权限

.env

@@ -14,11 +14,11 @@ DB_USERNAME=semour
 DB_PASSWORD='semour#zsyM'
 DB_PASSWORD='semour#zsyM'
 
 
 DB_CMS_CONNECTION=web
 DB_CMS_CONNECTION=web
-DB_CMS_HOST=192.168.1.252
+DB_CMS_HOST=234.db.liexindev.me
 DB_CMS_PORT=3306
 DB_CMS_PORT=3306
-DB_CMS_DATABASE=ichuntcms
-DB_CMS_USERNAME=ichuntcms
-DB_CMS_PASSWORD='ichuntcms#zsyM'
+DB_CMS_DATABASE=icdata
+DB_CMS_USERNAME=icdata
+DB_CMS_PASSWORD='icdata#zsyM'
 
 
 BROADCAST_DRIVER=log
 BROADCAST_DRIVER=log
 CACHE_DRIVER=file
 CACHE_DRIVER=file

app/Admin/Controllers/Api/OrderApiController.php

@@ -6,6 +6,7 @@ use App\Admin\Controllers\BaseController;
 use App\Admin\Service\OrderService;
 use App\Admin\Service\OrderService;
 use App\Exceptions\InvalidRequestException;
 use App\Exceptions\InvalidRequestException;
 use App\Http\Utils\ValidatorMsg;
 use App\Http\Utils\ValidatorMsg;
+use App\Models\Country;
 use App\Models\Increasid;
 use App\Models\Increasid;
 use App\Models\Order;
 use App\Models\Order;
 use App\Models\OrderAddress;
 use App\Models\OrderAddress;
@@ -194,5 +195,9 @@ class OrderApiController extends BaseController
     }
     }
 
 
 
 
+    public function getCountryList(Request $request){
+        $list = Country::getCountryMap();
+        return $this->setSuccessData(["list"=>$list]);
+    }
 
 
 }
 }

app/Admin/Controllers/OrderController.php

@@ -7,6 +7,7 @@ use App\Admin\Actions\OrderCancelAction;
 use App\Admin\Actions\OrderEditSatusAction;
 use App\Admin\Actions\OrderEditSatusAction;
 use App\Admin\Actions\OrderReverseAuditAction;
 use App\Admin\Actions\OrderReverseAuditAction;
 use App\Admin\Pages\OrderDetailPage;
 use App\Admin\Pages\OrderDetailPage;
+use App\Admin\Service\PermService;
 use App\Models\Cms\CmsUser;
 use App\Models\Cms\CmsUser;
 use App\Models\Order;
 use App\Models\Order;
 use App\Models\OrderPrice;
 use App\Models\OrderPrice;
@@ -49,8 +50,10 @@ class OrderController extends AdminController
      */
      */
     protected function grid()
     protected function grid()
     {
     {
+        $user = request()->user;
+//        dump(PermService::getUserPerms());
         return Grid::make(new Order(), function (Grid $grid) {
         return Grid::make(new Order(), function (Grid $grid) {
-            $grid->model()->with("scmUser")->orderBy('order_id', 'desc');
+            $grid->model()->rule(Order::$ruleViewList)->with("scmUser")->orderBy('order_id', 'desc');
             $grid->fixColumns(1,2);//固定列
             $grid->fixColumns(1,2);//固定列
 //            $grid->showColumnSelector();//开启字段选择器功能
 //            $grid->showColumnSelector();//开启字段选择器功能
             // 在 display 回调中使用
             // 在 display 回调中使用

app/Admin/Service/PermService.php

@@ -8,10 +8,11 @@
 
 
 namespace App\Admin\Service;
 namespace App\Admin\Service;
 
 
-use App\Http\Caches\PermCache;
-use App\Http\Models\Cms\UserInfoModel;
+use App\Models\Cms\CmsBusinessConfigModel;
+use App\Models\Cms\CmsRolePermModel;
 use App\Models\Cms\CmsUser;
 use App\Models\Cms\CmsUser;
 use App\Models\Cms\CmsUserDepartmentModel;
 use App\Models\Cms\CmsUserDepartmentModel;
+use App\Models\Cms\CmsUserPermModel;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Log;
 
 
 class PermService
 class PermService
@@ -19,6 +20,139 @@ class PermService
 
 
     const SELF_SYSTEM_NAME = "深贸后台";
     const SELF_SYSTEM_NAME = "深贸后台";
 
 
+    const ROLE_ADMIN = 1; // 管理员角色
+
+    const ROLE_BUYER = 2; // 采购员
+
+    const ROLE_BUYER_LEADER = 3; // 采购经理
+
+    const ROLE_BUYER_DIRECTOR = 4; // 采购总监
+
+    const ROLE_NULL = 0;  // 未设置角色
+
+    private static $role_name_map = [
+        "管理员" => self::ROLE_ADMIN,
+        "采购员" => self::ROLE_BUYER,
+        "采购经理" => self::ROLE_BUYER_LEADER,
+        "采购总监" => self::ROLE_BUYER_DIRECTOR
+    ];
+
+
+    // 获取当前用户角色
+    public static function getUserRoles($uid = 0, $email = "")
+    {
+        $admin = request()->get("user");
+        $uid = $uid ?: $admin->userId;
+        $email = $email ?: $admin->email;
+//        dump($uid);
+//        dump($email);
+        // 如果是管理员邮箱，直接返回管理员角色
+        if ($email == 'admin@ichunt.com') {
+            return [self::ROLE_ADMIN];
+        }
+
+        // 根据域名查询系统业务ID
+        $business = self::getBusinessInfo();
+        if (!$business) {
+            return [];
+        }
+        $bid = $business['bid'];
+
+        // 权限系统配置的管理帐号， 如果是权限系统中配置的管理员邮箱，直接返回管理员角色
+        $adminAccount = json_decode($business['admin'], true);
+        if (in_array($email, $adminAccount)) {
+            return [self::ROLE_ADMIN];
+        }
+
+        // 根据用户ID和业务ID查看角色
+        $userPerm = CmsUserPermModel::getUserPermByUidAndBid($uid, $bid);
+        if (empty($userPerm)) {
+            return [];
+        }
+
+        // 没有选择角色
+        if ($userPerm['roles'] == 'null') {
+            return [];
+        }
+
+        $role_list = [];
+        $role_ids = json_decode($userPerm['roles'], true);
+        if ($role_ids) {
+            $role_perm_list = CmsRolePermModel::getRolePermInfosByRoleIds($role_ids, $bid);
+            if ($role_perm_list) {
+                $role_name_list = array_column($role_perm_list, 'name');
+                foreach ($role_name_list as $role_name) {
+                    if (isset(self::$role_name_map[$role_name])) {
+                        $role_list[] = self::$role_name_map[$role_name];
+                    }
+                }
+            }
+        }
+
+        return $role_list;
+    }
+    // 获取用户所有权限
+    public static function getUserPerms()
+    {
+        $userAllPermList = [];
+        $business = self::getBusinessInfo();
+        //获取用户单独的权限
+        if (isset($business['bid'])) {
+            $bid = $business['bid'];
+            $userPerm = CmsUserPermModel::getUserPermByUidAndBid(request()->user->userId, $bid);//获取用户权限信息
+            if ($userPerm && isset($userPerm['perms'])) {
+                $userPermList = json_decode($userPerm['perms']);
+                if (is_array($userPermList)) {
+                    $userAllPermList = array_merge($userAllPermList, $userPermList);
+                }
+            }
+        }
+        //获取用户所在角色的权限
+        $rolePermList = [];
+        if (isset($userPerm['roles'])) {
+            $roleIds = json_decode($userPerm['roles'], true);//用户所有的角色
+            if ($roleIds) {
+                $rolePermData = CmsRolePermModel::getRolePermInfosByRoleIds($roleIds, $bid);
+                if ($rolePermData) {
+                    foreach ($rolePermData as $param) {//获取用户的角色权限
+                        $arrParam = json_decode($param['perms']);
+                        $rolePermList = array_merge($rolePermList, $arrParam);
+                    }
+                }
+            }
+        }
+        $userAllPermList = array_merge($userAllPermList, $rolePermList);
+
+        if (empty($userAllPermList)) {
+            Log::error("该用户未配置权限，请联系管理员,uid:" . request()->user->userId);
+        }
+        return $userAllPermList;
+    }
+
+    // 判断用户是否拥有某角色
+    public static function hasRole($role, $role_list)
+    {
+        return in_array($role, $role_list);
+    }
+
+
+    // 判断用户是否拥有某权限
+    public static function hasPerm($perm_id)
+    {
+        $user_perms = self::getUserPerms();
+        return in_array($perm_id, $user_perms);
+    }
+
+
+
+    // 获取系统信息
+    public static function getBusinessInfo()
+    {
+        return CmsBusinessConfigModel::getInfoByTitle(self::SELF_SYSTEM_NAME);
+    }
+
+
+
     // 获取指定用户下级所有人员
     // 获取指定用户下级所有人员
     public static function getSubUserId($userId)
     public static function getSubUserId($userId)
     {
     {

app/Http/Middleware/CheckLogin.php

@@ -2,6 +2,7 @@
 
 
 namespace App\Http\Middleware;
 namespace App\Http\Middleware;
 
 
+use App\Http\ApiHelper\Response;
 use Closure;
 use Closure;
 
 
 class CheckLogin
 class CheckLogin
@@ -54,7 +55,15 @@ class CheckLogin
 
 
         $user->header = $request->cookie('oa_header');
         $user->header = $request->cookie('oa_header');
         $request->user = $user;
         $request->user = $user;
+        $request->attributes->add(['user' => $user]);
+        if (empty($user)) {
+            return $this->redirectTo($request);
+        }
 
 
         return $next($request);
         return $next($request);
     }
     }
+    protected function redirectTo($request)
+    {
+        return Response::setError("need login..", 101);
+    }
 }
 }

app/Models/Cms/CmsBusinessConfigModel.php

+<?php
+/**
+ * Created by PhpStorm.
+ * User: duwenjun
+ * Date: 2021/8/10
+ * Time: 5:59 PM
+ */
+
+namespace App\Models\Cms;
+
+
+use Illuminate\Database\Eloquent\Model;
+
+class CmsBusinessConfigModel extends Model
+{
+    protected $connection = 'cms';
+
+    protected $table = 't_business_config';
+
+
+    public $timestamps = false;
+
+
+    public static function getInfoByUrl($url)
+    {
+        $res = self::where('url', $url)->first();
+        return ($res) ? $res->toArray() : [];
+    }
+
+    public static function getInfoByTitle($title)
+    {
+        $res = self::where('title', $title)->first();
+        return ($res) ? $res->toArray() : [];
+    }
+
+}

app/Models/Cms/CmsDepartmentModel.php

@@ -5,6 +5,8 @@ use Illuminate\Database\Eloquent\Model;
 
 
 class CmsDepartmentModel extends Model
 class CmsDepartmentModel extends Model
 {
 {
+
+    protected $connection = 'cms';
     protected $table = 'department';
     protected $table = 'department';
     public $timestamps = false;
     public $timestamps = false;
     protected $primaryKey = 'departmentId';
     protected $primaryKey = 'departmentId';

app/Models/Cms/CmsRolePermModel.php

+<?php
+/**
+ * Created by PhpStorm.
+ * User: duwenjun
+ * Date: 2021/8/10
+ * Time: 5:59 PM
+ */
+
+namespace App\Models\Cms;
+
+
+use Illuminate\Database\Eloquent\Model;
+
+class CmsRolePermModel extends Model
+{
+    protected $connection = 'cms';
+
+    protected $table = 't_role_perm';
+
+
+    public $timestamps = false;
+
+
+    public static function getRolePermInfosByRoleIds($role_ids, $bid)
+    {
+        $res = self::whereIn("roleId", $role_ids)->where("bid", $bid)->get();
+        return ($res) ? $res->toArray() : [];
+    }
+
+}

app/Models/Cms/CmsUserPermModel.php

+<?php
+/**
+ * Created by PhpStorm.
+ * User: duwenjun
+ * Date: 2021/8/10
+ * Time: 5:59 PM
+ */
+
+namespace App\Models\Cms;
+
+
+use Illuminate\Database\Eloquent\Model;
+
+class CmsUserPermModel extends Model
+{
+    protected $connection = 'cms';
+
+    protected $table = 't_user_perm';
+
+
+    public $timestamps = false;
+
+
+    public static function getUserPermByUidAndBid($uid, $bid)
+    {
+        dump($uid);
+        dump($bid);
+        $res = self::where(["userId" => $uid, "bid" => $bid])->first();
+        return ($res) ? $res->toArray() : [];
+    }
+
+}

app/Models/Order.php

@@ -8,7 +8,7 @@ use Dcat\Admin\Widgets\Box;
 use Dcat\Admin\Widgets\Dropdown;
 use Dcat\Admin\Widgets\Dropdown;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Model;
 
 
-class Order extends Model
+class Order extends BaseModel
 {
 {
 	use HasDateTimeFormatter;
 	use HasDateTimeFormatter;
     
     
@@ -37,6 +37,12 @@ class Order extends Model
         "交易成功"=>10,
         "交易成功"=>10,
     ];
     ];
 
 
+    //查看权限
+    public static $ruleViewList = [
+        "sem_order_viewAllList", //查看所有
+        "sem_order_viewSubList",//查看下级
+    ];
+
 
 
     public function scmUser()
     public function scmUser()
     {
     {

routes/api.php

@@ -27,6 +27,7 @@ Route::get('/orderDownloadShow', '\App\Admin\Controllers\Api\OrderApiController@
 Route::match(['get', 'post'],'/order/editOrderItems', '\App\Admin\Controllers\Api\OrderApiController@editOrderItems');//订单修改明细数据
 Route::match(['get', 'post'],'/order/editOrderItems', '\App\Admin\Controllers\Api\OrderApiController@editOrderItems');//订单修改明细数据
 Route::match(['get', 'post'],'/order/editOrderAdress', '\App\Admin\Controllers\Api\OrderApiController@editOrderAdress');//修改订单收货地址账单地址
 Route::match(['get', 'post'],'/order/editOrderAdress', '\App\Admin\Controllers\Api\OrderApiController@editOrderAdress');//修改订单收货地址账单地址
 Route::match(['get', 'post'],'/order/editOrderSettlement', '\App\Admin\Controllers\Api\OrderApiController@editOrderSettlement');//修改订单结算信息
 Route::match(['get', 'post'],'/order/editOrderSettlement', '\App\Admin\Controllers\Api\OrderApiController@editOrderSettlement');//修改订单结算信息
+Route::match(['get', 'post'],'/order/getCountryList', '\App\Admin\Controllers\Api\OrderApiController@getCountryList');//获取国家列表