编辑数据和查看详情增加非自己数据校验

5 years ago · 33266f6195
4 changed files with 61 additions and 10 deletions
--- a/app/AdminAgent/Controllers/AgentProductController.php
+++ b/app/AdminAgent/Controllers/AgentProductController.php
@ -216,9 +216,6 @@ class AgentProductController extends AdminController

 			$agent_id = Admin::user()->id;

-        	//不允许编辑的字段
-			$form->ignore(['id', 'agent_id', 'status', 'created_at', 'updated_at', 'deleted_at']);
-
 			$product_ids = explode(',', $form->product_ids);
 			if (empty($product_ids)) {
 				return $form->response()->error('请选择产品');
@ -242,6 +239,9 @@ class AgentProductController extends AdminController
 			$form->agent_id = $agent_id;
 			$form->status = $form->status == ProductStatus::ON_SALE ? ProductStatus::ON_SALE : ProductStatus::SOLD_OUT;

+			//不允许编辑的字段
+			$form->ignore(['id', 'agent_id', 'status', 'created_at', 'updated_at', 'deleted_at']);
+
 			//判断是否重复发布产品
 			$where = [
 				['agent_id', '=', $agent_id],
@ -254,6 +254,11 @@ class AgentProductController extends AdminController
 			if ($form->repository()->model()->where($where)->exists()) {
 				return $form->response()->error('该产品已经存在，请勿重复发布');
 			}
+		})->deleting(function (Form $form) {
+			//不允许删除非自己的数据
+			if ($form->model()[0]['agent_id'] != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
 		});
    }
 }
--- a/app/AdminAgent/Controllers/CategoryController.php
+++ b/app/AdminAgent/Controllers/CategoryController.php
@ -78,6 +78,11 @@ class CategoryController extends AdminController
    protected function form()
    {
        return Form::make(new Category(), function (Form $form) {
+			//不允许查看非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
            $agent_id = Admin::user()->id;
 			$options = Category::selectOptions(fn($query) => $query->where('agent_id', $agent_id));

--- a/app/AdminAgent/Controllers/SlideController.php
+++ b/app/AdminAgent/Controllers/SlideController.php
@ -53,7 +53,12 @@ class SlideController extends AdminController
    protected function detail($id)
    {
        return Show::make($id, new Slide(['agentProduct.product:id,title,pictures']), function (Show $show) {
-            $show->field('id');
+			//不允许查看非自己的数据
+			if ($show->model()->agent_id != Admin::user()->id) {
+				Admin::exit('数据不存在');
+			}
+
+			$show->field('id');
            $show->field('title');
            $show->field('picture')->image('', 80, 80);
 			$show->field('type')->using(['链接到产品详情', '链接到网址']);
@ -79,7 +84,12 @@ class SlideController extends AdminController
    protected function form()
    {
        return Form::make(new Slide(), function (Form $form) {
-            $form->display('id');
+			//不允许查看非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			$form->display('id');
            $form->text('title')
 				->help('主要用于后台显示，方便管理');
            $form->image('picture')
@ -112,9 +122,12 @@ class SlideController extends AdminController
 				});
            $form->text('sort')->default(255)->required();
        })->saving(function (Form $form) {
-        	//不允许编辑的字段
-			$form->ignore(['id']);
+			//不允许修改非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}

+			//将null字段设置为空值，防止插入数据库出错
 			foreach ($form->input() as $k => $v) {
 				if (is_null($v)) {
 					$form->$k = '';
@ -127,6 +140,14 @@ class SlideController extends AdminController
 			$form->status = $form->status ? 1 : 0;
 			$form->url = $form->{'url-' . $form->type};
 			$form->deleteInput(['url-0', 'url-1']);
+
+			//不允许编辑的字段
+			$form->ignore(['id', 'created_at', 'updated_at']);
+		})->deleting(function (Form $form) {
+			//不允许删除非自己的数据
+			if ($form->model()[0]['agent_id'] != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
 		});
    }
 }
--- a/app/AdminAgent/Controllers/SpecialController.php
+++ b/app/AdminAgent/Controllers/SpecialController.php
@ -70,7 +70,12 @@ class SpecialController extends AdminController
    protected function detail($id)
    {
        return Show::make($id, new Special(), function (Show $show) {
-            $show->field('id');
+			//不允许查看非自己的数据
+			if ($show->model()->agent_id != Admin::user()->id) {
+				Admin::exit('数据不存在');
+			}
+
+			$show->field('id');
 			$show->field('picture_ad')->image('', 80, 80);
            $show->field('picture')->image('', 80, 80);
 			$show->field('agent_product_id', '产品')
@ -95,7 +100,12 @@ class SpecialController extends AdminController
    protected function form()
    {
        return Form::make(new Special(), function (Form $form) {
-            $form->display('id');
+			//不允许查看非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			$form->display('id');
 			$form->image('picture_ad')
 				->required()->removable(false)->uniqueName()
 				->help('图片大小：750*230');
@ -122,12 +132,22 @@ class SpecialController extends AdminController
 				->value(join(',', $form->model()->agent_product_id ?? []));
            $form->text('sort')->default(255);
        })->saving(function (Form $form) {
-        	//处理特殊字段
+			//不允许修改非自己的数据
+			if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
+
+			//处理特殊字段
 			$form->hidden(['agent_id', 'created_at', 'updated_at']);
 			$form->agent_id = Admin::user()->id;

 			//不允许编辑的字段
 			$form->ignore(['id', 'agent_id', 'created_at', 'updated_at']);
+		})->deleting(function (Form $form) {
+			//不允许删除非自己的数据
+			if ($form->model()[0]['agent_id'] != Admin::user()->id) {
+				return $form->response()->error('数据不存在');
+			}
 		});
    }
 }