|
|
@@ -12,6 +12,8 @@ class DataScopeBaseModel extends Model
|
|
|
const table_column = '';
|
|
|
//有权限的人的表关联id
|
|
|
const table_id_column = '';
|
|
|
+ //明细表
|
|
|
+ const detail_table_column = '';
|
|
|
|
|
|
public function __construct(array $attributes = [])
|
|
|
{
|
|
|
@@ -133,7 +135,7 @@ class DataScopeBaseModel extends Model
|
|
|
}
|
|
|
|
|
|
//根据公司过滤 加人员
|
|
|
- public function scopeTopAndEmployeeClear($query, $user, $search)
|
|
|
+ public function scopeTopAndEmployeeClear1($query, $user, $search)
|
|
|
{
|
|
|
$top_depart_id = "top_depart_id";
|
|
|
|
|
|
@@ -172,6 +174,68 @@ class DataScopeBaseModel extends Model
|
|
|
return $query;
|
|
|
}
|
|
|
|
|
|
+ public function scopeTopAndEmployeeClear($query, $user, $search)
|
|
|
+ {
|
|
|
+ $top_depart_id = "top_depart_id";
|
|
|
+
|
|
|
+ $table = $query->getQuery()->from;
|
|
|
+ $alias = $table; // 默认为原表名
|
|
|
+
|
|
|
+ // 如果 $table 里包含 " as ",说明有别名,截取别名部分
|
|
|
+ if (strpos($table, ' as ') !== false) {
|
|
|
+ $segments = explode(' as ', $table);
|
|
|
+ $table = trim(end($segments));
|
|
|
+
|
|
|
+ $top_depart_id = $table . '.top_depart_id';
|
|
|
+ }
|
|
|
+
|
|
|
+ $query->where($top_depart_id, $user['top_depart_id']);
|
|
|
+
|
|
|
+ // 如果是超级管理员,直接返回,拥有最高权限
|
|
|
+ if ($user['is_admin'] == Employee::IS_ADMIN_TWO) {
|
|
|
+ return $query;
|
|
|
+ }
|
|
|
+
|
|
|
+ // 获取模型的实例与类名
|
|
|
+ $model = $query->getModel();
|
|
|
+ $className = get_class($model);
|
|
|
+
|
|
|
+ // 1. 负责人表配置
|
|
|
+ $relationTable = defined($className . '::table_column') ? constant($className . '::table_column') : '';
|
|
|
+ $relationTableId = defined($className . '::table_id_column') ? constant($className . '::table_id_column') : '';
|
|
|
+
|
|
|
+ // 2. 新增:成员表配置
|
|
|
+ $detailTable = defined($className . '::detail_table_column') ? constant($className . '::detail_table_column') : '';
|
|
|
+
|
|
|
+ // 使用一个闭包将“负责人”或“成员”的权限求并集(OR 关系)
|
|
|
+ $query->where(function ($groupQuery) use ($relationTable, $relationTableId, $detailTable, $user, $alias) {
|
|
|
+
|
|
|
+ // 逻辑 A:负责人层级判定(原逻辑:项目/节点/任务负责人及上级负责人穿透)
|
|
|
+ $groupQuery->whereExists(function ($subQuery) use ($relationTable, $relationTableId, $user, $alias) {
|
|
|
+ $subQuery->from($relationTable)
|
|
|
+ ->whereColumn($relationTable . ".{$relationTableId}", $alias . '.id')
|
|
|
+ ->where($relationTable . '.data_id', $user['id'])
|
|
|
+ ->where($relationTable . '.del_time', 0)
|
|
|
+ ->where($relationTable . '.top_depart_id', $user['top_depart_id']);
|
|
|
+ });
|
|
|
+
|
|
|
+ // 逻辑 B:成员判定(新逻辑:仅当前层级成员可见,无向下穿透性)
|
|
|
+ // 直接用 orWhereExists,只要定义了成员表就必然生效
|
|
|
+ if (!empty($detailTable)) {
|
|
|
+ $groupQuery->orWhereExists(function ($subQuery) use ($detailTable, $relationTableId, $user, $alias) {
|
|
|
+ $subQuery->from($detailTable)
|
|
|
+ ->whereColumn($detailTable . ".{$relationTableId}", $alias . '.id') // 同样关联主表 ID
|
|
|
+ ->where($detailTable . '.data_id', $user['id'])
|
|
|
+ ->where($detailTable . '.type', 1) // 严格限制:只看“1人”,排除“2设备”
|
|
|
+ ->where($detailTable . '.del_time', 0)
|
|
|
+ ->where($detailTable . '.top_depart_id', $user['top_depart_id']);
|
|
|
+ });
|
|
|
+ }
|
|
|
+ });
|
|
|
+
|
|
|
+ return $query;
|
|
|
+ }
|
|
|
+
|
|
|
public function getQx($data, $user){
|
|
|
if(empty($data['menu_id'])) return Employee::AUTH_ONE; // 我的
|
|
|
if($user['is_admin'] == Employee::IS_ADMIN_TWO) return Employee::AUTH_THREE; // 全部
|
