diff --git a/app/AdminAgent/Controllers/AgentProductController.php b/app/AdminAgent/Controllers/AgentProductController.php index 00365a2..4a7d927 100644 --- a/app/AdminAgent/Controllers/AgentProductController.php +++ b/app/AdminAgent/Controllers/AgentProductController.php @@ -216,9 +216,6 @@ class AgentProductController extends AdminController $agent_id = Admin::user()->id; - //不允许编辑的字段 - $form->ignore(['id', 'agent_id', 'status', 'created_at', 'updated_at', 'deleted_at']); - $product_ids = explode(',', $form->product_ids); if (empty($product_ids)) { return $form->response()->error('请选择产品'); @@ -242,6 +239,9 @@ class AgentProductController extends AdminController $form->agent_id = $agent_id; $form->status = $form->status == ProductStatus::ON_SALE ? ProductStatus::ON_SALE : ProductStatus::SOLD_OUT; + //不允许编辑的字段 + $form->ignore(['id', 'agent_id', 'status', 'created_at', 'updated_at', 'deleted_at']); + //判断是否重复发布产品 $where = [ ['agent_id', '=', $agent_id], @@ -254,6 +254,11 @@ class AgentProductController extends AdminController if ($form->repository()->model()->where($where)->exists()) { return $form->response()->error('该产品已经存在,请勿重复发布'); } + })->deleting(function (Form $form) { + //不允许删除非自己的数据 + if ($form->model()[0]['agent_id'] != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } }); } } diff --git a/app/AdminAgent/Controllers/CategoryController.php b/app/AdminAgent/Controllers/CategoryController.php index db1627c..7de0f71 100644 --- a/app/AdminAgent/Controllers/CategoryController.php +++ b/app/AdminAgent/Controllers/CategoryController.php @@ -78,6 +78,11 @@ class CategoryController extends AdminController protected function form() { return Form::make(new Category(), function (Form $form) { + //不允许查看非自己的数据 + if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } + $agent_id = Admin::user()->id; $options = Category::selectOptions(fn($query) => $query->where('agent_id', $agent_id)); diff --git a/app/AdminAgent/Controllers/SlideController.php b/app/AdminAgent/Controllers/SlideController.php index 09bcb8a..8a0df49 100644 --- a/app/AdminAgent/Controllers/SlideController.php +++ b/app/AdminAgent/Controllers/SlideController.php @@ -53,7 +53,12 @@ class SlideController extends AdminController protected function detail($id) { return Show::make($id, new Slide(['agentProduct.product:id,title,pictures']), function (Show $show) { - $show->field('id'); + //不允许查看非自己的数据 + if ($show->model()->agent_id != Admin::user()->id) { + Admin::exit('数据不存在'); + } + + $show->field('id'); $show->field('title'); $show->field('picture')->image('', 80, 80); $show->field('type')->using(['链接到产品详情', '链接到网址']); @@ -79,7 +84,12 @@ class SlideController extends AdminController protected function form() { return Form::make(new Slide(), function (Form $form) { - $form->display('id'); + //不允许查看非自己的数据 + if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } + + $form->display('id'); $form->text('title') ->help('主要用于后台显示,方便管理'); $form->image('picture') @@ -112,9 +122,12 @@ class SlideController extends AdminController }); $form->text('sort')->default(255)->required(); })->saving(function (Form $form) { - //不允许编辑的字段 - $form->ignore(['id']); + //不允许修改非自己的数据 + if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } + //将null字段设置为空值,防止插入数据库出错 foreach ($form->input() as $k => $v) { if (is_null($v)) { $form->$k = ''; @@ -127,6 +140,14 @@ class SlideController extends AdminController $form->status = $form->status ? 1 : 0; $form->url = $form->{'url-' . $form->type}; $form->deleteInput(['url-0', 'url-1']); + + //不允许编辑的字段 + $form->ignore(['id', 'created_at', 'updated_at']); + })->deleting(function (Form $form) { + //不允许删除非自己的数据 + if ($form->model()[0]['agent_id'] != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } }); } } diff --git a/app/AdminAgent/Controllers/SpecialController.php b/app/AdminAgent/Controllers/SpecialController.php index d011fc6..ccd01f7 100644 --- a/app/AdminAgent/Controllers/SpecialController.php +++ b/app/AdminAgent/Controllers/SpecialController.php @@ -70,7 +70,12 @@ class SpecialController extends AdminController protected function detail($id) { return Show::make($id, new Special(), function (Show $show) { - $show->field('id'); + //不允许查看非自己的数据 + if ($show->model()->agent_id != Admin::user()->id) { + Admin::exit('数据不存在'); + } + + $show->field('id'); $show->field('picture_ad')->image('', 80, 80); $show->field('picture')->image('', 80, 80); $show->field('agent_product_id', '产品') @@ -95,7 +100,12 @@ class SpecialController extends AdminController protected function form() { return Form::make(new Special(), function (Form $form) { - $form->display('id'); + //不允许查看非自己的数据 + if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } + + $form->display('id'); $form->image('picture_ad') ->required()->removable(false)->uniqueName() ->help('图片大小:750*230'); @@ -122,12 +132,22 @@ class SpecialController extends AdminController ->value(join(',', $form->model()->agent_product_id ?? [])); $form->text('sort')->default(255); })->saving(function (Form $form) { - //处理特殊字段 + //不允许修改非自己的数据 + if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } + + //处理特殊字段 $form->hidden(['agent_id', 'created_at', 'updated_at']); $form->agent_id = Admin::user()->id; //不允许编辑的字段 $form->ignore(['id', 'agent_id', 'created_at', 'updated_at']); + })->deleting(function (Form $form) { + //不允许删除非自己的数据 + if ($form->model()[0]['agent_id'] != Admin::user()->id) { + return $form->response()->error('数据不存在'); + } }); } }