save
This commit is contained in:
walkor
parent
8032d26fb9
commit
f299d1e521
@ -9,12 +9,12 @@ use plugin\admin\app\model\Role;
|
||||
class Auth
|
||||
{
|
||||
/**
|
||||
* 获取子管理员角色id数组
|
||||
* 获取权限范围内的所有角色id
|
||||
* @param bool $with_self
|
||||
* @param array $admin_ids
|
||||
* @return array
|
||||
*/
|
||||
public static function getDescendantRoleIds(bool $with_self = false): array
|
||||
public static function getScopeRoleIds(bool $with_self = false): array
|
||||
{
|
||||
if (!$admin = admin()) {
|
||||
return [];
|
||||
@ -32,14 +32,14 @@ class Auth
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取管理员及子管理员id数组
|
||||
* 获取权限范围内的所有管理员id
|
||||
* @param bool $with_self
|
||||
* @param array $admin_ids
|
||||
* @return array
|
||||
*/
|
||||
public static function getDescendantAdminIds(bool $with_self = false, array $admin_ids = []): array
|
||||
public static function getScopeAdminIds(bool $with_self = false, array $admin_ids = []): array
|
||||
{
|
||||
$role_ids = static::getDescendantRoleIds($with_self);
|
||||
$role_ids = static::getScopeRoleIds($with_self);
|
||||
return AdminRole::whereIn('role_id', $role_ids)->pluck('admin_id')->toArray();
|
||||
}
|
||||
|
||||
|
||||
@ -93,7 +93,10 @@ class AdminController extends Crud
|
||||
$admin_id = $this->doInsert($data);
|
||||
$role_ids = $request->post('roles');
|
||||
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
||||
if (!Auth::isSupperAdmin() && array_diff($role_ids, Auth::getDescendantRoleIds())) {
|
||||
if (!$role_ids) {
|
||||
return $this->json(1, '至少选择一个角色组');
|
||||
}
|
||||
if (!Auth::isSupperAdmin() && array_diff($role_ids, Auth::getScopeRoleIds())) {
|
||||
return $this->json(1, '角色超出权限范围');
|
||||
}
|
||||
AdminRole::where('admin_id', $admin_id)->delete();
|
||||
@ -103,7 +106,7 @@ class AdminController extends Crud
|
||||
$admin_role->role_id = $id;
|
||||
$admin_role->save();
|
||||
}
|
||||
return parent::insert($request);
|
||||
return $this->json(0, 'ok', ['id' => $admin_id]);
|
||||
}
|
||||
return view('admin/insert');
|
||||
}
|
||||
@ -123,9 +126,12 @@ class AdminController extends Crud
|
||||
return $this->json(1, '缺少参数');
|
||||
}
|
||||
$role_ids = $role_ids ? explode(',', $role_ids) : [];
|
||||
if (!$role_ids) {
|
||||
return $this->json(1, '至少选择一个角色组');
|
||||
}
|
||||
$is_supper_admin = Auth::isSupperAdmin();
|
||||
$exist_role_ids = AdminRole::where('admin_id', $admin_id)->pluck('role_id')->toArray();
|
||||
$descendant_role_ids = Auth::getDescendantRoleIds();
|
||||
$descendant_role_ids = Auth::getScopeRoleIds();
|
||||
if (!$is_supper_admin && !array_intersect($exist_role_ids, $descendant_role_ids)) {
|
||||
return $this->json(1, '无权限更改该记录');
|
||||
}
|
||||
@ -165,7 +171,7 @@ class AdminController extends Crud
|
||||
if (in_array(admin_id(), $ids)) {
|
||||
return $this->json(1, '不能删除自己');
|
||||
}
|
||||
if (!Auth::isSupperAdmin() && array_diff($ids, Auth::getDescendantAdminIds())) {
|
||||
if (!Auth::isSupperAdmin() && array_diff($ids, Auth::getScopeAdminIds())) {
|
||||
return $this->json(1, '无数据权限');
|
||||
}
|
||||
$this->model->whereIn($primary_key, $ids)->delete();
|
||||
|
||||
@ -111,7 +111,7 @@ class Crud extends Base
|
||||
} elseif ($this->dataLimit === 'auth') {
|
||||
$primary_key = $this->model->getKeyName();
|
||||
if (!Auth::isSupperAdmin() && (!isset($where[$primary_key]) || $this->dataLimitField != $primary_key)) {
|
||||
$where[$this->dataLimitField] = ['in', Auth::getDescendantAdminIds(true)];
|
||||
$where[$this->dataLimitField] = ['in', Auth::getScopeAdminIds(true)];
|
||||
}
|
||||
}
|
||||
return [$where, $format, $limit, $field, $order, $page];
|
||||
@ -183,11 +183,9 @@ class Crud extends Base
|
||||
}
|
||||
|
||||
if (!Auth::isSupperAdmin() && $this->dataLimit) {
|
||||
if (empty($data[$this->dataLimitField])) {
|
||||
$data[$this->dataLimitField] = admin_id();;
|
||||
} else {
|
||||
if (!empty($data[$this->dataLimitField])) {
|
||||
$admin_id = $data[$this->dataLimitField];
|
||||
if (!in_array($admin_id, Auth::getDescendantAdminIds(true))) {
|
||||
if (!in_array($admin_id, Auth::getScopeAdminIds(true))) {
|
||||
throw new BusinessException('无数据权限');
|
||||
}
|
||||
}
|
||||
@ -225,7 +223,7 @@ class Crud extends Base
|
||||
$data = $this->inputFilter($request->post());
|
||||
if (!Auth::isSupperAdmin() && $this->dataLimit && !empty($data[$this->dataLimitField])) {
|
||||
$admin_id = $data[$this->dataLimitField];
|
||||
if (!in_array($admin_id, Auth::getDescendantAdminIds(true))) {
|
||||
if (!in_array($admin_id, Auth::getScopeAdminIds(true))) {
|
||||
throw new BusinessException('无数据权限');
|
||||
}
|
||||
}
|
||||
@ -312,7 +310,7 @@ class Crud extends Base
|
||||
$ids = (array)$request->post($primary_key, []);
|
||||
if (!Auth::isSupperAdmin() && $this->dataLimit) {
|
||||
$admin_ids = $this->model->where($primary_key, $ids)->pluck($this->dataLimitField)->toArray();
|
||||
if (array_diff($admin_ids, Auth::getDescendantAdminIds(true))) {
|
||||
if (array_diff($admin_ids, Auth::getScopeAdminIds(true))) {
|
||||
throw new BusinessException('无数据权限');
|
||||
}
|
||||
}
|
||||
|
||||
@ -47,7 +47,7 @@ class RoleController extends Crud
|
||||
{
|
||||
$id = $request->get('id');
|
||||
[$where, $format, $limit, $field, $order] = $this->selectInput($request);
|
||||
$role_ids = Auth::getDescendantRoleIds(true);
|
||||
$role_ids = Auth::getScopeRoleIds(true);
|
||||
if (!$id) {
|
||||
$where['id'] = ['in', $role_ids];
|
||||
} elseif (!in_array($id, $role_ids)) {
|
||||
@ -71,7 +71,7 @@ class RoleController extends Crud
|
||||
if ($pid) {
|
||||
return $this->json(1, '请选择父级角色组');
|
||||
}
|
||||
if (!Auth::isSupperAdmin() && !in_array($pid, Auth::getDescendantRoleIds(true))) {
|
||||
if (!Auth::isSupperAdmin() && !in_array($pid, Auth::getScopeRoleIds(true))) {
|
||||
return $this->json(1, '父级角色组超出权限范围');
|
||||
}
|
||||
|
||||
@ -94,7 +94,7 @@ class RoleController extends Crud
|
||||
}
|
||||
[$id, $data] = $this->updateInput($request);
|
||||
$is_supper_admin = Auth::isSupperAdmin();
|
||||
$descendant_role_ids = Auth::getDescendantRoleIds();
|
||||
$descendant_role_ids = Auth::getScopeRoleIds();
|
||||
if (!$is_supper_admin && !in_array($id, $descendant_role_ids)) {
|
||||
return $this->json(1, '无数据权限');
|
||||
}
|
||||
@ -115,7 +115,7 @@ class RoleController extends Crud
|
||||
if ($pid == $id) {
|
||||
return $this->json(1, '父级不能是自己');
|
||||
}
|
||||
if (!$is_supper_admin && !in_array($pid, Auth::getDescendantRoleIds(true))) {
|
||||
if (!$is_supper_admin && !in_array($pid, Auth::getScopeRoleIds(true))) {
|
||||
return $this->json(1, '父级超出权限范围');
|
||||
}
|
||||
}
|
||||
@ -136,7 +136,7 @@ class RoleController extends Crud
|
||||
if (in_array(1, $ids)) {
|
||||
return $this->json(1, '无法删除超级管理员角色');
|
||||
}
|
||||
if (!Auth::isSupperAdmin() && array_diff($ids, Auth::getDescendantRoleIds())) {
|
||||
if (!Auth::isSupperAdmin() && array_diff($ids, Auth::getScopeRoleIds())) {
|
||||
return $this->json(1, '无删除权限');
|
||||
}
|
||||
$this->doDelete($ids);
|
||||
@ -154,7 +154,7 @@ class RoleController extends Crud
|
||||
if (empty($role_id)) {
|
||||
return $this->json(0, 'ok', []);
|
||||
}
|
||||
if (!Auth::isSupperAdmin() && !in_array($role_id, Auth::getDescendantRoleIds(true))) {
|
||||
if (!Auth::isSupperAdmin() && !in_array($role_id, Auth::getScopeRoleIds(true))) {
|
||||
return $this->json(1, '角色组超出权限范围');
|
||||
}
|
||||
$rule_id_string = Role::where('id', $role_id)->value('rules');
|
||||
|
||||
@ -12,6 +12,13 @@
|
||||
|
||||
<div class="mainBox">
|
||||
<div class="main-container mr-5">
|
||||
|
||||
<div class="layui-form-item">
|
||||
<label class="layui-form-label required">角色</label>
|
||||
<div class="layui-input-block">
|
||||
<div name="roles" id="roles" value="" ></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="layui-form-item">
|
||||
<label class="layui-form-label required">用户名</label>
|
||||
@ -62,13 +69,6 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="layui-form-item">
|
||||
<label class="layui-form-label">角色</label>
|
||||
<div class="layui-input-block">
|
||||
<div name="roles" id="roles" value="" ></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@ -12,7 +12,14 @@
|
||||
|
||||
<div class="mainBox">
|
||||
<div class="main-container mr-5">
|
||||
|
||||
|
||||
<div class="layui-form-item">
|
||||
<label class="layui-form-label required">角色</label>
|
||||
<div class="layui-input-block">
|
||||
<div name="roles" id="roles" value="" ></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="layui-form-item">
|
||||
<label class="layui-form-label required">用户名</label>
|
||||
<div class="layui-input-block">
|
||||
@ -62,13 +69,6 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="layui-form-item">
|
||||
<label class="layui-form-label">角色</label>
|
||||
<div class="layui-input-block">
|
||||
<div name="roles" id="roles" value="" ></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user