Fix 管理登录页面多重转跳行为及页面管制微加强；

只有有权限者才能使用管理登录页面真正登录！

app/Http/Controllers/AuthController.php

@@ -41,7 +41,7 @@ class AuthController extends Controller
     {
         // 根据权限跳转
         if (Auth::check()) {
-            if (Auth::getUser()->hasPermissionTo('admin.index') || Auth::getUser()->hasRole('Super Admin')) {
+            if (Auth::getUser()->can('admin.index')) {
                 return Redirect::route('admin.index');
             }
 
@@ -75,6 +75,14 @@ class AuthController extends Controller
             return Redirect::back()->withInput()->withErrors(trans('auth.error.login_error'));
         }
 
+        if ($request->routeIs('admin.login.post') && $user->cannot('admin.index')) {
+            // 管理页面登录
+            // 非权限者清场
+            Auth::logout();
+
+            return Redirect::route('login');
+        }
+
         // 校验普通用户账号状态
         if ($user->status === -1) {
             Auth::logout(); // 强制销毁会话，因为Auth::attempt的时候会产生会话

app/Http/Kernel.php

@@ -6,7 +6,6 @@ use App\Http\Middleware\Affiliate;
 use App\Http\Middleware\Authenticate;
 use App\Http\Middleware\CheckForMaintenanceMode;
 use App\Http\Middleware\EncryptCookies;
-use App\Http\Middleware\isAdminLogin;
 use App\Http\Middleware\isForbidden;
 use App\Http\Middleware\isLogin;
 use App\Http\Middleware\isMaintenance;
@@ -78,7 +77,7 @@ class Kernel extends HttpKernel
 
         'admin' => [
             isForbidden::class,
-            isAdminLogin::class,
+            isLogin::class,
             Permission::class,
         ],
 

app/Http/Middleware/isAdminLogin.php

@@ -1,27 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Redirect;
-
-class isAdminLogin
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @param  Request  $request
-     * @param  Closure  $next
-     *
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        if (auth()->guest()) {
-            return Redirect::route('admin.login');
-        }
-
-        return $next($request);
-    }
-}

app/Http/Middleware/isLogin.php

@@ -19,6 +19,10 @@ class isLogin
     public function handle(Request $request, Closure $next)
     {
         if (auth()->guest()) {
+            if ($request->routeIs('admin.*')) {
+                return Redirect::route('admin.login');
+            }
+
             return Redirect::route('login');
         }