1.优化渠道管理中btn的权限问题
This commit is contained in:
@@ -8,12 +8,14 @@ use app\admin\library\Auth;
|
||||
use support\think\Db;
|
||||
|
||||
/**
|
||||
* 后台管理员渠道数据范围:角色组 channel_id 未绑定时可读全平台;否则按绑定渠道过滤。
|
||||
* 后台管理员渠道数据范围:
|
||||
* - 账号 channel_id 或角色组 channel_id 任一绑定 → 仅可读对应渠道(优先于「查看所有渠道」)
|
||||
* - 均未绑定且拥有 viewAllChannels → 全平台只读
|
||||
*/
|
||||
class AdminChannelScopeService
|
||||
{
|
||||
/**
|
||||
* 是否具备全平台只读范围(超管 / 角色组均未绑定渠道 / 拥有查看所有渠道权限)
|
||||
* 是否具备全平台只读范围(超管 / 未绑定任何渠道且拥有查看所有渠道)
|
||||
*/
|
||||
public static function hasGlobalReadScope(Auth $auth): bool
|
||||
{
|
||||
@@ -23,8 +25,8 @@ class AdminChannelScopeService
|
||||
if ($auth->isSuperAdmin()) {
|
||||
return true;
|
||||
}
|
||||
if (self::resolveBoundGroupChannelIds($auth) === []) {
|
||||
return true;
|
||||
if (self::resolveEffectiveChannelIds($auth) !== []) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return self::hasViewAllChannelsPermission($auth);
|
||||
@@ -40,23 +42,58 @@ class AdminChannelScopeService
|
||||
if (!$auth->isLogin()) {
|
||||
return [0];
|
||||
}
|
||||
if (self::hasGlobalReadScope($auth)) {
|
||||
if ($auth->isSuperAdmin()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$ids = self::resolveBoundGroupChannelIds($auth);
|
||||
$ids = self::resolveEffectiveChannelIds($auth);
|
||||
if ($ids !== []) {
|
||||
return $ids;
|
||||
}
|
||||
|
||||
$selfChannelId = (int) Db::name('admin')->where('id', (int) $auth->id)->value('channel_id');
|
||||
if ($selfChannelId > 0) {
|
||||
return [$selfChannelId];
|
||||
if (self::hasViewAllChannelsPermission($auth)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return [0];
|
||||
}
|
||||
|
||||
/**
|
||||
* 管理员实际绑定的渠道(角色组 channel_id + 账号 admin.channel_id,去重)
|
||||
*
|
||||
* @return array<int, int>
|
||||
*/
|
||||
public static function resolveEffectiveChannelIds(Auth $auth): array
|
||||
{
|
||||
$ids = self::resolveBoundGroupChannelIds($auth);
|
||||
$selfChannelId = self::resolveAdminAccountChannelId($auth);
|
||||
if ($selfChannelId > 0) {
|
||||
$ids[] = $selfChannelId;
|
||||
}
|
||||
|
||||
return array_values(array_unique($ids));
|
||||
}
|
||||
|
||||
/**
|
||||
* 当前管理员账号上的 channel_id
|
||||
*/
|
||||
public static function resolveAdminAccountChannelId(Auth $auth): int
|
||||
{
|
||||
if (!$auth->isLogin()) {
|
||||
return 0;
|
||||
}
|
||||
$uid = (int) $auth->id;
|
||||
if ($uid <= 0) {
|
||||
return 0;
|
||||
}
|
||||
$value = Db::name('admin')->where('id', $uid)->value('channel_id');
|
||||
if ($value === null || $value === '') {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return (int) $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* 当前管理员所属角色组上绑定的渠道 ID(去重)
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user