save
This commit is contained in:
walkor
parent
5ec88341e3
commit
5fb38aa579
@ -9,40 +9,38 @@ use plugin\admin\app\model\Role;
|
|||||||
class Auth
|
class Auth
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* 获取管理员及子管理员id数组
|
* 获取子管理员角色id数组
|
||||||
|
* @param bool $with_self
|
||||||
* @param array $admin_ids
|
* @param array $admin_ids
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public static function getDescendantRoleIds(array $admin_ids = []): array
|
public static function getDescendantRoleIds(bool $with_self = false): array
|
||||||
{
|
{
|
||||||
if (!$admin_ids) {
|
if (!$admin = admin()) {
|
||||||
$admin = admin();
|
return [];
|
||||||
if (!$admin) {
|
}
|
||||||
return [];
|
$role_ids = $admin['roles'];
|
||||||
}
|
$rules = Role::whereIn('id', $role_ids)->pluck('rules')->toArray();
|
||||||
$role_ids = $admin['roles'];
|
if ($rules && in_array('*', $rules)) {
|
||||||
$rules = Role::whereIn('id', $role_ids)->pluck('rules')->toArray();
|
return Role::pluck('id')->toArray();
|
||||||
if ($rules && in_array('*', $rules)) {
|
|
||||||
return Admin::pluck('id')->toArray();
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$role_ids = AdminRole::whereIn('admin_id', $admin_ids)->pluck('role_id');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$roles = Role::get();
|
$roles = Role::get();
|
||||||
$tree = new Tree($roles);
|
$tree = new Tree($roles);
|
||||||
$descendants = $tree->getDescendant($role_ids, true);
|
$descendants = $tree->getDescendant($role_ids, $with_self);
|
||||||
return array_column($descendants, 'id');
|
return array_column($descendants, 'id');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获取管理员及子管理员id数组
|
* 获取管理员及子管理员id数组
|
||||||
|
* @param bool $with_self
|
||||||
* @param array $admin_ids
|
* @param array $admin_ids
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public static function getDescendantAdminIds(array $admin_ids = []): array
|
public static function getDescendantAdminIds(bool $with_self = false, array $admin_ids = []): array
|
||||||
{
|
{
|
||||||
return AdminRole::whereIn('role_id', static::getDescendantRoleIds())->pluck('admin_id')->toArray();
|
$role_ids = static::getDescendantRoleIds($with_self);
|
||||||
|
return AdminRole::whereIn('role_id', $role_ids)->pluck('admin_id')->toArray();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -53,8 +51,7 @@ class Auth
|
|||||||
public static function isSupperAdmin(int $admin_id = 0): bool
|
public static function isSupperAdmin(int $admin_id = 0): bool
|
||||||
{
|
{
|
||||||
if (!$admin_id) {
|
if (!$admin_id) {
|
||||||
$roles = admin('roles');
|
if (!$roles = admin('roles')) {
|
||||||
if (!$roles) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
namespace plugin\admin\app\controller;
|
namespace plugin\admin\app\controller;
|
||||||
|
|
||||||
|
use plugin\admin\app\common\Auth;
|
||||||
use plugin\admin\app\model\Admin;
|
use plugin\admin\app\model\Admin;
|
||||||
use plugin\admin\app\model\AdminRole;
|
use plugin\admin\app\model\AdminRole;
|
||||||
use support\exception\BusinessException;
|
use support\exception\BusinessException;
|
||||||
@ -19,6 +20,18 @@ class AdminController extends Crud
|
|||||||
*/
|
*/
|
||||||
protected $model = null;
|
protected $model = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 开启auth数据限制
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
protected $dataLimit = 'auth';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 以id为数据限制字段
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
protected $dataLimitField = 'id';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 构造函数
|
* 构造函数
|
||||||
* @return void
|
* @return void
|
||||||
@ -47,6 +60,9 @@ class AdminController extends Crud
|
|||||||
{
|
{
|
||||||
[$where, $format, $limit, $field, $order] = $this->selectInput($request);
|
[$where, $format, $limit, $field, $order] = $this->selectInput($request);
|
||||||
$query = $this->doSelect($where, $field, $order);
|
$query = $this->doSelect($where, $field, $order);
|
||||||
|
if ($format === 'select') {
|
||||||
|
return $this->formatSelect($query->get());
|
||||||
|
}
|
||||||
$paginator = $query->paginate($limit);
|
$paginator = $query->paginate($limit);
|
||||||
$items = $paginator->items();
|
$items = $paginator->items();
|
||||||
$admin_ids = array_column($items, 'id');
|
$admin_ids = array_column($items, 'id');
|
||||||
@ -55,9 +71,11 @@ class AdminController extends Crud
|
|||||||
foreach ($roles as $role) {
|
foreach ($roles as $role) {
|
||||||
$roles_map[$role['admin_id']][] = $role['role_id'];
|
$roles_map[$role['admin_id']][] = $role['role_id'];
|
||||||
}
|
}
|
||||||
|
$login_admin_id = admin_id();
|
||||||
foreach ($items as $index => $item) {
|
foreach ($items as $index => $item) {
|
||||||
$admin_id = $item['id'];
|
$admin_id = $item['id'];
|
||||||
$items[$index]['roles'] = isset($roles_map[$admin_id]) ? implode(',', $roles_map[$admin_id]) : '';
|
$items[$index]['roles'] = isset($roles_map[$admin_id]) ? implode(',', $roles_map[$admin_id]) : '';
|
||||||
|
$items[$index]['show_toolbar'] = $admin_id != $login_admin_id;
|
||||||
}
|
}
|
||||||
return json(['code' => 0, 'msg' => 'ok', 'count' => $paginator->total(), 'data' => $items]);
|
return json(['code' => 0, 'msg' => 'ok', 'count' => $paginator->total(), 'data' => $items]);
|
||||||
}
|
}
|
||||||
@ -75,6 +93,9 @@ class AdminController extends Crud
|
|||||||
$admin_id = $this->doInsert($data);
|
$admin_id = $this->doInsert($data);
|
||||||
$role_ids = $request->post('roles');
|
$role_ids = $request->post('roles');
|
||||||
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
||||||
|
if (!Auth::isSupperAdmin() && array_diff($role_ids, Auth::getDescendantRoleIds())) {
|
||||||
|
return $this->json(1, '角色超出权限范围');
|
||||||
|
}
|
||||||
AdminRole::where('admin_id', $admin_id)->delete();
|
AdminRole::where('admin_id', $admin_id)->delete();
|
||||||
foreach ($role_ids as $id) {
|
foreach ($role_ids as $id) {
|
||||||
$admin_role = new AdminRole;
|
$admin_role = new AdminRole;
|
||||||
@ -102,7 +123,16 @@ class AdminController extends Crud
|
|||||||
return $this->json(1, '缺少参数');
|
return $this->json(1, '缺少参数');
|
||||||
}
|
}
|
||||||
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
||||||
|
$is_supper_admin = Auth::isSupperAdmin();
|
||||||
$exist_role_ids = AdminRole::where('admin_id', $admin_id)->pluck('role_id')->toArray();
|
$exist_role_ids = AdminRole::where('admin_id', $admin_id)->pluck('role_id')->toArray();
|
||||||
|
$descendant_role_ids = Auth::getDescendantRoleIds();
|
||||||
|
if (!$is_supper_admin && !array_intersect($exist_role_ids, $descendant_role_ids)) {
|
||||||
|
return $this->json(1, '无权限更改该记录');
|
||||||
|
}
|
||||||
|
if (!$is_supper_admin && array_diff($role_ids, $descendant_role_ids)) {
|
||||||
|
return $this->json(1, '角色超出权限范围');
|
||||||
|
}
|
||||||
|
|
||||||
// 删除
|
// 删除
|
||||||
$delete_ids = array_diff($exist_role_ids, $role_ids);
|
$delete_ids = array_diff($exist_role_ids, $role_ids);
|
||||||
AdminRole::whereIn('role_id', $delete_ids)->where('admin_id', $admin_id)->delete();
|
AdminRole::whereIn('role_id', $delete_ids)->where('admin_id', $admin_id)->delete();
|
||||||
@ -135,6 +165,9 @@ class AdminController extends Crud
|
|||||||
if (in_array(admin_id(), $ids)) {
|
if (in_array(admin_id(), $ids)) {
|
||||||
return $this->json(1, '不能删除自己');
|
return $this->json(1, '不能删除自己');
|
||||||
}
|
}
|
||||||
|
if (!Auth::isSupperAdmin() && array_diff($ids, Auth::getDescendantAdminIds())) {
|
||||||
|
return $this->json(1, '无数据权限');
|
||||||
|
}
|
||||||
$this->model->whereIn($primary_key, $ids)->delete();
|
$this->model->whereIn($primary_key, $ids)->delete();
|
||||||
AdminRole::whereIn('admin_id', $ids)->delete();
|
AdminRole::whereIn('admin_id', $ids)->delete();
|
||||||
return $this->json(0);
|
return $this->json(0);
|
||||||
|
|||||||
@ -63,6 +63,7 @@ class Crud extends Base
|
|||||||
* 删除
|
* 删除
|
||||||
* @param Request $request
|
* @param Request $request
|
||||||
* @return Response
|
* @return Response
|
||||||
|
* @throws BusinessException
|
||||||
*/
|
*/
|
||||||
public function delete(Request $request): Response
|
public function delete(Request $request): Response
|
||||||
{
|
{
|
||||||
@ -82,7 +83,8 @@ class Crud extends Base
|
|||||||
$field = $request->get('field');
|
$field = $request->get('field');
|
||||||
$order = $request->get('order', 'asc');
|
$order = $request->get('order', 'asc');
|
||||||
$format = $request->get('format', 'normal');
|
$format = $request->get('format', 'normal');
|
||||||
$limit = $request->get('limit', $format === 'tree' ? 1000 : 10);
|
$limit = (int)$request->get('limit', $format === 'tree' ? 1000 : 10);
|
||||||
|
$limit = $limit <= 0 ? 10 : $limit;
|
||||||
$order = $order === 'asc' ? 'asc' : 'desc';
|
$order = $order === 'asc' ? 'asc' : 'desc';
|
||||||
$where = $request->get();
|
$where = $request->get();
|
||||||
$page = (int)$request->get('page');
|
$page = (int)$request->get('page');
|
||||||
@ -107,7 +109,10 @@ class Crud extends Base
|
|||||||
if ($this->dataLimit === 'personal') {
|
if ($this->dataLimit === 'personal') {
|
||||||
$where[$this->dataLimitField] = admin_id();
|
$where[$this->dataLimitField] = admin_id();
|
||||||
} elseif ($this->dataLimit === 'auth') {
|
} elseif ($this->dataLimit === 'auth') {
|
||||||
$where[$this->dataLimitField] = ['in', Auth::getAdminIds()];
|
$primary_key = $this->model->getKeyName();
|
||||||
|
if (!Auth::isSupperAdmin() && (!isset($where[$primary_key]) || $this->dataLimitField != $primary_key)) {
|
||||||
|
$where[$this->dataLimitField] = ['in', Auth::getDescendantAdminIds(true)];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return [$where, $format, $limit, $field, $order, $page];
|
return [$where, $format, $limit, $field, $order, $page];
|
||||||
}
|
}
|
||||||
@ -175,6 +180,17 @@ class Crud extends Base
|
|||||||
if (isset($data[$password_filed])) {
|
if (isset($data[$password_filed])) {
|
||||||
$data[$password_filed] = Util::passwordHash($data[$password_filed]);
|
$data[$password_filed] = Util::passwordHash($data[$password_filed]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!Auth::isSupperAdmin() && $this->dataLimit) {
|
||||||
|
if (empty($data[$this->dataLimitField])) {
|
||||||
|
$data[$this->dataLimitField] = admin_id();;
|
||||||
|
} else {
|
||||||
|
$admin_id = $data[$this->dataLimitField];
|
||||||
|
if (!in_array($admin_id, Auth::getDescendantAdminIds(true))) {
|
||||||
|
throw new BusinessException('无数据权限');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -206,6 +222,12 @@ class Crud extends Base
|
|||||||
$primary_key = $this->model->getKeyName();
|
$primary_key = $this->model->getKeyName();
|
||||||
$id = $request->post($primary_key);
|
$id = $request->post($primary_key);
|
||||||
$data = $this->inputFilter($request->post());
|
$data = $this->inputFilter($request->post());
|
||||||
|
if (!Auth::isSupperAdmin() && $this->dataLimit && !empty($data[$this->dataLimitField])) {
|
||||||
|
$admin_id = $data[$this->dataLimitField];
|
||||||
|
if (!in_array($admin_id, Auth::getDescendantAdminIds(true))) {
|
||||||
|
throw new BusinessException('无数据权限');
|
||||||
|
}
|
||||||
|
}
|
||||||
$password_filed = 'password';
|
$password_filed = 'password';
|
||||||
if (isset($data[$password_filed])) {
|
if (isset($data[$password_filed])) {
|
||||||
// 密码为空,则不更新密码
|
// 密码为空,则不更新密码
|
||||||
@ -278,11 +300,22 @@ class Crud extends Base
|
|||||||
* 删除前置方法
|
* 删除前置方法
|
||||||
* @param Request $request
|
* @param Request $request
|
||||||
* @return array
|
* @return array
|
||||||
|
* @throws BusinessException
|
||||||
*/
|
*/
|
||||||
protected function deleteInput(Request $request): array
|
protected function deleteInput(Request $request): array
|
||||||
{
|
{
|
||||||
$primary_key = $this->model->getKeyName();
|
$primary_key = $this->model->getKeyName();
|
||||||
return (array)$request->post($primary_key, []);
|
if (!$primary_key) {
|
||||||
|
throw new BusinessException('该表无主键,不支持删除');
|
||||||
|
}
|
||||||
|
$ids = (array)$request->post($primary_key, []);
|
||||||
|
if (!Auth::isSupperAdmin() && $this->dataLimit) {
|
||||||
|
$admin_ids = $this->model->where($primary_key, $ids)->pluck($this->dataLimitField)->toArray();
|
||||||
|
if (array_diff($admin_ids, Auth::getDescendantAdminIds(true))) {
|
||||||
|
throw new BusinessException('无数据权限');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $ids;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -89,8 +89,10 @@
|
|||||||
|
|
||||||
<!-- 表格行工具栏 -->
|
<!-- 表格行工具栏 -->
|
||||||
<script type="text/html" id="table-bar">
|
<script type="text/html" id="table-bar">
|
||||||
|
{{# if(d.show_toolbar){ }}
|
||||||
<button class="pear-btn pear-btn-xs tool-btn" lay-event="edit" permission="app.admin.admin.update">编辑</button>
|
<button class="pear-btn pear-btn-xs tool-btn" lay-event="edit" permission="app.admin.admin.update">编辑</button>
|
||||||
<button class="pear-btn pear-btn-xs tool-btn" lay-event="remove" permission="app.admin.admin.delete">删除</button>
|
<button class="pear-btn pear-btn-xs tool-btn" lay-event="remove" permission="app.admin.admin.delete">删除</button>
|
||||||
|
{{# } }}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<script src="/app/admin/component/layui/layui.js"></script>
|
<script src="/app/admin/component/layui/layui.js"></script>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user