crm/app/middleware/Auth.php

<?php

namespace app\middleware;

use app\model\Employee;
use app\model\Grant;
use app\model\GrantedAuth;
use app\model\Org;
use app\model\Permission;
use think\exception\HttpException;
use think\facade\Session;

class Auth
{
    public function handle($request, \Closure $next)
    {
        // 获取控制器
        $controller = lcfirst($request->controller());
        $action = lcfirst($request->action());
        // 如果是登陆相关操作   wisdom智慧屏演示
        if ($controller == 'login' || $controller == 'wisdom') return $next($request);
        // 微信绑定页面
        if ($controller == 'index' && $action == 'wechat') return $next($request);
        // 判断是否登陆
        $employee =  session('employee');

        $domain = request()->domain();
        $url = strpos($domain,"zqxg.cc")!==false ? url('manage/login/index') : url('login/index');
        if (empty($employee)) return redirect($url);

        // 如果是多企业页面
        if ($controller == 'index' && $action == 'company') return $next($request);
        // 如果上传文件
        if ($action == 'osscallback') return $next($request);
        // 如果是多企业
        if (is_string($employee)) return redirect(url('index/company'));

        $sessionId = cache('employee_' . $employee['phone']);
        if(!empty($sessionId) && $sessionId != Session::getId()){
            Session::clear();
            return response('<script>alert("您的账号已在其他地方登录");location.href="'.url('login/index').'"</script>');
        }

        $line = Employee::where([['id', '=', $employee->id], ['grant_id', '<>', '0']])->count();
        if (!$line) {
            $employee = null;
            Session::clear();
            return redirect(url('login/index'));
        }

        // 获取用户权限
        // $grant = cache('grant_' . $employee->grand_id);
        // if (is_null($grant)) {
        $permissionIds = Grant::where('id', $employee->grant_id)->value('permission');
        $permissionIds = is_null($permissionIds) ? [] : $permissionIds;
        $permission = Permission::where([['id', 'in', $permissionIds], ['uri', '<>', '']])->column('uri,relation');
        $relation = explode(',', implode(',', array_column($permission, 'relation')));
        $grant = array_merge(array_column($permission, 'uri'), $relation);
        // cache('grant_' . $employee->grand_id, $grant);
        // }
        // 获取用户组织
        // $org = [$employee->org_id];
        // if ($employee->is_manager) {
        //     $org = cache('org_manager_' . $employee->org_id);
        //     if (is_null($org)) {
                // $org = orgSubIds($employee->org_id);
                //$org = (new Org())->getChildOrg($employee->org_id);
        //         cache('org_manager_' . $employee->org_id, $org);
        //     }
        // }

        $org = orgSubIds($employee->root_id);

        // 设置请求信息
        $request->employee = $employee;
        $request->grant = $grant;
        $request->org = $org;

        // 不验证权限页面
        if ($controller == 'index' || $controller == 'backup' || $controller=='ueditor') return $next($request);
        // 如果是查询获取企业人员
        if ($controller == 'statistics' && $action == 'get_person') return $next($request);
        if ($controller == 'org' && $action == 'employee') return $next($request);
        
        // 关联企业权限
        // $request->granted = (new GrantedAuth())->getIdsByAuth($controller . '_' . $action, $employee['root_id']);
        // 判断是否有权限
        $grant = array_unique($grant);
        if (!in_array($controller . '/' . $action, $grant)) {
            if ($request->isAjax()) {
                return json(['code' => 1, 'msg' => '无权限']);
            }
            throw new HttpException(404, '无权限');
        }

        return $next($request);
    }
}