在需要验证项目人员权限的控制器中加入如下代码
~~~
//访问范围
public $visitRange;
protected function init()
{
$request = Request::instance();
$action = $request->action(true);
//获取当前action名称
switch ($action) {
case "addSubcontractContract":
case "listSubcontractContract":
case "editSubcontractContract":
case "delSubcontractContract":
//设置请求类型
$this->requestType = "post";
break;
case "getSubcontractContractById":
//设置请求类型
$this->requestType = "get|post";
break;
}
/**
* manager_staff 项目经理ID
* management_staff 项目人员ID
* material_staff 材料人员
* design_staff 设计人员
* special_staff 特殊人员ID
*/
//采用switch来处理每个请求接口不同的访问人
switch ($action) {
//有权限添加分包合同:项目经理,项目人员,特殊人员
case "addSubcontractContract":
$this->visitRange = 'manager_staff,management_staff,special_staff';
break;
case 'listSubcontractContract':
case 'getSubcontractContractById':
case "editSubcontractContract":
//有权限删除分包合同:项目经理,特殊权限人员
case "delSubcontractContract":
$this->visitRange = 'manager_staff,special_staff';
break;
}
//self::check($this->visitRange);
}
/**
* Note:
* Think:
* User: HuYang-TSJ
* Date: 2019/2/28 9:36
* @param $visitRange
* @throws RequestException
* @throws \think\db\exception\DataNotFoundException
* @throws \think\db\exception\ModelNotFoundException
* @throws \think\exception\DbException
*/
public function check($visitRange)
{
$projectIdArray = input('project_id');
$id = input('id');
if (!empty($id)) {
$res = SubConModel::field('id,project_id')->select($id);
$projectIdArray = array();
foreach ($res as $item) {
array_push($projectIdArray, $item['project_id']);
}
}
$project = ProjectStaff::where('project_id', 'in', $projectIdArray)->field('id,' . $visitRange)
->select();
$tempStaffId = '';
$visitRange = explode(',', $visitRange);
foreach ($project as $p) {
$p = $p->getData();
foreach ($visitRange as $item) {
$tempStaffId = $tempStaffId . $p[$item] . ',';
}
}
if (!empty($project)) {
$user = WebSys::getTokenUser()['id'];
if (!in_array($user, explode(',', $tempStaffId))) {
throw new RequestException([
'code' => 403,
'msg' => "无权访问,请在项目人员中修改所处职位!"
]);
}
}
}
~~~
