接上 管理员权限验证

/**
 * 验证当前管理员权限是否可以进行操作
 *
 * @param string $link_nav
 * @return
 */
protected final function checkPermission($link_nav = null){
   if ($this->admin_info['sp'] == 1) return true;

   $act = $_GET['act']?$_GET['act']:$_POST['act'];
   $op = $_GET['op']?$_GET['op']:$_POST['op'];
   if (empty($this->permission)){
      $gadmin = Model('gadmin')->getby_gid($this->admin_info['gid']);
      $permission = decrypt($gadmin['limits'],MD5_KEY.md5($gadmin['gname']));//md5()计算字符串MD5散列
      $this->permission = $permission = explode('|',$permission);
   }else{
      $permission = $this->permission;
   }
   //显示隐藏小导航，成功与否都直接返回
   if (is_array($link_nav)){
      if (!in_array("{$link_nav['act']}.{$link_nav['op']}",$permission) && !in_array($link_nav['act'],$permission)){
         return false;
      }else{
         return true;
      }
   }

   //以下几项不需要验证
   $tmp = array('index','dashboard','login','common','cms_base');
   if (in_array($act,$tmp)) return true;  //在$tmp数组中搜寻是否存在值$act
   if (in_array($act,$permission) || in_array("$act.$op",$permission)){
      return true;
   }else{
      $extlimit = array('ajax','export_step1');
      if (in_array($op,$extlimit) && (in_array($act,$permission) || strpos(serialize($permission),'"'.$act.'.'))){
         return true;
      }
      //带前缀的都通过
      foreach ($permission as $v) {
         if (!empty($v) && strpos("$act.$op",$v.'_') !== false) {
            return true;break;
         }
      }
   }
   showMessage(Language::get('nc_assign_right'),'','html','succ',0);
}