kefu/app/common/middleware/CheckPermission.php

<?php
namespace app\common\middleware;

use thans\jwt\facade\JWTAuth;
use app\admin\model\Role;
use Exception;

//验证权限
class CheckPermission
{
    public function handle($request, \Closure $next)
    {
        try {
            
            $noNeedRight = [
                'admin/login',
            ];
            $route = $request->pathinfo();
            if(in_array($route, $noNeedRight)){
                return $next($request);
            } else {

                $jwtData = JWTAuth::auth();
                $adminInfo = [];
                if (!empty($jwtData['admin'])) {
                    $adminInfo = $jwtData['admin']->getValue();
                    // 超级管理员直接放行
                    if ($adminInfo) { 
                        if ($adminInfo->id == 1) {
                            return $next($request);
                        }

                        // 获取角色拥有的所有路由权限（需在用户模型中实现）
                        $roleRoutes = Role::getRoleMenu($adminInfo->role_id);

                        // 校验权限：当前路由是否在用户允许的路由列表中
                        if (in_array($route, $roleRoutes)) {
                            return $next($request);
                        }
                    }
                }
                return shutdown(lang('您暂无权限'), -1);
            }
            
        } catch (Exception $exception) {
            return shutdown($errorMsgArr[$exception->getMessage()] ?? $exception->getMessage(), -1);
        }
        return $next($request);
    }
}