From bf698e858e7bea8ff0dd7e272d192229243bdba5 Mon Sep 17 00:00:00 2001 From: 15090180611 <215509543@qq.com> Date: Thu, 27 Mar 2025 18:06:54 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8E=9F=E5=90=8E=E5=8F=B0=E7=89=B9=E6=9D=83?= =?UTF-8?q?=E8=AE=BE=E7=BD=AEapi=E5=90=8E=E5=8F=B0=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=92=8C=E6=9D=83=E9=99=90=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=20api=E5=90=8E=E5=8F=B0=E6=8E=A5=E5=8F=A3=E8=B0=83=E7=94=A8?= =?UTF-8?q?=E7=99=BB=E5=BD=95=E9=AA=8C=E8=AF=81=E5=9F=BA=E7=B1=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/admin/controller/auth/Admin.php | 6 +- .../admin/controller/auth/api/Group.php | 6 +- application/admin/library/Auth.php | 19 + application/admin/model/Admin.php | 19 + application/admin/validate/ApiAuthRule.php | 52 ++ application/adminapi/common.php | 1 + application/adminapi/config.php | 6 + application/adminapi/lang/zh-cn.php | 102 ++++ application/adminapi/lang/zh-cn/common.php | 3 + .../lang/zh-cn/csmtable/xc_clogin_api.php | 7 + application/adminapi/lang/zh-cn/user.php | 39 ++ .../lang/zh-cn/xilufitness/xilufitess.php | 21 + application/adminapi/library/Auth.php | 465 ++++++++++++++++++ .../adminapi/library/ExceptionHandle.php | 37 ++ application/common/controller/AdminApi.php | 130 +++++ 15 files changed, 907 insertions(+), 6 deletions(-) create mode 100644 application/admin/validate/ApiAuthRule.php create mode 100644 application/adminapi/common.php create mode 100644 application/adminapi/config.php create mode 100644 application/adminapi/lang/zh-cn.php create mode 100644 application/adminapi/lang/zh-cn/common.php create mode 100644 application/adminapi/lang/zh-cn/csmtable/xc_clogin_api.php create mode 100644 application/adminapi/lang/zh-cn/user.php create mode 100644 application/adminapi/lang/zh-cn/xilufitness/xilufitess.php create mode 100644 application/adminapi/library/Auth.php create mode 100644 application/adminapi/library/ExceptionHandle.php create mode 100644 application/common/controller/AdminApi.php diff --git a/application/admin/controller/auth/Admin.php b/application/admin/controller/auth/Admin.php index f62afc1..1d32fba 100644 --- a/application/admin/controller/auth/Admin.php +++ b/application/admin/controller/auth/Admin.php @@ -187,7 +187,7 @@ class Admin extends Backend } - $apigroup = array_intersect($this->childrenApiGroupIds, $group); + $apigroup = array_intersect($this->childrenApiGroupIds, $apigroup); if (!$apigroup) { exception(__('The parent group exceeds permission limit')); } @@ -272,7 +272,7 @@ class Admin extends Backend exception(__('The parent group exceeds permission limit')); } - $apigroup = array_intersect($this->childrenApiGroupIds, $group); + $apigroup = array_intersect($this->childrenApiGroupIds, $apigroup); if (!$apigroup) { exception(__('The parent group exceeds permission limit')); } @@ -287,7 +287,7 @@ class Admin extends Backend $dataset = []; foreach ($apigroup as $value) { - $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; + $dataset[] = ['uid' => $row->id, 'group_id' => $value]; } (new \app\admin\model\api\AuthGroupAccess())->saveAll($dataset); diff --git a/application/admin/controller/auth/api/Group.php b/application/admin/controller/auth/api/Group.php index 360b698..5bedb09 100644 --- a/application/admin/controller/auth/api/Group.php +++ b/application/admin/controller/auth/api/Group.php @@ -36,7 +36,7 @@ class Group extends Backend parent::_initialize(); $this->model = new AuthGroup; - $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true); + $this->childrenGroupIds = $this->auth->getChildrenApiGroupIds(true); $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray(); @@ -45,7 +45,7 @@ class Group extends Backend if ($this->auth->isSuperAdmin()) { $groupList = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0)); } else { - $groups = $this->auth->getGroups(); + $groups = $this->auth->getApiGroups(); $groupIds = []; foreach ($groups as $m => $n) { if (in_array($n['id'], $groupIds) || in_array($n['pid'], $groupIds)) { @@ -64,7 +64,7 @@ class Group extends Backend $this->grouplist = $groupList; $this->groupdata = $groupName; - $this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $this->auth->getGroupIds()]); + $this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $this->auth->getApiGroupIds()]); $this->view->assign('groupdata', $this->groupdata); } diff --git a/application/admin/library/Auth.php b/application/admin/library/Auth.php index cb95a5a..3a01b38 100644 --- a/application/admin/library/Auth.php +++ b/application/admin/library/Auth.php @@ -637,4 +637,23 @@ class Auth extends \fast\Auth } + + /** + * 获取管理员所属于的分组ID + * @param int $uid + * @return array + */ + public function getApiGroupIds($uid = null) + { + $groups = $this->getApiGroups($uid); + $groupIds = []; + foreach ($groups as $K => $v) { + $groupIds[] = (int)$v['group_id']; + } + return $groupIds; + } + + + + } diff --git a/application/admin/model/Admin.php b/application/admin/model/Admin.php index 79975f5..6c778a1 100644 --- a/application/admin/model/Admin.php +++ b/application/admin/model/Admin.php @@ -20,6 +20,25 @@ class Admin extends Model 'salt' ]; + + + /** + * 获取会员的组别 + */ + public function getGroupsAttr($value, $data) + { + $group_ids = \app\admin\model\api\AuthGroupAccess::where("uid", $data['id'])->column("group_id"); + if(!$group_ids)return []; + + $groups = \app\admin\model\api\AuthGroup::where("id","in",$group_ids)->select(); + return $groups; + } + + + + + + public static function init() { self::beforeWrite(function ($row) { diff --git a/application/admin/validate/ApiAuthRule.php b/application/admin/validate/ApiAuthRule.php new file mode 100644 index 0000000..b249804 --- /dev/null +++ b/application/admin/validate/ApiAuthRule.php @@ -0,0 +1,52 @@ + '[a-z0-9_\/]+']; + + /** + * 验证规则 + */ + protected $rule = [ + 'name' => 'require|unique:ApiAuthRule', + 'title' => 'require', + ]; + + /** + * 提示消息 + */ + protected $message = [ + 'name.format' => 'URL规则只能是小写字母、数字、下划线和/组成' + ]; + + /** + * 字段描述 + */ + protected $field = [ + ]; + + /** + * 验证场景 + */ + protected $scene = [ + ]; + + public function __construct(array $rules = [], $message = [], $field = []) + { + $this->field = [ + 'name' => __('Name'), + 'title' => __('Title'), + ]; + $this->message['name.format'] = __('Name only supports letters, numbers, underscore and slash'); + parent::__construct($rules, $message, $field); + } + +} diff --git a/application/adminapi/common.php b/application/adminapi/common.php new file mode 100644 index 0000000..b3d9bbc --- /dev/null +++ b/application/adminapi/common.php @@ -0,0 +1 @@ + '\\app\\api\\library\\ExceptionHandle', +]; diff --git a/application/adminapi/lang/zh-cn.php b/application/adminapi/lang/zh-cn.php new file mode 100644 index 0000000..e0531bf --- /dev/null +++ b/application/adminapi/lang/zh-cn.php @@ -0,0 +1,102 @@ + '保持会话', + 'Username' => '用户名', + 'User id' => '会员ID', + 'Nickname' => '昵称', + 'Password' => '密码', + 'Sign up' => '注 册', + 'Sign in' => '登 录', + 'Sign out' => '退 出', + 'Guest' => '游客', + 'Welcome' => '%s,你好!', + 'Add' => '添加', + 'Edit' => '编辑', + 'Delete' => '删除', + 'Move' => '移动', + 'Name' => '名称', + 'Status' => '状态', + 'Weigh' => '权重', + 'Operate' => '操作', + 'Warning' => '温馨提示', + 'Default' => '默认', + 'Article' => '文章', + 'Page' => '单页', + 'OK' => '确定', + 'Cancel' => '取消', + 'Loading' => '加载中', + 'More' => '更多', + 'Normal' => '正常', + 'Hidden' => '隐藏', + 'Submit' => '提交', + 'Reset' => '重置', + 'Execute' => '执行', + 'Close' => '关闭', + 'Search' => '搜索', + 'Refresh' => '刷新', + 'First' => '首页', + 'Previous' => '上一页', + 'Next' => '下一页', + 'Last' => '末页', + 'None' => '无', + 'Home' => '主页', + 'Online' => '在线', + 'Logout' => '退出', + 'Profile' => '个人资料', + 'Index' => '首页', + 'Hot' => '热门', + 'Recommend' => '推荐', + 'Dashboard' => '控制台', + 'Code' => '编号', + 'Message' => '内容', + 'Line' => '行号', + 'File' => '文件', + 'Menu' => '菜单', + 'Type' => '类型', + 'Title' => '标题', + 'Content' => '内容', + 'Append' => '追加', + 'Memo' => '备注', + 'Parent' => '父级', + 'Params' => '参数', + 'Permission' => '权限', + 'Advance search' => '高级搜索', + 'Check all' => '选中全部', + 'Expand all' => '展开全部', + 'Begin time' => '开始时间', + 'End time' => '结束时间', + 'Create time' => '创建时间', + 'Flag' => '标志', + 'Please login first' => '请登录后操作', + 'Uploaded successful' => '上传成功', + 'You can upload up to %d file%s' => '你最多还可以上传%d个文件', + 'You can choose up to %d file%s' => '你最多还可以选择%d个文件', + 'Chunk file write error' => '分片写入失败', + 'Chunk file info error' => '分片文件错误', + 'Chunk file merge error' => '分片合并错误', + 'Chunk file disabled' => '未开启分片上传功能', + 'Cancel upload' => '取消上传', + 'Upload canceled' => '上传已取消', + 'No file upload or server upload limit exceeded' => '未上传文件或超出服务器上传限制', + 'Uploaded file format is limited' => '上传文件格式受限制', + 'Uploaded file is not a valid image' => '上传文件不是有效的图片文件', + 'Are you sure you want to cancel this upload?' => '确定取消上传?', + 'Remove file' => '移除文件', + 'You can only upload a maximum of %s files' => '你最多允许上传 %s 个文件', + 'You can\'t upload files of this type' => '不允许上传的文件类型', + 'Server responded with %s code' => '服务端响应(Code:%s)', + 'File is too big (%sMiB), Max filesize: %sMiB.' => '当前上传(%sM),最大允许上传文件大小:%sM', + 'Redirect now' => '立即跳转', + 'Operation completed' => '操作成功!', + 'Operation failed' => '操作失败!', + 'Unknown data format' => '未知的数据格式!', + 'Network error' => '网络错误!', + 'Advanced search' => '高级搜索', + 'Invalid parameters' => '未知参数', + 'No results were found' => '记录未找到', + 'Parameter %s can not be empty' => '参数%s不能为空', + 'You have no permission' => '你没有权限访问', + 'An unexpected error occurred' => '发生了一个意外错误,程序猿正在紧急处理中', + 'This page will be re-directed in %s seconds' => '页面将在 %s 秒后自动跳转', +]; diff --git a/application/adminapi/lang/zh-cn/common.php b/application/adminapi/lang/zh-cn/common.php new file mode 100644 index 0000000..0b67a5f --- /dev/null +++ b/application/adminapi/lang/zh-cn/common.php @@ -0,0 +1,3 @@ + '验证码不正确', + 'Account is locked' => '账户已经被锁定', + +]; diff --git a/application/adminapi/lang/zh-cn/user.php b/application/adminapi/lang/zh-cn/user.php new file mode 100644 index 0000000..e98e4cd --- /dev/null +++ b/application/adminapi/lang/zh-cn/user.php @@ -0,0 +1,39 @@ + '会员中心', + 'Register' => '注册', + 'Login' => '登录', + 'Sign up successful' => '注册成功', + 'Username can not be empty' => '用户名不能为空', + 'Username must be 3 to 30 characters' => '用户名必须3-30个字符', + 'Username must be 6 to 30 characters' => '用户名必须6-30个字符', + 'Password can not be empty' => '密码不能为空', + 'Password must be 6 to 30 characters' => '密码必须6-30个字符', + 'Mobile is incorrect' => '手机格式不正确', + 'Username already exist' => '用户名已经存在', + 'Nickname already exist' => '昵称已经存在', + 'Email already exist' => '邮箱已经存在', + 'Mobile already exist' => '手机号已经存在', + 'Username is incorrect' => '用户名不正确', + 'Email is incorrect' => '邮箱不正确', + 'Account is locked' => '账户已经被锁定', + 'Password is incorrect' => '密码不正确', + 'Account is incorrect' => '账户不正确', + 'Account not exist' => '账户不存在', + 'Account can not be empty' => '账户不能为空', + 'Username or password is incorrect' => '用户名或密码不正确', + 'You are not logged in' => '你当前还未登录', + 'You\'ve logged in, do not login again' => '你已经存在,请不要重复登录', + 'Profile' => '个人资料', + 'Verify email' => '邮箱验证', + 'Change password' => '修改密码', + 'Captcha is incorrect' => '验证码不正确', + 'Logged in successful' => '登录成功', + 'Logout successful' => '退出成功', + 'Operation failed' => '操作失败', + 'Invalid parameters' => '参数不正确', + 'Change password failure' => '修改密码失败', + 'Change password successful' => '修改密码成功', + 'Reset password successful' => '重置密码成功', +]; diff --git a/application/adminapi/lang/zh-cn/xilufitness/xilufitess.php b/application/adminapi/lang/zh-cn/xilufitness/xilufitess.php new file mode 100644 index 0000000..8320a25 --- /dev/null +++ b/application/adminapi/lang/zh-cn/xilufitness/xilufitess.php @@ -0,0 +1,21 @@ + '参数错误', + 'Registration login failed' => '注册登录失败', + 'Mobile' => '手机号', + 'Openid' => '小程序Openid', + 'Mobile is already exists' => '手机号已存在', + 'Nickname' => '用户昵称', + 'Avatar' => '用户头像', + 'User_id' => '用户Id', + 'Brand_id' => '所属品牌商', + 'Order_no' => '订单号', + 'Recharge_id' => '充值套餐', + 'Pay_amount' => '支付金额', + 'Coach_id' => '教练Id', + 'Start_at' => '开始时间', + 'end_at' => '结束时间', + 'Report_description' => '请假事由', +]; diff --git a/application/adminapi/library/Auth.php b/application/adminapi/library/Auth.php new file mode 100644 index 0000000..a93f12d --- /dev/null +++ b/application/adminapi/library/Auth.php @@ -0,0 +1,465 @@ +config = array_merge($this->config, $config); + } + $this->options = array_merge($this->config, $options); + } + + + /** + * + * @param array $options 参数 + * @return \app\common\library\Auth + */ + public static function instance($options = []) + { + if (is_null(self::$instance)) { + self::$instance = new static($options); + } + + return self::$instance; + } + + + /** + * 获取User模型 + * @return User + */ + public function getUser() + { + return $this->_user; + } + + /** + * 兼容调用user模型的属性 + * + * @param string $name + * @return mixed + */ + public function __get($name) + { + return $this->_user ? $this->_user->$name : null; + } + + /** + * 兼容调用user模型的属性 + */ + public function __isset($name) + { + return isset($this->_user) ? isset($this->_user->$name) : false; + } + + + /** + * 根据Token初始化 + * + * @param string $token Token + * @return boolean + */ + public function init($token) + { + if ($this->_logined) { + return true; + } + if ($this->_error) { + return false; + } + $data = Token::get($token); + if (!$data) { + return false; + } + $user_id = intval($data['user_id']); + if ($user_id > 0) { + $user = Admin::get($user_id); + if (!$user) { + $this->setError('Account not exist'); + return false; + } + if ($user['status'] != 'normal') { + $this->setError('Account is locked'); + return false; + } + $this->_user = $user; + $this->_logined = true; + $this->_token = $token; + + //初始化成功的事件 + Hook::listen("admin_init_successed", $this->_user); + + return true; + } else { + $this->setError('You are not logged in'); + return false; + } + } + + + + + /** + * 用户登录 + * + * @param string $account 账号,用户名、邮箱、手机号 + * @param string $password 密码 + * @return boolean + */ + public function login($account, $password, $keeptime = NULL) + { + $field = Validate::is($account, 'email') ? 'email' : (Validate::regex($account, '/^1\d{10}$/') ? 'mobile' : 'username'); + $admin = Admin::get([$field => $account]); + if (!$admin) { + $this->setError('Account is incorrect'); + return false; + } + + if ($admin->status != 'normal') { + $this->setError('Account is locked'); + return false; + } + + if (Config::get('fastadmin.login_failure_retry') && $admin->loginfailure >= 10 && time() - $admin->updatetime < 86400) { + $this->setError('Please try again after 1 day'); + return false; + } + if ($admin->password != $this->getEncryptPassword($password, $admin->salt)) { + $admin->loginfailure++; + $admin->save(); + $this->setError('Password is incorrect'); + return false; + } + $this->keeptime = $keeptime !== NULL ? $keeptime : $this->keeptime; + + //直接登录会员 + return $this->direct($admin->id); + } + + + + /** + * 退出 + * + * @return boolean + */ + public function logout() + { + if (!$this->_logined) { + $this->setError('You are not logged in'); + return false; + } + //设置登录标识 + $this->_logined = false; + //删除Token + Token::delete($this->_token); + //退出成功的事件 + Hook::listen("admin_logout_successed", $this->_user); + return true; + } + + + + /** + * 修改密码 + * @param string $newpassword 新密码 + * @param string $oldpassword 旧密码 + * @param bool $ignoreoldpassword 忽略旧密码 + * @return boolean + */ + public function changepwd($newpassword, $oldpassword = '', $ignoreoldpassword = false) + { + if (!$this->_logined) { + $this->setError('You are not logged in'); + return false; + } + //判断旧密码是否正确 + if ($this->_user->password == $this->getEncryptPassword($oldpassword, $this->_user->salt) || $ignoreoldpassword) { + Db::startTrans(); + try { + $salt = Random::alnum(); + $newpassword = $this->getEncryptPassword($newpassword, $salt); + $this->_user->save(['loginfailure' => 0, 'password' => $newpassword, 'salt' => $salt]); + + Token::delete($this->_token); + //修改密码成功的事件 + Hook::listen("admin_changepwd_successed", $this->_user); + Db::commit(); + } catch (Exception $e) { + Db::rollback(); + $this->setError($e->getMessage()); + return false; + } + return true; + } else { + $this->setError('Password is incorrect'); + return false; + } + } + + + + + /** + * 直接登录账号 + * @param int $user_id + * @return boolean + */ + public function direct($user_id) + { + $admin = Admin::get($user_id); + if ($admin) { + Db::startTrans(); + try { + + + $admin->loginfailure = 0; + $admin->logintime = time(); + $admin->loginip = request()->ip(); + $admin->token = Random::uuid(); + $admin->save(); + + $this->_user = $admin; + + $this->_token = $admin->token; + Token::set($this->_token, $admin->id, $this->keeptime); + + $this->_logined = true; + + //登录成功的事件 + Hook::listen("admin_login_successed", $this->_user); + Db::commit(); + } catch (Exception $e) { + Db::rollback(); + $this->setError($e->getMessage()); + return false; + } + return true; + } else { + return false; + } + } + + + + /** + * 获取密码加密后的字符串 + * @param string $password 密码 + * @param string $salt 密码盐 + * @return string + */ + public function getEncryptPassword($password, $salt = '') + { + return md5(md5($password) . $salt); + } + + + + + /** + * 判断是否登录 + * @return boolean + */ + public function isLogin() + { + if ($this->_logined) { + return true; + } + return false; + } + + /** + * 获取当前Token + * @return string + */ + public function getToken() + { + return $this->_token; + } + + /** + * 获取会员基本信息 + */ + public function getUserinfo() + { + $data = $this->_user->toArray(); + $allowFields = $this->getAllowFields(); + $userinfo = array_intersect_key($data, array_flip($allowFields)); + $userinfo = array_merge($userinfo, Token::get($this->_token)); + return $userinfo; + } + + + /** + * 获取会员组别规则列表 + * @return array|bool|\PDOStatement|string|\think\Collection + */ + public function getRuleList() + { + if ($this->rules) { + return $this->rules; + } + $group = $this->_user->groups; + if (!$group) { + return []; + } + $rules = explode(',', $group->rules); + $this->rules = AuthRule::where('status', 'normal')->where('id', 'in', $rules)->field('id,pid,rule_name,name,title,ismenu')->select(); + return $this->rules; + } + + + + /** + * 检测是否是否有对应权限 + * @param string $path 控制器/方法 + * @param string $module 模块 默认为当前模块 + * @return boolean + */ + public function check($path = null, $module = null) + { + if (!$this->_logined) { + return false; + } + + $ruleList = $this->getRuleList(); + $rules = []; + foreach ($ruleList as $k => $v) { + $rules[] = $v['name']; + } + $url = ($module ? $module : request()->module()) . '/' . (is_null($path) ? $this->getRequestUri() : $path); + $url = strtolower(str_replace('.', '/', $url)); + return in_array($url, $rules); + } + + + + /** + * 获取当前请求的URI + * @return string + */ + public function getRequestUri() + { + return $this->requestUri; + } + + /** + * 设置当前请求的URI + * @param string $uri + */ + public function setRequestUri($uri) + { + $this->requestUri = $uri; + } + + /** + * 获取允许输出的字段 + * @return array + */ + public function getAllowFields() + { + return $this->allowFields; + } + + /** + * 设置允许输出的字段 + * @param array $fields + */ + public function setAllowFields($fields) + { + $this->allowFields = $fields; + } + + + + /** + * 检测当前控制器和方法是否匹配传递的数组 + * + * @param array $arr 需要验证权限的数组 + * @return boolean + */ + public function match($arr = []) + { + $request = Request::instance(); + $arr = is_array($arr) ? $arr : explode(',', $arr); + if (!$arr) { + return false; + } + $arr = array_map('strtolower', $arr); + // 是否存在 + if (in_array(strtolower($request->action()), $arr) || in_array('*', $arr)) { + return true; + } + + // 没找到匹配 + return false; + } + + + /** + * 设置会话有效时间 + * @param int $keeptime 默认为永久 + */ + public function keeptime($keeptime = 0) + { + $this->keeptime = $keeptime; + } + + /** + * 设置错误信息 + * + * @param string $error 错误信息 + * @return \app\common\library\Auth + */ + public function setError($error) + { + $this->_error = $error; + return $this; + } + + /** + * 获取错误信息 + * @return string + */ + public function getError() + { + return $this->_error ? __($this->_error) : ''; + } + +} \ No newline at end of file diff --git a/application/adminapi/library/ExceptionHandle.php b/application/adminapi/library/ExceptionHandle.php new file mode 100644 index 0000000..852f7ef --- /dev/null +++ b/application/adminapi/library/ExceptionHandle.php @@ -0,0 +1,37 @@ +getError(); + } + // Http异常 + if ($e instanceof \think\exception\HttpException) { + $statuscode = $code = $e->getStatusCode(); + } + return json(['code' => $code, 'msg' => $msg, 'time' => time(), 'data' => null], $statuscode); + } + + //其它此交由系统处理 + return parent::render($e); + } + +} diff --git a/application/common/controller/AdminApi.php b/application/common/controller/AdminApi.php new file mode 100644 index 0000000..26266a9 --- /dev/null +++ b/application/common/controller/AdminApi.php @@ -0,0 +1,130 @@ +request = is_null($request) ? Request::instance() : $request; + + // 控制器初始化 + $this->_initialize(); + + // 前置操作方法 + if ($this->beforeActionList) { + foreach ($this->beforeActionList as $method => $options) { + is_numeric($method) ? + $this->beforeAction($options) : + $this->beforeAction($method, $options); + } + } + } + + + protected $needUrlLock = []; + + protected function setUrlLock($url_key="",$url_suffix="",$model=null){ + if(($this->request->isPost() || (!empty($this->needUrlLock) && in_array($this->request->action(),$this->needUrlLock))) && (!empty($this->model) || $model)){ + $user_id = 0; + $user = $this->auth->getUser();//登录用户 + if($user)$user_id = $user['id']; + + $modulename = $this->request->module(); + $controllername = Loader::parseName($this->request->controller()); + $actionname = strtolower($this->request->action()); + $path = $modulename . '/' . str_replace('.', '/', $controllername) . '/' . $actionname; + if(!$model){ + $this->model::$url_lock_key = $url_key ?: $user_id; + $this->model::$url_lock_suffix = $url_suffix ?: $path."lock-suffix"; + $this->model::$url_lock = true; + }else{ + $model::$url_lock_key = $url_key ?: $user_id; + $model::$url_lock_suffix = $url_suffix ?: $path."lock-suffix"; + $model::$url_lock = true; + } + + } + } + + /** + * 初始化操作 + * @access protected + */ + protected function _initialize() + { + //跨域请求检测 + check_cors_request(); + + // 检测IP是否允许 + check_ip_allowed(); + + //移除HTML标签 + $this->request->filter('trim,strip_tags,htmlspecialchars'); + + } + +} \ No newline at end of file