path, $method){`
			`$query->where('http_method', 'like', '%'.$method.'%')->where('http_path', '*');`
			`})->orWhere(function($query) use ($path, $method){`
			`$query->where('http_method', 'ANY')->where('http_path', 'like', '%'.$path.'%');`
			`})->orWhere(function($query) use ($path, $method){`
			`$query->where('http_method', 'ANY')->where('http_path', '*');`
			`})->pluck('id')->toArray();`
			`if(!array_intersect($has_permission_id, $permission_id)){`
			`return $this->failure('没有权限');`
			`}`

			`return $next($request);`
			`}`


			`public function failure($msg)`
			`{`
			`$result = [`
			`'code'=> 1,`
			`'message'=> $msg,`
			`];`
			`return Response()->json($result);`
			`}`
			`}`