Skip to content

杨树贤 / liexin_supplier

Go to a project
Commit bc5d4b0e by mushishixian
Options

查看采购权限

parent 43533a5b
Inline Side-by-side
Showing with 73 additions and 40 deletions
.env
......@@ -88,6 +88,7 @@ LOGIN_DOMAIN=user.liexin.net
DOMAIN=liexin.net
API_DOMAIN=http://api.liexin.com
PERM_URL=http://perm.liexin.net/api/check
PERM_LIST=http://perm.liexin.net/api/perms
PERM_ID=25
PERM_GOURL=http://perm.liexin.net
ADMIN_GROUP=10000,20000
......
app/Http/Middleware/CheckLogin.php
......@@ -14,43 +14,47 @@ class CheckLogin
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$login = config('website.login');
if(empty($request->input('token'))){
if (empty($request->input('token'))) {
$userId = $request->cookie('oa_user_id');
$skey = $request->cookie('oa_skey');
$isApi = false;
$hasApiRoute = strpos($request->path(), 'api/');
$skey = $request->cookie('oa_skey');
$isApi = false;
$hasApiRoute = strpos($request->path(), 'api/');
if ($hasApiRoute === 0)
if ($hasApiRoute === 0) {
$isApi = true;
}
if (!$userId || !$skey || (string)((int)$userId) != $userId || !preg_match('/^[a-zA-Z0-9]+$/', $skey)) {
if ($isApi)
if ($isApi) {
return ["errcode" => 401, "errmsg" => "没有登录"];
}
return redirect($login['login'] . '?redirect=' . urlencode($request->fullUrl()));
}
$cookie = 'oa_user_id=' . $userId . '; oa_skey=' . $skey;
$rsp=curl($login['check'],'',false,false,$cookie);
$rsp = curl($login['check'], '', false, false, $cookie);
if (!$rsp) {
if ($isApi)
return ['errcode' =>10001, 'errmsg' => '鉴权失败'];
if ($isApi) {
return ['errcode' => 10001, 'errmsg' => '鉴权失败'];
}
abort(500);
}
$ret = json_decode($rsp);
if ($ret->retcode != 0) {
if ($isApi)
if ($isApi) {
return ["errcode" => $ret->retcode, "errmsg" => $ret->errMsg];
}
return redirect($login['login'] . '?redirect=' . urlencode($request->url()));
}
$user = $ret->data;
......@@ -59,9 +63,9 @@ class CheckLogin
$codeId = $intracodeModel->where('admin_id', $user->userId)->value('code_id');
$user->codeId = $codeId;
$request->user = $user;
}else{
$rsp = curl($login['dingtalk_check'],['token'=>trim($request->input('token'))]);
if(!$rsp){
} else {
$rsp = curl($login['dingtalk_check'], ['token' => trim($request->input('token'))]);
if (!$rsp) {
["errcode" => 401, "errmsg" => "登录失效"];
}
......@@ -78,6 +82,22 @@ class CheckLogin
$request->user = $user;
}
//把权限放到全局请求变量
//获取所有权限,以及有效的权限
$perms = $this->getPerms();
$request->perms = $perms;
return $next($request);
}
private function getPerms()
{
$userId = request()->user->userId;
$permsUrl = env('PERM_LIST') . '/' . $userId . '/' . env('PERM_ID') . '/';
$permsResult = json_decode(curl($permsUrl),true);
$perms = [];
if (isset($permsResult['retcode']) && $permsResult['retcode'] === 0) {
$perms = $permsResult['data']['perms'];
}
return $perms;
}
}
app/Http/Middleware/Menu.php
......@@ -22,25 +22,24 @@ class Menu
$action = $request->route('key');
empty($action) && $action = 'Dashboard';
//获取菜单
if (!$isApi) {
$menuconfig = json_decode(curl($permArr['menuUrl'] . $permArr['menuId']), true);
if (empty($menuconfig['data'])) {
$menuConfig = json_decode(curl($permArr['menuUrl'] . $permArr['menuId']), true);
if (empty($menuConfig['data'])) {
return $this->view('error', '菜单生成错误,请联系技术');
} else {
$menuconfig = $menuconfig['data'];
$menuConfig = $menuConfig['data'];
}
$menusData = menu($menuconfig, $request->user->userId);
$menusData = menu($menuConfig, $request->user->userId);
$menus = !in_array($request->user->userId, $permArr['adminGroup']) ?
$menusData['menus'] : $menuconfig;
$menusData : $menuConfig;
if (empty($menus)) {
return $this->view('Auth', '没有访问权限', $permArr['goUrl']);
}
//还要判断是否是基石的url,是的话,要返回绝对地址
$menus = $this->getAbsoluteUrl($menus);
$request->menus = $menus;
$request->perms = $menusData['perms'];
}
if (!in_array($user->userId, $permArr['adminGroup']) && $action != 'Dashboard') {//不是超级管理员
$perm = perm($request->user->userId, $action);
......
app/Http/Transformers/SupplierTransformer.php
......@@ -28,7 +28,7 @@ class SupplierTransformer
$supplier['create_time'] = date('Y-m-d H:i:s', $supplier['create_time']);
$supplier['audit_time'] = $supplier['audit_time'] ? date('Y-m-d H:i:s', $supplier['audit_time']) : '';
$supplier['update_time'] = $supplier['update_time'] ? date('Y-m-d H:i:s', $supplier['update_time']) : '';
$supplier['channel_username'] = $this->getChannelNames($supplier['channel_uid']);
$supplier['channel_username'] = $this->getChannelUserNames($supplier['channel_uid']);
$supplier['purchase_username'] = array_get($users, $supplier['purchase_uid']);
$supplier['status_name'] = array_get(config('fixed.SupplierStatus'), $supplier['status']);
$supplier['contact_num'] = $this->getContactNum($supplier['supplier_id']);
......@@ -58,15 +58,26 @@ class SupplierTransformer
return $model->where('supplier_id', $supplierId)->count();
}
public function getChannelNames($channelUid)
//获取采购员名字(权限分离)
public function getChannelUserNames($channelUid)
{
$canViewAllChannelUser = checkPerm('ViewAllChannelUser');
$intracodeModel = new IntracodeModel();
$userCodes = $intracodeModel->getSampleEncode();
$channelUidArr = explode(',', $channelUid);
$channelUidArr = array_map(function ($userId) use ($userCodes) {
return array_get($userCodes, $userId);
}, $channelUidArr);
return implode(',', $channelUidArr);
$data = [];
$channelUidList = explode(',', $channelUid);
foreach ($channelUidList as $codeId) {
if ($canViewAllChannelUser) {
if (!empty($codeId)) {
$data[] = array_get($userCodes, $codeId);
}
}else{
if ($codeId == request()->user->codeId) {
$data[] = array_get($userCodes, $codeId);
}
}
}
return implode(',', $data);
}
//判断当前登陆的用户,是不是非创建者,但是是属于该供应商的采购或者开发,如果是采购或者开发,就没有操作权限
......@@ -106,7 +117,7 @@ class SupplierTransformer
$supplier['main_brand_names'] = $this->getMainBrandNames($supplier['main_brands']);
$supplier['update_time'] = $supplier['update_time'] ? date('Y-m-d H:i:s', $supplier['update_time']) : '';
$supplier['create_time'] = $supplier['create_time'] ? date('Y-m-d H:i:s', $supplier['create_time']) : '';
$supplier['channel_username'] = $this->getChannelNames($supplier['channel_uid']);
$supplier['channel_username'] = $this->getChannelUserNames($supplier['channel_uid']);
$supplier['purchase_username'] = array_get($users, $supplier['purchase_uid']);
$supplier['qualification_photos'] = $this->getPhotosDataForForm($supplier['qualification_photos']);
$supplier['sku_upload_ruler'] = json_decode($supplier['sku_upload_ruler'], true);
......@@ -135,14 +146,14 @@ class SupplierTransformer
return [];
}
$photos = json_decode($photos, true);
if (empty($photos['business_license'])){
if (empty($photos['business_license'])) {
return [];
}
$data = [];
foreach ($photos as $name => $photo) {
$data[$name] = [
'value' => $photo['url'] . '|_|' . $photo['file_name'],
'file_name' => $photo['file_name'] ? : '选择文件上传',
'file_name' => $photo['file_name'] ?: '选择文件上传',
'url' => $photo['url'],
];
}
......
app/Http/function.php
......@@ -98,15 +98,9 @@ function menu($menu, $user)
}
}
}
return [
'menus' => array_merge($menu),
'perms' => $find,
];
return array_merge($menu);
} else {
return [
'menus' => false,
'perms' => [],
];
return [];
}
}
......@@ -174,3 +168,11 @@ function Autograph()
UploadImgUrl="' . $url . '"
</script>';
}
//判断是否有对应的权限
//request()->perms是CheckLogin中间件过来的
function checkPerm($perm)
{
$perms = request()->perms;
return in_array($perm, $perms);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment