Leadfyy.co
/
hainan
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

增加非自己数据的判断

dev
李可松 4 years ago
parent
0b0a910bcc
commit
cdfa013254
4 changed files with 75 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      app/AdminAgent/Controllers/AgentProductController.php
  2. 23
      app/AdminAgent/Controllers/CategoryController.php
  3. 18
      app/AdminAgent/Controllers/OrderController.php
  4. 18
      app/AdminAgent/Controllers/UserController.php

15
app/AdminAgent/Controllers/AgentProductController.php
View File

@ -100,6 +100,11 @@ class AgentProductController extends AdminController
protected function detail($id) protected function detail($id)
{ {
return Show::make($id, new AgentProduct(['agent:id,name', 'product.supplier:id,name']), function (Show $show) { return Show::make($id, new AgentProduct(['agent:id,name', 'product.supplier:id,name']), function (Show $show) {
//不允许查看非自己的数据
if ($show->model()->agent_id != Admin::user()->id) {
Admin::exit('数据不存在');
}
$show->field('id'); $show->field('id');
$show->field('agent_id'); $show->field('agent_id');
$show->field('product_id'); $show->field('product_id');
@ -137,6 +142,11 @@ class AgentProductController extends AdminController
return Form::make(new AgentProduct(['product:id,title']), function (Form $form) { return Form::make(new AgentProduct(['product:id,title']), function (Form $form) {
$agent_id = Admin::user()->id; $agent_id = Admin::user()->id;
//不允许查看非自己的数据
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
$form->display('id'); $form->display('id');
$form->hidden('agent_id')->value($agent_id); $form->hidden('agent_id')->value($agent_id);
$form->hidden('status')->value(ProductStatus::UNAUDITED); $form->hidden('status')->value(ProductStatus::UNAUDITED);
@ -167,6 +177,11 @@ class AgentProductController extends AdminController
->default(settlement::INSTANT) ->default(settlement::INSTANT)
->required(); ->required();
})->saving(function (Form $form) { })->saving(function (Form $form) {
//不允许修改非自己的数据
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
$agent_id = Admin::user()->id; $agent_id = Admin::user()->id;
//判断供应商产品是否存在或下架 //判断供应商产品是否存在或下架

23
app/AdminAgent/Controllers/CategoryController.php
View File

@ -37,6 +37,8 @@ class CategoryController extends AdminController
protected function grid() protected function grid()
{ {
return Grid::make(new Category(), function (Grid $grid) { return Grid::make(new Category(), function (Grid $grid) {
$grid->model()->where('agent_id', Admin::user()->id);
$grid->column('id')->sortable(); $grid->column('id')->sortable();
$grid->column('name'); $grid->column('name');
$grid->column('pid'); $grid->column('pid');
@ -55,6 +57,11 @@ class CategoryController extends AdminController
protected function detail($id) protected function detail($id)
{ {
return Show::make($id, new Category(), function (Show $show) { return Show::make($id, new Category(), function (Show $show) {
//不允许查看非自己的数据
if ($show->model()->agent_id != Admin::user()->id) {
Admin::exit('数据不存在');
}
$show->field('id'); $show->field('id');
$show->field('name'); $show->field('name');
$show->field('pid'); $show->field('pid');
@ -75,27 +82,33 @@ class CategoryController extends AdminController
$options = Category::selectOptions(fn($query) => $query->where('agent_id', $agent_id)); $options = Category::selectOptions(fn($query) => $query->where('agent_id', $agent_id));
$form->display('id'); $form->display('id');
$form->hidden('agent_id')->value($agent_id)->required();
$form->select('pid')->options($options)->required(); $form->select('pid')->options($options)->required();
$form->text('name')->required(); $form->text('name')->required();
$form->text('sort')->default(255)->help('越小越靠前'); $form->text('sort')->default(255)->help('越小越靠前');
// $form->text('template'); // $form->text('template');
})->saving(function (Form $form) { })->saving(function (Form $form) {
//不允许修改非自己的数据
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
//不允许编辑的字段 //不允许编辑的字段
$form->ignore(['id', 'deleted_at']); $form->ignore(['id', 'deleted_at']);
$form->agent_id = Admin::user()->id; $form->agent_id = Admin::user()->id;
$form->sort = $form->sort ?? 255; $form->sort = $form->sort ?? 255;
})->deleting(function (Form $form) { })->deleting(function (Form $form) {
//获取到要删除分类的ID
$category_id = (int)$form->getKey();
//不允许修改非自己的数据
if ($form->model()[0]['agent_id'] != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
//获取要删除类目的所有下级ID //获取要删除类目的所有下级ID
$agent_id = Admin::user()->id; $agent_id = Admin::user()->id;
$category = Category::where('agent_id', $agent_id)->pluck('pid', 'id')->toArray(); $category = Category::where('agent_id', $agent_id)->pluck('pid', 'id')->toArray();
$ids = getChildCate($category_id, $category);
$ids = getChildCate((int)$form->getKey(), $category);
if (AgentProduct::query()->where('agent_id', $agent_id)->whereIn('category_id', $ids)->exists()) {
if (AgentProduct::where('agent_id', $agent_id)->whereIn('category_id', $ids)->exists()) {
return $form->response()->error('该分类下已经发布产品,不允许删除'); return $form->response()->error('该分类下已经发布产品,不允许删除');
} }
}); });

18
app/AdminAgent/Controllers/OrderController.php
View File

@ -83,7 +83,10 @@ class OrderController extends AdminController
return Show::make($id, new Order(['product.supplier:id,name']), function (Show $show) { return Show::make($id, new Order(['product.supplier:id,name']), function (Show $show) {
$show->disableDeleteButton(); $show->disableDeleteButton();
$show->repository()->model()->where('agent_id', Admin::user()->id);
//不允许查看非自己的数据
if ($show->model()->agent_id != Admin::user()->id) {
Admin::exit('数据不存在');
}
$show->field('id'); $show->field('id');
$show->field('user_id'); $show->field('user_id');
@ -115,11 +118,24 @@ class OrderController extends AdminController
return Form::make(new Order(), function (Form $form) { return Form::make(new Order(), function (Form $form) {
$form->disableDeleteButton(); $form->disableDeleteButton();
//不允许查看非自己的数据
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
$form->display('id'); $form->display('id');
$form->text('name'); $form->text('name');
$form->text('mobile'); $form->text('mobile');
$form->select('status')->options(OrderStatus::array()); $form->select('status')->options(OrderStatus::array());
})->saving(function (Form $form) { })->saving(function (Form $form) {
//不允许修改非自己的数据
if ($form->isCreating()) {
return $form->response()->error('不允许此操作');
}
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
//不允许编辑的字段 //不允许编辑的字段
$form->ignore(['id', 'user_id', 'agent_id', 'agent_product_id', 'product_id', 'product_ids', 'order_no', $form->ignore(['id', 'user_id', 'agent_id', 'agent_product_id', 'product_id', 'product_ids', 'order_no',
'pay_type', 'paid_money', 'created_at', 'updated_at', 'deleted_at']); 'pay_type', 'paid_money', 'created_at', 'updated_at', 'deleted_at']);

18
app/AdminAgent/Controllers/UserController.php
View File

@ -56,6 +56,11 @@ class UserController extends AdminController
return Show::make($id, new User(), function (Show $show) { return Show::make($id, new User(), function (Show $show) {
$show->disableDeleteButton(); $show->disableDeleteButton();
//不允许查看非自己的数据
if ($show->model()->agent_id != Admin::user()->id) {
Admin::exit('数据不存在');
}
$show->field('id'); $show->field('id');
$show->field('avatar')->image(80, 80); $show->field('avatar')->image(80, 80);
$show->field('mobile'); $show->field('mobile');
@ -76,15 +81,26 @@ class UserController extends AdminController
return Form::make(new User(), function (Form $form) { return Form::make(new User(), function (Form $form) {
$form->disableDeleteButton(); $form->disableDeleteButton();
//不允许查看非自己的数据
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
$form->display('id'); $form->display('id');
$form->display('nickname'); $form->display('nickname');
$form->text('mobile'); $form->text('mobile');
$form->switch('status'); $form->switch('status');
$form->switch('verifier'); $form->switch('verifier');
})->saving(function (Form $form) { })->saving(function (Form $form) {
//不允许修改非自己的数据
if ($form->isEditing() && $form->model()->agent_id != Admin::user()->id) {
return $form->response()->error('数据不存在');
}
//不允许编辑的字段 //不允许编辑的字段
$form->ignore(['id', 'nickname', 'deleted_at']);
$form->ignore(['id', 'agent_id', 'nickname', 'deleted_at']);
//处理特殊字段
$form->agent_id = Admin::user()->id; $form->agent_id = Admin::user()->id;
$form->status = $form->status ? 1 : 0; $form->status = $form->status ? 1 : 0;
$form->verifier = $form->verifier ? 1 : 0; $form->verifier = $form->verifier ? 1 : 0;

Write Preview
Loading…
Cancel
Save