route()->getName(); $user = Admin::user(); if (!$this->shouldPassThrough($request) //路由是否是白名单 && !$user?->hasPermission($routeName)//是否有权限 ) { if (Helper::isAjaxRequest()) { abort(403, trans('admin.deny')); } admin_exit( Content::make()->withError(trans('admin.deny')) ); } return $next($request); } /** * @param \Illuminate\Http\Request $request * * @return bool */ protected function isApiRoute($request) { return $request->routeIs(admin_api_route_name('*')); } /** * Determine if the request has a URI that should pass through verification. * * @param \Illuminate\Http\Request $request * * @return bool */ public function shouldPassThrough($request) { if ($this->isApiRoute($request) || Authenticate::shouldPassThrough($request)) { return true; } $excepts = array_merge( (array) config('admin.permission.except', []), Admin::context()->getArray('permission.except') ); foreach ($excepts as $except) { if ($request->routeIs($except) || $request->routeIs(admin_route_name($except))) { return true; } $except = admin_base_path($except); if ($except !== '/') { $except = trim($except, '/'); } if (Helper::matchRequestPath($except)) { return true; } } return false; } }