校验权限

app/Http/Controllers/Filter/SupplierFilter.php

@@ -328,6 +328,14 @@ class SupplierFilter
             if ($canViewDisableSupplier && !checkPerm('ViewAllSupplier')) {
             if ($canViewDisableSupplier && !checkPerm('ViewAllSupplier')) {
                 $mainQuery->orWhere('status', SupplierChannelModel::STATUS_DISABLE);
                 $mainQuery->orWhere('status', SupplierChannelModel::STATUS_DISABLE);
             }
             }
+
+            //只有原厂、代理商需要走权限,其他性质的随便看
+            if (!checkPerm('ViewAllSupplier')) {
+                $mainQuery->orWhereNotIn('supplier_group', [
+                    SupplierChannelModel::SUPPLIER_GROUP_ORIGINAL,
+                    SupplierChannelModel::SUPPLIER_GROUP_PROXY
+                ]);
+            }
         });
         });
 
 
         $query->with(['contact', 'attachment', 'yunxin_account']);
         $query->with(['contact', 'attachment', 'yunxin_account']);

app/Http/Services/ViewCheckService.php

@@ -7,6 +7,7 @@ namespace App\Http\Services;
 //后台用户相关信息服务
 //后台用户相关信息服务
 use App\Model\RedisModel;
 use App\Model\RedisModel;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\DB;
+use App\Model\SupplierChannelModel;
 
 
 //用于判断是否已经查看的服务
 //用于判断是否已经查看的服务
 class ViewCheckService
 class ViewCheckService
@@ -32,11 +33,59 @@ class ViewCheckService
         foreach ($supplierIds as $key => $supplierId) {
         foreach ($supplierIds as $key => $supplierId) {
             if (!empty($result[$key])) {
             if (!empty($result[$key])) {
                 $data[$supplierId] = true;
                 $data[$supplierId] = true;
-            }else{
+            } else {
                 $data[$supplierId] = false;
                 $data[$supplierId] = false;
             }
             }
         }
         }
 
 
         return $data;
         return $data;
     }
     }
-}
+
\ No newline at end of file
+    //判断是否能进行供应商编辑
+    public function checkCanEditSupplier($supplierId)
+    {
+        $userId = request()->user->userId;
+        $codeId = request()->user->codeId;
+        if (checkPerm('ViewAllSupplier')) {
+            return true;
+        }
+
+        if (checkPerm('ViewSubordinateSupplier')) {
+            $departmentService = new DepartmentService();
+            $subordinateUserIds = $departmentService->getSubordinateUserIds($userId);
+            $adminUserService = new AdminUserService();
+            $subordinateCodeIds = $adminUserService->getCodeIdsByUserIds($subordinateUserIds);
+            $subordinateCodeIds = $subordinateCodeIds->toArray();
+
+            $likeSqlRaw = implode('|', $subordinateCodeIds);
+            $inCodeIdSql = implode(',', $subordinateCodeIds);
+            $inUserIdSql = implode(',', $subordinateUserIds);
+            $inCodeIdSql = "(" . $inCodeIdSql . ")";
+            $inUserIdSql = "(" . $inUserIdSql . ")";
+            if ($subordinateCodeIds) {
+                //找出相关的供应商id
+                $supplierIds = SupplierChannelModel::whereRaw("(create_uid in $inUserIdSql or purchase_uid in $inCodeIdSql or channel_uid REGEXP '$likeSqlRaw')")->pluck('supplier_id')->toArray();
+                if (in_array($supplierId, $supplierIds)) {
+                    return true;
+                }
+            }
+        }
+
+
+        $supplier = SupplierChannelModel::where('supplier_id', $supplierId)->first()->toArray();
+        $channelUid = $supplier['channel_uid'];
+        $purchaseUid = $supplier['purchase_uid'];
+        $createUid = $supplier['create_uid'];
+        $channelUid = !empty($channelUid) ? explode(',', $channelUid) : [];
+        if (in_array($userId, $channelUid)) {
+            return true;
+        }
+        if ($codeId == $purchaseUid) {
+            return true;
+        }
+        if ($userId == $createUid) {
+            return true;
+        }
+        return false;
+    }
+}

resources/views/web/SupplierDetail.blade.php

@@ -73,8 +73,10 @@
                     </button>
                     </button>
                 @elseif($supplier['status']==\App\Model\SupplierChannelModel::STATUS_PASSED||$supplier['status']==\App\Model\SupplierChannelModel::STATUS_REJECT
                 @elseif($supplier['status']==\App\Model\SupplierChannelModel::STATUS_PASSED||$supplier['status']==\App\Model\SupplierChannelModel::STATUS_REJECT
 ||$supplier['status']==\App\Model\SupplierChannelModel::STATUS_PENDING)
 ||$supplier['status']==\App\Model\SupplierChannelModel::STATUS_PENDING)
+                    @if((new App\Http\Services\ViewCheckService())->checkCanEditSupplier($supplier['supplier_id']))
                     <a id="updateSupplierUrl"
                     <a id="updateSupplierUrl"
                        style="margin-bottom: 25px;margin-top: 5px" class="layui-btn layui-btn">修改</a>
                        style="margin-bottom: 25px;margin-top: 5px" class="layui-btn layui-btn">修改</a>
+                    @endif
                 @endif
                 @endif
                 @if($supplier['status']==\App\Model\SupplierChannelModel::STATUS_DISABLE && $supplier['is_entity']==\App\Model\SupplierChannelModel::IS_ENTITY_FALSE)
                 @if($supplier['status']==\App\Model\SupplierChannelModel::STATUS_DISABLE && $supplier['is_entity']==\App\Model\SupplierChannelModel::IS_ENTITY_FALSE)
                     @if (checkPerm('CancelDisableSupplier'))
                     @if (checkPerm('CancelDisableSupplier'))

storage/framework/views/d4d13e9bcdea7366e4952031431aae4b22f055c1.php

@@ -188,7 +188,7 @@
                 align: 'center',
                 align: 'center',
                 width: 120,
                 width: 120,
                 templet: function (data) {
                 templet: function (data) {
-                    return data.yunxin_account ? '是' : '否';
+                    return data.yunxin_account ? ( data.yunxin_account.a_status == 1?'是':'否') : '否';
                 }
                 }
             },
             },
             //通过芯链上传合同
             //通过芯链上传合同