save
This commit is contained in:
walkor
parent
5ec88341e3
commit
5fb38aa579
@ -9,40 +9,38 @@ use plugin\admin\app\model\Role;
|
||||
class Auth
|
||||
{
|
||||
/**
|
||||
* 获取管理员及子管理员id数组
|
||||
* 获取子管理员角色id数组
|
||||
* @param bool $with_self
|
||||
* @param array $admin_ids
|
||||
* @return array
|
||||
*/
|
||||
public static function getDescendantRoleIds(array $admin_ids = []): array
|
||||
public static function getDescendantRoleIds(bool $with_self = false): array
|
||||
{
|
||||
if (!$admin_ids) {
|
||||
$admin = admin();
|
||||
if (!$admin) {
|
||||
return [];
|
||||
}
|
||||
$role_ids = $admin['roles'];
|
||||
$rules = Role::whereIn('id', $role_ids)->pluck('rules')->toArray();
|
||||
if ($rules && in_array('*', $rules)) {
|
||||
return Admin::pluck('id')->toArray();
|
||||
}
|
||||
} else {
|
||||
$role_ids = AdminRole::whereIn('admin_id', $admin_ids)->pluck('role_id');
|
||||
if (!$admin = admin()) {
|
||||
return [];
|
||||
}
|
||||
$role_ids = $admin['roles'];
|
||||
$rules = Role::whereIn('id', $role_ids)->pluck('rules')->toArray();
|
||||
if ($rules && in_array('*', $rules)) {
|
||||
return Role::pluck('id')->toArray();
|
||||
}
|
||||
|
||||
$roles = Role::get();
|
||||
$tree = new Tree($roles);
|
||||
$descendants = $tree->getDescendant($role_ids, true);
|
||||
$descendants = $tree->getDescendant($role_ids, $with_self);
|
||||
return array_column($descendants, 'id');
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取管理员及子管理员id数组
|
||||
* @param bool $with_self
|
||||
* @param array $admin_ids
|
||||
* @return array
|
||||
*/
|
||||
public static function getDescendantAdminIds(array $admin_ids = []): array
|
||||
public static function getDescendantAdminIds(bool $with_self = false, array $admin_ids = []): array
|
||||
{
|
||||
return AdminRole::whereIn('role_id', static::getDescendantRoleIds())->pluck('admin_id')->toArray();
|
||||
$role_ids = static::getDescendantRoleIds($with_self);
|
||||
return AdminRole::whereIn('role_id', $role_ids)->pluck('admin_id')->toArray();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -53,8 +51,7 @@ class Auth
|
||||
public static function isSupperAdmin(int $admin_id = 0): bool
|
||||
{
|
||||
if (!$admin_id) {
|
||||
$roles = admin('roles');
|
||||
if (!$roles) {
|
||||
if (!$roles = admin('roles')) {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
namespace plugin\admin\app\controller;
|
||||
|
||||
use plugin\admin\app\common\Auth;
|
||||
use plugin\admin\app\model\Admin;
|
||||
use plugin\admin\app\model\AdminRole;
|
||||
use support\exception\BusinessException;
|
||||
@ -19,6 +20,18 @@ class AdminController extends Crud
|
||||
*/
|
||||
protected $model = null;
|
||||
|
||||
/**
|
||||
* 开启auth数据限制
|
||||
* @var string
|
||||
*/
|
||||
protected $dataLimit = 'auth';
|
||||
|
||||
/**
|
||||
* 以id为数据限制字段
|
||||
* @var string
|
||||
*/
|
||||
protected $dataLimitField = 'id';
|
||||
|
||||
/**
|
||||
* 构造函数
|
||||
* @return void
|
||||
@ -47,6 +60,9 @@ class AdminController extends Crud
|
||||
{
|
||||
[$where, $format, $limit, $field, $order] = $this->selectInput($request);
|
||||
$query = $this->doSelect($where, $field, $order);
|
||||
if ($format === 'select') {
|
||||
return $this->formatSelect($query->get());
|
||||
}
|
||||
$paginator = $query->paginate($limit);
|
||||
$items = $paginator->items();
|
||||
$admin_ids = array_column($items, 'id');
|
||||
@ -55,9 +71,11 @@ class AdminController extends Crud
|
||||
foreach ($roles as $role) {
|
||||
$roles_map[$role['admin_id']][] = $role['role_id'];
|
||||
}
|
||||
$login_admin_id = admin_id();
|
||||
foreach ($items as $index => $item) {
|
||||
$admin_id = $item['id'];
|
||||
$items[$index]['roles'] = isset($roles_map[$admin_id]) ? implode(',', $roles_map[$admin_id]) : '';
|
||||
$items[$index]['show_toolbar'] = $admin_id != $login_admin_id;
|
||||
}
|
||||
return json(['code' => 0, 'msg' => 'ok', 'count' => $paginator->total(), 'data' => $items]);
|
||||
}
|
||||
@ -75,6 +93,9 @@ class AdminController extends Crud
|
||||
$admin_id = $this->doInsert($data);
|
||||
$role_ids = $request->post('roles');
|
||||
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
||||
if (!Auth::isSupperAdmin() && array_diff($role_ids, Auth::getDescendantRoleIds())) {
|
||||
return $this->json(1, '角色超出权限范围');
|
||||
}
|
||||
AdminRole::where('admin_id', $admin_id)->delete();
|
||||
foreach ($role_ids as $id) {
|
||||
$admin_role = new AdminRole;
|
||||
@ -102,7 +123,16 @@ class AdminController extends Crud
|
||||
return $this->json(1, '缺少参数');
|
||||
}
|
||||
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
||||
$is_supper_admin = Auth::isSupperAdmin();
|
||||
$exist_role_ids = AdminRole::where('admin_id', $admin_id)->pluck('role_id')->toArray();
|
||||
$descendant_role_ids = Auth::getDescendantRoleIds();
|
||||
if (!$is_supper_admin && !array_intersect($exist_role_ids, $descendant_role_ids)) {
|
||||
return $this->json(1, '无权限更改该记录');
|
||||
}
|
||||
if (!$is_supper_admin && array_diff($role_ids, $descendant_role_ids)) {
|
||||
return $this->json(1, '角色超出权限范围');
|
||||
}
|
||||
|
||||
// 删除
|
||||
$delete_ids = array_diff($exist_role_ids, $role_ids);
|
||||
AdminRole::whereIn('role_id', $delete_ids)->where('admin_id', $admin_id)->delete();
|
||||
@ -135,6 +165,9 @@ class AdminController extends Crud
|
||||
if (in_array(admin_id(), $ids)) {
|
||||
return $this->json(1, '不能删除自己');
|
||||
}
|
||||
if (!Auth::isSupperAdmin() && array_diff($ids, Auth::getDescendantAdminIds())) {
|
||||
return $this->json(1, '无数据权限');
|
||||
}
|
||||
$this->model->whereIn($primary_key, $ids)->delete();
|
||||
AdminRole::whereIn('admin_id', $ids)->delete();
|
||||
return $this->json(0);
|
||||
|
||||
@ -63,6 +63,7 @@ class Crud extends Base
|
||||
* 删除
|
||||
* @param Request $request
|
||||
* @return Response
|
||||
* @throws BusinessException
|
||||
*/
|
||||
public function delete(Request $request): Response
|
||||
{
|
||||
@ -82,7 +83,8 @@ class Crud extends Base
|
||||
$field = $request->get('field');
|
||||
$order = $request->get('order', 'asc');
|
||||
$format = $request->get('format', 'normal');
|
||||
$limit = $request->get('limit', $format === 'tree' ? 1000 : 10);
|
||||
$limit = (int)$request->get('limit', $format === 'tree' ? 1000 : 10);
|
||||
$limit = $limit <= 0 ? 10 : $limit;
|
||||
$order = $order === 'asc' ? 'asc' : 'desc';
|
||||
$where = $request->get();
|
||||
$page = (int)$request->get('page');
|
||||
@ -107,7 +109,10 @@ class Crud extends Base
|
||||
if ($this->dataLimit === 'personal') {
|
||||
$where[$this->dataLimitField] = admin_id();
|
||||
} elseif ($this->dataLimit === 'auth') {
|
||||
$where[$this->dataLimitField] = ['in', Auth::getAdminIds()];
|
||||
$primary_key = $this->model->getKeyName();
|
||||
if (!Auth::isSupperAdmin() && (!isset($where[$primary_key]) || $this->dataLimitField != $primary_key)) {
|
||||
$where[$this->dataLimitField] = ['in', Auth::getDescendantAdminIds(true)];
|
||||
}
|
||||
}
|
||||
return [$where, $format, $limit, $field, $order, $page];
|
||||
}
|
||||
@ -175,6 +180,17 @@ class Crud extends Base
|
||||
if (isset($data[$password_filed])) {
|
||||
$data[$password_filed] = Util::passwordHash($data[$password_filed]);
|
||||
}
|
||||
|
||||
if (!Auth::isSupperAdmin() && $this->dataLimit) {
|
||||
if (empty($data[$this->dataLimitField])) {
|
||||
$data[$this->dataLimitField] = admin_id();;
|
||||
} else {
|
||||
$admin_id = $data[$this->dataLimitField];
|
||||
if (!in_array($admin_id, Auth::getDescendantAdminIds(true))) {
|
||||
throw new BusinessException('无数据权限');
|
||||
}
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
@ -206,6 +222,12 @@ class Crud extends Base
|
||||
$primary_key = $this->model->getKeyName();
|
||||
$id = $request->post($primary_key);
|
||||
$data = $this->inputFilter($request->post());
|
||||
if (!Auth::isSupperAdmin() && $this->dataLimit && !empty($data[$this->dataLimitField])) {
|
||||
$admin_id = $data[$this->dataLimitField];
|
||||
if (!in_array($admin_id, Auth::getDescendantAdminIds(true))) {
|
||||
throw new BusinessException('无数据权限');
|
||||
}
|
||||
}
|
||||
$password_filed = 'password';
|
||||
if (isset($data[$password_filed])) {
|
||||
// 密码为空,则不更新密码
|
||||
@ -278,11 +300,22 @@ class Crud extends Base
|
||||
* 删除前置方法
|
||||
* @param Request $request
|
||||
* @return array
|
||||
* @throws BusinessException
|
||||
*/
|
||||
protected function deleteInput(Request $request): array
|
||||
{
|
||||
$primary_key = $this->model->getKeyName();
|
||||
return (array)$request->post($primary_key, []);
|
||||
if (!$primary_key) {
|
||||
throw new BusinessException('该表无主键,不支持删除');
|
||||
}
|
||||
$ids = (array)$request->post($primary_key, []);
|
||||
if (!Auth::isSupperAdmin() && $this->dataLimit) {
|
||||
$admin_ids = $this->model->where($primary_key, $ids)->pluck($this->dataLimitField)->toArray();
|
||||
if (array_diff($admin_ids, Auth::getDescendantAdminIds(true))) {
|
||||
throw new BusinessException('无数据权限');
|
||||
}
|
||||
}
|
||||
return $ids;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -89,8 +89,10 @@
|
||||
|
||||
<!-- 表格行工具栏 -->
|
||||
<script type="text/html" id="table-bar">
|
||||
{{# if(d.show_toolbar){ }}
|
||||
<button class="pear-btn pear-btn-xs tool-btn" lay-event="edit" permission="app.admin.admin.update">编辑</button>
|
||||
<button class="pear-btn pear-btn-xs tool-btn" lay-event="remove" permission="app.admin.admin.delete">删除</button>
|
||||
{{# } }}
|
||||
</script>
|
||||
|
||||
<script src="/app/admin/component/layui/layui.js"></script>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user