权限查询

b1c3adf1 · 杨树贤 · 022b576b · b1c3adf1 · b1c3adf1 · b1c3adf1
Commit b1c3adf1 authored Jul 19, 2022 by 杨树贤
Showing with 22 additions and 3 deletions
app/Http/Controllers/Filter/SupplierExaminationFilter.php
app/Http/Services/DepartmentService.php
resources/views/web/SupplierExaminationList.blade.php
--- a/app/Http/Controllers/Filter/SupplierExaminationFilter.php
+++ b/app/Http/Controllers/Filter/SupplierExaminationFilter.php
@@ -3,9 +3,12 @@

 namespace App\Http\Controllers\Filter;

+use App\Http\Services\AdminUserService;
+use App\Http\Services\DepartmentService;
 use App\Model\SupplierAccountModel;
 use App\Model\SupplierChannelModel;
 use App\Model\SupplierExaminationModel;
+use Illuminate\Support\Facades\DB;

 class SupplierExaminationFilter
 {
@@ -15,15 +18,25 @@ class SupplierExaminationFilter
        $map = $request->all();

        $canViewAllSupplierExamination = checkPerm('ViewAllSupplierExamination');
+        $canViewSubordinateSupplierExamination = checkPerm('ViewSubordinateSupplierExamination');
+        $userId = $request->user->userId;
        $name = $request->user->name;

        $model = new SupplierExaminationModel();
        $query = $model->orderBy('id', 'desc');

        if ($canViewAllSupplierExamination) {
-
+            //能查看所有的话,限制基本没有
        } else {
-            $query->where('purchase_name', $name);
+            //如果能看部下的,那需要判断的地方就多了不少
+            if ($canViewSubordinateSupplierExamination) {
+                $departmentService = new DepartmentService();
+                //下属用户(结果包括自己)
+                $subordinateUserNames = $departmentService->getSubordinateUserNames($userId);
+                $query->whereIn('purchase_name', $subordinateUserNames);
+            } else {
+                $query->where('purchase_name', $name);
+            }
        }

        if (!empty($map['supplier_name'])) {

--- a/app/Http/Services/DepartmentService.php
+++ b/app/Http/Services/DepartmentService.php
@@ -21,6 +21,13 @@ class DepartmentService
        return array_column($users, 'userId');
    }

+    public function getSubordinateUserNames($adminId)
+    {
+        $departmentId = DB::table('user_info')->where('userId', $adminId)->value('department_id');
+        $users = $this->getUserByDepartmentId($departmentId);
+        return array_column($users, 'name');
+    }
+
    // 获取部门人员
    public function getUserByDepartmentId($departmentId, $status = '', $filter = '')
    {

--- a/resources/views/web/SupplierExaminationList.blade.php
+++ b/resources/views/web/SupplierExaminationList.blade.php
@@ -55,7 +55,6 @@
            <button type="button" class="layui-btn layui-btn-sm" id="delete_supplier_examination">删除</button>
        @endif
    </div>
-
    <table class="layui-table" id="supplierExaminationList" lay-filter="supplierExaminationList"></table>
 </div>
 @if(request()->get('supplier_id'))