权限问题以及询价查看限制问题

app/Admin/Controllers/InquiryController.php

@@ -53,8 +53,17 @@ class InquiryController extends AdminController
 
 
             $grid->tools(new HandleInquiry(admin_trans('inquiry.labels.handle')));
+            //判断查看权限
+            if (checkPerm('sem_inquiry_viewAllList')) {
+            } elseif (checkPerm('sem_inquiry_viewSubList')) {
+                $subSalesIds = CmsUser::getInferiorUserIds(request()->user->userId);
+                $grid->model()->whereIn('sales_id', $subSalesIds);
+            } else {
+                $grid->model()->where('sales_id', request()->user->userId);
+            }
 
             $grid->model()->orderBy('inquiry_id', 'desc');
+
             $grid->column('inquiry_sn')->modal(function (Grid\Displayers\Modal $modal) {
                 $modal->xl();
                 $modal->icon('fa fa-list-ul');
@@ -66,7 +75,7 @@ class InquiryController extends AdminController
             });
             $grid->column('task_type')->display(admin_trans('inquiry.options.task_type.1'));
             $grid->column('user.user_sn')->display(function ($value) {
-                return '<a  target="_blank" iframe-extends=true iframe-tab=true href="/admin/users/'.$this->user->id.'" style="color:#1224cc">'.$value.'</a>';
+                return '<a  target="_blank" iframe-extends=true iframe-tab=true href="/admin/users/' . $this->user->id . '" style="color:#1224cc">' . $value . '</a>';
             });
             $grid->column('user.phone')->copyable();
             $grid->column('user.email')->copyable();

app/Http/Kernel.php

@@ -67,5 +67,6 @@ class Kernel extends HttpKernel
         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'permission' => Permission::class,
     ];
 }

app/Http/Middleware/Permission.php

@@ -16,13 +16,12 @@ class Permission
      */
     public function handle($request, Closure $next)
     {
-        $isApi = $request->ajax();
+        $isApi = $request->fullUrlIs('*/api/*');
         $user = $request->user;
         //处理权限和菜单
         $permData = config('perm.perm');
         $action = $request->route('key');
         empty($action) && $action = 'Index';
-
         //获取菜单
         if (!$isApi && empty($request->input('window'))) {
             $menuData = json_decode(curl($permData['menu_url'] . $permData['menu_id']));

app/Models/Cms/CmsUser.php

@@ -46,4 +46,12 @@ class CmsUser extends Model
 
         return ($res) ? $res->toArray() : [];
     }
+
+    //根据用户id获取下属id
+    public static function getInferiorUserIds($userId)
+    {
+        $departmentId = self::where('userId', $userId)->value('department_id');
+        $users = CmsUserDepartmentModel::getUserByDepartmentId($departmentId);
+        return array_column($users, 'userId');
+    }
 }

app/Models/Cms/CmsUserDepartmentModel.php

@@ -73,7 +73,7 @@ class CmsUserDepartmentModel extends Model
 
         self::getSubDepartmentId($departmentId, $departmentIds);
 
-        return CmsUserInfoModel::whereIn('department_id', $departmentIds)
+        return CmsUser::whereIn('department_id', $departmentIds)
             ->where(function ($query) use ($status) {
                 if ($status !== '') {
                     $query->where('status', '=', $status);
@@ -85,7 +85,7 @@ class CmsUserDepartmentModel extends Model
                 }
             })
             ->select('userId', 'name', 'status')
-            ->get();
+            ->get()->toArray();
     }
 
     // 获取下级部门ID