78 lines
2.3 KiB
PHP
78 lines
2.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Constants\ErrorCode;
|
|
use App\Models\Admin;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class AdminAuthenticate
|
|
{
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
// 检查是否已登录
|
|
if (!Auth::guard('admin')->check()) {
|
|
return response()->json([
|
|
'error' => ErrorCode::UNAUTHORIZED,
|
|
'message' => '未授权,请先登录。',
|
|
], Response::HTTP_UNAUTHORIZED);
|
|
}
|
|
|
|
/** @var Admin $admin */
|
|
$admin = Auth::guard('admin')->user();
|
|
|
|
// 检查是否是有效的管理员
|
|
if (!$admin->isValidAdmin()) {
|
|
return response()->json([
|
|
'error' => ErrorCode::FORBIDDEN,
|
|
'message' => '无权访问管理员资源。',
|
|
], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
// 检查资源访问权限
|
|
if (!$this->checkResourcePermission($request, $admin)) {
|
|
return response()->json([
|
|
'error' => ErrorCode::FORBIDDEN,
|
|
'message' => '无权访问该资源。',
|
|
], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
// Add admin information to the request
|
|
$request->merge(['admin' => $admin]);
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
/**
|
|
* 检查管理员是否有权限访问请求的资源
|
|
*/
|
|
private function checkResourcePermission(Request $request, Admin $admin): bool
|
|
{
|
|
// 超级管理员可以访问所有资源
|
|
if ($admin->isSuperAdmin()) {
|
|
return true;
|
|
}
|
|
|
|
// 获取路由参数
|
|
$clientId = $request->route('client') ?? $request->route('id');
|
|
$providerId = $request->route('llm_provider') ?? $request->route('id');
|
|
|
|
// 检查客户管理权限
|
|
if ($clientId && str_contains($request->path(), 'clients')) {
|
|
return $admin->canManageClient((int)$clientId);
|
|
}
|
|
|
|
// 检查LLM提供商管理权限
|
|
if ($providerId && str_contains($request->path(), 'llm-providers')) {
|
|
return $admin->canManageLlmProvider((int)$providerId);
|
|
}
|
|
|
|
// 默认允许访问其他资源
|
|
return true;
|
|
}
|
|
}
|