alter 前后台用户添加额外属性区分isAdmin\ 超级管理员isSuperAdmin

wenrouzei · wenrouzei · commit b32072399ca4 · 2016-12-23T16:16:26.000+08:00
、gate权限验证优化、后台用户管理优化
diff --git a/app/Http/Controllers/Admin/UserController.php b/app/Http/Controllers/Admin/UserController.php
@@ -122,12 +122,12 @@ public function show($id)
      */
     public function edit($id)
     {
-        if($id == 1 && Auth::guard('admin')->user()->id !=1){//id=1的超级管理员只能自己修改
+        $user = User::findOrFail($id);
+
+        if(!Auth::guard('admin')->user()->isSuperAdmin && $user->isSuperAdmin){//超级管理员只能自己修改
             return response()->view('admin.errors.403', ['previousUrl'=>\URL::previous()]);
         }
 
-        $user = User::findOrFail($id);
-
         $roles = [];
         if ($user->roles) {
             foreach ($user->roles as $v) {
@@ -140,6 +140,7 @@ public function edit($id)
         }
         $data['rolesAll'] = Role::all()->toArray();
         $data['id'] = (int)$id;
+        $data['isSuperAdmin'] = $user->isSuperAdmin;
         return view('admin.user.edit', $data);
     }
 
@@ -152,11 +153,12 @@ public function edit($id)
      */
     public function update(Requests\AdminUserUpdateRequest $request, $id)
     {
-        if($id == 1 && Auth::guard('admin')->user()->id !=1){//id=1的超级管理员只能自己修改
+        $user = User::findOrFail($id);
+
+        if(!Auth::guard('admin')->user()->isSuperAdmin && $user->isSuperAdmin){//超级管理员只能自己修改
             return response()->view('admin.errors.403', ['previousUrl'=>\URL::previous()]);
         }
 
-        $user = User::findOrFail($id);
         foreach ($this->fields as $field => $default) {
             $user->$field = $request->input($field);
         }
@@ -184,14 +186,18 @@ public function destroy($id)
     {
         $user = User::findOrFail($id);
 
+        if($user->isSuperAdmin){//超级管理员不能删除
+            return redirect()->back()->withErrors("操作失败，不能删除超级管理员！");
+        }
+
         // foreach ($user->roles as $v) {
         //     $user->roles()->detach($v);
         // }
 
         // 移除用户身上所有身份...
         $user->roles()->detach();
 
-        if ($user && $user->id != 1 && $user->delete()) {//id=1的超级管理员不能删除
+        if ($user && $user->delete()) {//超级管理员不能删除
             return redirect()->back()->withSuccess("删除成功！");
         } else {
             return redirect()->back()->withErrors("删除失败！");
diff --git a/app/Models/Admin/AdminUser.php b/app/Models/Admin/AdminUser.php
@@ -23,6 +23,9 @@ class AdminUser extends Authenticatable
      */
     protected $hidden = ['password', 'remember_token'];
 
+    //获取模型的json或数组返回值中添加数据库字段中不存在的属性
+    protected $appends = ['isSuperAdmin'];
+
     //用户角色
     public function roles()
     {
@@ -66,4 +69,22 @@ public function hasPermission($permission)
     //     }
     //     return true;
     // }
+    // 
+    
+    /**
+     * 访问不存在属性时，通过该方法添加额外属性识别后台登录用户，区分前端登录用户
+     * @return boolean [description]
+     */
+    public function getIsAdminAttribute()
+    {
+        return true;
+    }
+
+    /**
+     * 访问不存在属性时，通过该方法添加额外属性识别是否是超级管理员，id==1为超级管理员账号？
+     * @return [type] [description]
+     */
+    public function getIsSuperAdminAttribute(){
+        return $this->id == 1;
+    }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -26,4 +26,14 @@ class User extends Authenticatable
     protected $hidden = [
         'password', 'remember_token',
     ];
+
+
+    /**
+     * 访问不存在属性时，通过该方法添加额外属性识别前端登录用户，区分后台登录用户
+     * @return boolean [description]
+     */
+    public function getIsAdminAttribute()
+    {
+        return false;
+    }
 }
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
@@ -2,10 +2,8 @@
 
 namespace App\Providers;
 
-use App\Http\Requests\Request;
-use Illuminate\Contracts\Auth\Access\Gate as GateContract;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
-use League\Flysystem\Exception;
 
 class AuthServiceProvider extends ServiceProvider
 {
@@ -26,28 +24,35 @@ class AuthServiceProvider extends ServiceProvider
      *
      * @return void
      */
-    public function boot(GateContract $gate)
+    public function boot()
     {
         // if(!empty($_SERVER['SCRIPT_NAME']) && strtolower($_SERVER['SCRIPT_NAME']) ==='artisan' ){
         //     return false;
         // }
         
         $this->registerPolicies();
         
-        $gate->before(function ($user, $ability) {
-            if ($user->id === 1) {//超级管理员绕过gate验证
-                return true;
+        Gate::before(function ($user, $ability) {
+
+            if($user->isAdmin){//后台登录用户才进行gate权限授权 区分前台登录用户 用户模型getIsAdminAttribute添加方法返回值识别
+                
+                if ($user->isSuperAdmin) {//超级管理员绕过gate验证
+                    return true;
+                }
+
+                $permissions = \App\Models\Admin\Permission::with('roles')->get();
+
+                foreach ($permissions as $permission) {
+                    Gate::define($permission->name, function ($user) use ($permission) {
+                        return $user->hasPermission($permission);
+                    });
+                }
+
             }
-        });
 
+        });
 
-        $permissions = \App\Models\Admin\Permission::with('roles')->get();
 
-        foreach ($permissions as $permission) {
-            $gate->define($permission->name, function ($user) use ($permission) {
-                return $user->hasPermission($permission);
-            });
-        }
     }
 
 
diff --git a/resources/views/admin/user/_form.blade.php b/resources/views/admin/user/_form.blade.php
@@ -28,7 +28,7 @@
 
 <div class="form-group">
     <label for="tag" class="col-md-3 control-label">角色列表</label>
-    @if(isset($id)&&$id==1)
+    @if($isSuperAdmin)
         <div class="col-md-4" style="float:left;padding-left:20px;margin-top:8px;"><h2>超级管理员</h2></div>
     @else
         <div class="col-md-6">
diff --git a/resources/views/admin/user/index.blade.php b/resources/views/admin/user/index.blade.php
@@ -129,7 +129,7 @@
                     {
                         'targets': -1, "render": function (data, type, row) {
                         var caozuo = '<a style="margin:3px;" href="{{ url("/admin/user") }}/' + row['id'] + '/edit" class="X-Small btn-xs text-success "><i class="fa fa-edit"></i> 编辑</a>';
-                        if (row['id'] != 1) {
+                        if (row['isSuperAdmin'] == false) {
                             caozuo += '<a style="margin:3px;" href="#" attr="' + row['id'] + '" class="delBtn X-Small btn-xs text-danger "><i class="fa fa-trash"></i> 删除</a>';
                         }
                         return caozuo;

Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@`
`129`	`129`	`{`
`130`	`130`	`'targets': -1, "render": function (data, type, row) {`
`131`	`131`	`var caozuo = '<a style="margin:3px;" href="{{ url("/admin/user") }}/' + row['id'] + '/edit" class="X-Small btn-xs text-success "><i class="fa fa-edit"></i> 编辑</a>';`
`132`		`- if (row['id'] != 1) {`
	`132`	`+ if (row['isSuperAdmin'] == false) {`
`133`	`133`	`caozuo += '<a style="margin:3px;" href="#" attr="' + row['id'] + '" class="delBtn X-Small btn-xs text-danger "><i class="fa fa-trash"></i> 删除</a>';`
`134`	`134`	`}`
`135`	`135`	`return caozuo;`