init .

svipchao · May 6, 2023 · 4f2aa02 · 4f2aa02 · svipchao · May 6, 2023
1 parent 706ba18
commit 4f2aa02
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 56 deletions.
diff --git a/src/Model.php b/src/Model.php
@@ -15,7 +15,7 @@
  */
 abstract class Model extends \think\Model
 {
-    protected $globalScope = ['authData'];
+    protected $globalScope = ['commonAuth'];
 
     /**
      * 创建模型实例
@@ -124,32 +124,76 @@ public static function onAfterRestore($model)
     {
     }
 
-    // 字段权限
-    public function scopeAuthData($query): void
+    public function scopeCommonAuth($query): void
     {
         $node = NodeService::mk()->getNode(_getNode());
         if ($node['auth'] && !UserService::mk()->isAdmin()) {
-            $data = DataService::mk()->getUserData($this->name);
-            // 查询字段
-            if (!empty($data['field'])) $query->field($data['field']);
-            // 排除字段
-            if (!empty($data['withoutField'])) $query->withoutField($data['withoutField']);
-            // 并且条件
-            if (!empty($data['whereAndMap'])) $query->where($data['whereAndMap']);
-            // 或者条件
-            if (!empty($data['whereOrMap'])) {
-                $query->where(function ($query) use ($data) {
-                    $query->whereOr($data['whereOrMap']);
+            $fields = $query->getTableFields();
+            // 数据权限
+            $this->commonDataAuth($query, $fields);
+            // 用户数据范围
+            $this->commonUserAuth($query, $fields);
+            // 部门数据范围
+            $this->commonDeptAuth($query, $fields);
+            // 角色数据范围
+            $this->commonRoleAuth($query, $fields);
+        }
+    }
+
+    // 数据权限
+    private function commonDataAuth($query, $fields): void
+    {
+        $data = DataService::mk()->getUserData($this->name);
+        $data['fields'] = array_intersect($fields, $data['fields']);
+        $data['withoutField'] = array_intersect($fields, $data['withoutField']);
+        // 查询字段
+        if (!empty($data['field'])) $query->field(array_intersect($fields, $data['fields']));
+        // 排除字段
+        if (!empty($data['withoutField'])) $query->withoutField($data['withoutField']);
+        // 并且条件
+        if (!empty($data['whereAndMap'])) $query->where($data['whereAndMap']);
+        // 或者条件
+        if (!empty($data['whereOrMap'])) {
+            $query->where(function ($query) use ($data) {
+                $query->whereOr($data['whereOrMap']);
+            });
+        }
+        // 掩码显示
+        if (!empty($data['maskShow'])) {
+            foreach ($data['maskShow'] as $mask) {
+                $query->withAttr($mask, function () {
+                    return '***********';
                 });
             }
-            // 掩码显示
-            if (!empty($data['maskShow'])) {
-                foreach ($data['maskShow'] as $mask) {
-                    $query->withAttr($mask, function () {
-                        return '***********';
-                    });
-                }
-            }
+        }
+    }
+
+    // 用户数据范围
+    private function commonUserAuth($query, $fields): void
+    {
+        if (in_array('user_id', $fields)) {
+            $query->where('user_id', 'in', function ($query) {
+                $query->table('sys_auth')->whereOr([
+                    ['dept_id', 'in', UserService::mk()->getUserDeptIds()],
+                    ['user_id', 'in', UserService::mk()->getUserSubUserIds()]
+                ])->field('user_id');
+            });
+        }
+    }
+
+    // 部门数据范围
+    private function commonDeptAuth($query, $fields): void
+    {
+        if (in_array('dept_id', $fields)) {
+            $query->where('dept_id', 'in', UserService::mk()->getUserDeptIds());
+        }
+    }
+
+    // 角色数据范围
+    private function commonRoleAuth($query, $fields): void
+    {
+        if (in_array('role_id', $fields)) {
+            $query->where('role_id', 'in', UserService::mk()->getUserRoleIds());
         }
     }
 }
diff --git a/src/model/SysRole.php b/src/model/SysRole.php
@@ -5,18 +5,10 @@
 
 use cccms\Model;
 use cccms\extend\ArrExtend;
-use cccms\services\UserService;
 use think\model\relation\HasMany;
 
 class SysRole extends Model
 {
-    protected $globalScope = ['data'];
-
-    public static function onBeforeWrite($model): void
-    {
-        parent::onBeforeWrite($model);
-    }
-
     public function setRoleIdAttr($value, $data)
     {
         $sonRes = $this->whereOr([
@@ -37,15 +29,10 @@ public function setRoleIdAttr($value, $data)
 
     public function setNodesAttr($value, $data)
     {
-        $sonRes = $this->whereOr([
-            ['id', '=', $data['id']],
-            ['role_id', 'find in set', $data['id']]
-        ])->column('id,role_ids');
-        if (is_string($value)) {
-            $value = explode(',', $value);
-        }
-        $this->nodes()->delete();
-        $this->nodes()->saveAll(ArrExtend::createTwoArray($value, 'node'));
+        if (is_string($value)) $value = explode(',', $value);
+        if (!is_array($value)) return true;
+        $this->auth()->delete();
+        $this->auth()->saveAll(ArrExtend::createTwoArray($value, 'node'));
     }
 
     /**
@@ -62,27 +49,13 @@ public static function onBeforeDelete($model): void
         }
     }
 
-    public function nodes(): HasMany
+    public function auth(): HasMany
     {
         return $this->hasMany(SysAuth::class, 'role_id', 'id');
     }
 
-    public function role(): HasMany
-    {
-        return $this->hasMany(SysRole::class, 'role_id', 'id');
-    }
-
     public function getAllOpenRoleIds(): array
     {
         return $this->where('status', 1)->cache('allRoleOpenId')->column('id');
     }
-
-    public function scopeData($query): void
-    {
-        if (UserService::mk()->isLogin() && !UserService::mk()->isAdmin()) {
-            $currentUserId = UserService::mk()->getUserInfo('id');
-            $roleIds = SysAuth::mk()->where('user_id', $currentUserId)->column('role_id');
-            $query->where('id', 'in', $roleIds);
-        }
-    }
 }
diff --git a/src/services/DataService.php b/src/services/DataService.php
@@ -84,7 +84,6 @@ public function getUserData(string $table = ''): array
             'whereAndMap' => [], // 并且条件
             'whereOrMap' => [], // 或者条件
         ];
-        if (UserService::mk()->isAdmin()) return $data;
         $userData = UserService::mk()->getUserAuths();
         foreach ($userData as $d) {
             if ($d['table_name'] !== $tableName) continue;

diff --git a/src/services/UserService.php b/src/services/UserService.php
@@ -92,7 +92,7 @@ public function getUserAuths(array $userInfo = []): array
                     ->where('a2.user_id', 2)->with(['post'])->select()->toArray();
             }
             // 单独拆出来 否则会扫描全表 数据越多越慢
-            $userAuth = SysAuth::mk()->with(['post'])->where(['user_id' => $userInfo['id']])->select()->toArray();
+            $userAuth = SysAuth::mk()->with(['post'])->where(['user_id' => $userInfo['id']])->_list();
             $data = array_merge($data, $userAuth);
             $this->app->cache->set('SysUserNodes_' . $userInfo['id'], $data);
         }
@@ -125,6 +125,22 @@ public function getUserDeptIds(array $userInfo = []): array
         return ArrExtend::toOneUnique([...$deptIds, ...$deptChildIds]);
     }
 
+    /**
+     * 获取用户拥有的角色ID
+     * @param array $userInfo
+     * @return array
+     */
+    public function getUserRoleIds(array $userInfo = []): array
+    {
+        $data = $this->getUserAuths($userInfo);
+        $roleIds = array_column($data, 'role_id');
+        $roleChildIds = $roleIds ? SysRole::mk()->whereOr(array_map(function ($item) {
+            return ['dept_ids', 'like', '%,' . $item . ',%'];
+        }, $roleIds))->column('id') : [];
+        if (empty($roleIds) && empty($roleChildIds)) return [];
+        return ArrExtend::toOneUnique([...$roleIds, ...$roleChildIds]);
+    }
+
     /**
      * 获取用户拥有的权限节点
      * @param array $userInfo