workHour/app/Service/LoginService.php

<?php

namespace App\Service;

use App\Model\Depart;
use App\Model\Employee;
use App\Model\EmployeeDepartPermission;
use App\Model\EmployeeRole;
use App\Model\ItemNodeMissionDetails;
use App\Model\ItemNodeMissionShare;
use App\Model\Role;
use App\Model\RoleMenu;
use App\Model\RoleMenuButton;
use App\Model\SysMenu;
use Illuminate\Support\Facades\Hash;

class LoginService extends Service
{
    public function login($data){
        if(empty($data['account'])) return [false, '账号不能为空'];
        if(empty($data['password'])) return [false, '密码不能为空'];

        $account = $data['account'];
        $password = $data['password'];
        $employee = Employee::where('del_time',0)
            ->where('account', $account)
            ->first();
        if(empty($employee)) return [false,'账号不存在或已被删除'];
        $employee = $employee->toArray();

        if(! Hash::check($password, $employee['password'])) return [false,'密码错误'];
        if($employee['is_admin'] == Employee::IS_ADMIN_ZERO || $employee['is_admin'] == Employee::IS_ADMIN_THREE) return [false, '账号限制登录'];

        //生成token
        list($status, $jwtToken) = TokenService::getToken($employee);
        if(! $status) return [false, $jwtToken];

        //获取人员所有的所有的顶级菜单
        $sysMenu = $this->getPersonRoleForSysMenuList($employee['id']);
        if(empty($sysMenu)) return [false, '账户未设置菜单功能'];

        return [true, [
            'token' => $jwtToken,
            'employee_id' => $employee['id'],
            'title' => $employee['title'],
            'sys_menu' => $sysMenu,
        ]];
    }

    public function clogin($data){
        if(empty($data['account'])) return [false, '账号不能为空'];
        if(empty($data['password'])) return [false, '密码不能为空'];

        $account = $data['account'];
        $password = $data['password'];
        $employee = Employee::where('del_time',0)
            ->where('account', $account)
            ->first();
        if(empty($employee)) return [false,'账号不存在或已被删除'];
        $employee = $employee->toArray();

        if(! Hash::check($password, $employee['password'])) return [false,'密码错误'];
        if($employee['is_admin'] != Employee::IS_ADMIN_THREE) return [false, '账号限制登录'];

        //生成token
        list($status, $jwtToken) = TokenService::getToken($employee);
        if(! $status) return [false, $jwtToken];

        return [true, [
            'token' => $jwtToken,
            'employee_id' => $employee['id'],
            'title' => $employee['title'],
        ]];
    }

    public function shareLogin($data){
        if(empty($data['account'])) return [false, '账号不能为空'];
        if(empty($data['password'])) return [false, '密码不能为空'];
        if(empty($data['share_token'])) return [false, '分享链接不能为空'];

        $account = $data['account'];
        $password = $data['password'];
        $employee = Employee::where('del_time',0)
            ->where('account', $account)
            ->first();
        if(empty($employee)) return [false,'账号不存在或已被删除'];
        $employee = $employee->toArray();

        if(! Hash::check($password, $employee['password'])) return [false,'密码错误'];
        if($employee['is_admin'] != Employee::IS_ADMIN_ZERO) return [false, '账号限制登录'];

        list($status, $msg) = (new ItemService())->shareCheck($data['share_token'], $employee['id']);
        if(! $status) return [false, $msg];

        //生成token
        list($status, $jwtToken) = TokenService::getToken($employee);
        if(! $status) return [false, $jwtToken];

        return [true, [
            'token' => $jwtToken,
            'employee_id' => $employee['id'],
            'title' => $employee['title'],
        ]];
    }

    private function getPersonRoleForSysMenuList($employee_id) {
        $sysMenu = SysMenu::where('del_time',0)
            ->where('type', SysMenu::type_zero)
            ->where('parent_id', 0)
            ->select('id','title', 'tree_type', 'uri')
            ->get()->toArray();

        $role_menu_id = EmployeeRole::from('employee_role as a')
            ->join('role_menu as b', 'b.role_id', '=', 'a.role_id')
            ->where('a.del_time', 0)
            ->where('b.del_time', 0)
            ->whereIn('b.menu_id', array_column($sysMenu,'id'))
            ->where('a.employee_id',$employee_id)
            ->pluck('b.menu_id')
            ->toArray();

        foreach ($sysMenu as $key => $value){
            if(! in_array($value['id'], $role_menu_id)) unset($sysMenu[$key]);
        }

        return array_values($sysMenu);
    }

    public static function hasPersonRoleForSysMenuList($employee_id, $tree_type) {
        $sysMenu = SysMenu::where('del_time',0)
            ->where('type', SysMenu::type_zero)
            ->where('parent_id', 0)
            ->where('tree_type', $tree_type)
            ->pluck('id')
            ->toArray();

        return EmployeeRole::from('employee_role as a')
            ->join('role_menu as b', 'b.role_id', '=', 'a.role_id')
            ->where('a.del_time', 0)
            ->where('b.del_time', 0)
            ->where('b.menu_id', $sysMenu)
            ->where('a.employee_id',$employee_id)
            ->exists();
    }

    public static function checkUser($employee){
        if(empty($employee['employee_id'])) return [false, 'token错误'];
        if(! isset($employee['p_version'])) return [false, 'token错误'];
        $result = Employee::where('id', $employee['employee_id'])
            ->where('del_time',0)
            ->first();
        if(empty($result)) return [false, '账号不存在或已被删除'];
        $result = $result->toArray();
        if($result['is_admin'] == Employee::IS_ADMIN_ZERO || $result['is_admin'] == Employee::IS_ADMIN_THREE) return [false, '账号限制登录'];
        if($result['p_version'] != $employee['p_version']) return [false, '请重新登录'];

        return [true, $result];
    }

    public static function checkCompany($employee){
        $top_depart_id = $employee['top_depart_id'];
        if(empty($top_depart_id)) return [false, '公司信息不存在'];

        return [true, ''];
    }

    public static function checkRoute($employee, $request){
        $currentRouteName = $request->route()->getName();

        //没有取别名的路由需要校验
        if(! empty($currentRouteName)){
            if($currentRouteName == "only.admin"){
                return [false, '无接口'. $currentRouteName . '访问权限'];
            }else{
                //角色中所有的按钮
                $role_id = $employee['role_ids'];
                $bool = RoleMenuButton::from('role_menu_button as a')
                    ->join('sys_menu_button as b', 'b.id', '=', 'a.button_id')
                    ->whereIn('a.role_id', $role_id)
                    ->where('b.func',$currentRouteName)
                    ->where('a.del_time', 0)
                    ->where('b.del_time', 0)
                    ->exists();
                if(! $bool) return [false, '无接口'. $currentRouteName . '访问权限'];
            }
        }

        return [true, ''];
    }

    public static function getPersonDepart($employee_id) {
        // 1. 初始化返回结构
        $result = [
            'top_depart_id' => 0,
            'top_depart_code' => "",
            'depart_id' => [],
        ];

        // 2. 基础校验
        if (empty($employee_id) ) return $result;

        $depart = EmployeeDepartPermission::from('employee_depart_permission as a')
            ->join('depart as c', 'c.id', '=', 'a.top_depart_id') // 公司必须存在
            ->leftJoin('depart as b', 'b.id', '=', 'a.depart_id') // 部门可能为0
            ->where('a.employee_id', $employee_id)
            ->where('c.is_use', Depart::IS_UES) // 公司必须启用
            ->select('a.depart_id', 'b.is_use as dept_use','a.top_depart_id','c.code as top_depart_code')
            ->get()->toArray();

        foreach ($depart as $value){
            if($value['depart_id'] && $value['dept_use'] && ! in_array($value['depart_id'], $result['depart_id'])) $result['depart_id'][] = $value['depart_id'];
            if($value['top_depart_id'] && ! $result['top_depart_id']) $result['top_depart_id'] = $value['top_depart_id'];
            if($value['top_depart_code'] && ! $result['top_depart_code']) $result['top_depart_code'] = $value['top_depart_code'];
        }

        return $result;
    }

    public static function getPersonRoleAndPermissions($employee) {
        // 初始化返回结构
        $result = [
            'role_ids'    => [],
            'menu_permissions' => []
        ];

//        // 2. 是管理员账户
//        if ($employee['is_admin'] == Employee::IS_ADMIN_TWO) {
//            return $result;
//        }

        $role_ids = EmployeeRole::where('del_time', 0)
            ->where('employee_id', $employee['id'])
            ->pluck('role_id')
            ->toArray();

        if (empty($role_ids)) return $result;
        $result['role_ids'] = $role_ids;

        // 4. 获取合法的系统菜单 ID (用于过滤)
        $valid_menu_ids = SysMenu::where('del_time', 0)
            ->where('is_authority', '>', 0)
            ->pluck('id')
            ->toArray();

        // 5. 获取并合并菜单权限
        $role_menus = RoleMenu::where('del_time', 0)
            ->whereIn('role_id', $role_ids)
            ->select('menu_id', 'type')
            ->get();

        $permissions = [];
        foreach ($role_menus as $item) {
            // 过滤不在系统权限菜单内的记录
            if (!in_array($item->menu_id, $valid_menu_ids)) {
                continue;
            }

            // 取相同 menu_id 下最大的 type
            if (!isset($permissions[$item->menu_id]) || $permissions[$item->menu_id] < $item->type) {
                $permissions[$item->menu_id] = $item->type;
            }
        }

        $result['menu_permissions'] = $permissions;

        return $result;
    }
}