From cff535e632d421836ae2101f2a399b880ceca89b Mon Sep 17 00:00:00 2001
From: hdm <hdm58@qq.com>
Date: Sat, 27 Aug 2022 12:18:06 +0800
Subject: [PATCH] =?UTF-8?q?=E5=90=88=E5=90=8C=E3=80=81=E5=AE=A2=E6=88=B7?=
 =?UTF-8?q?=E6=A8=A1=E5=9D=97=E8=B4=9F=E8=B4=A3=E4=BA=BA=E6=89=80=E5=9C=A8?=
 =?UTF-8?q?=E9=83=A8=E9=97=A8=E7=9A=84=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/common.php                      | 24 ++++++++++++++--
 app/contract/controller/Index.php   | 44 ++++++++++++++++++-----------
 app/customer/common.php             | 37 +++++++++++++-----------
 app/customer/controller/Contact.php |  2 +-
 app/customer/controller/Index.php   |  5 ++--
 5 files changed, 75 insertions(+), 37 deletions(-)

diff --git a/app/common.php b/app/common.php
index 319694b..7e61290 100644
--- a/app/common.php
+++ b/app/common.php
@@ -216,13 +216,13 @@ function get_department_son($did = 0, $is_self = 1)
     $department_list = get_data_node($department, $did);
     $department_array = array_column($department_list, 'id');
     if ($is_self == 1) {
-        //包括自己在内
+        //包括自己部门在内
         $department_array[] = $did;
     }
     return $department_array;
 }
 
-//读取员工所在部门的负责人
+//读取员工所在部门的负责人（pid=1，上一级负责人）
 function get_department_leader($uid=0,$pid=0)
 {
 	$did = get_admin($uid)['did'];
@@ -241,6 +241,26 @@ function get_department_leader($uid=0,$pid=0)
     return $leader;
 }
 
+//读取部门负责人所在部门的数据权限【包括员工所在部门+其子部门】
+function get_department_role($uid = 0)
+{
+	$did = get_admin($uid)['did'];
+	//判断是否是部门负责人
+	$is_leader = Db::name('Department')->where(['id' => $did,'leader_id'=>$uid])->count();
+	if($is_leader=0){
+		return [];
+	}
+	else{
+		//获取子部门
+		$department = get_department();
+		$department_list = get_data_node($department, $did);
+		$department_array = array_column($department_list, 'id');
+		//包括自己部门在内
+		$department_array[] = $did;
+		return $department_array;
+	}
+}
+
 //读取职位
 function get_position()
 {
diff --git a/app/contract/controller/Index.php b/app/contract/controller/Index.php
index ad39801..db209ef 100644
--- a/app/contract/controller/Index.php
+++ b/app/contract/controller/Index.php
@@ -46,6 +46,10 @@ class Index extends BaseController
 				$whereOr[] = ['', 'exp', Db::raw("FIND_IN_SET('{$uid}',a.share_ids)")];
 				$whereOr[] = ['', 'exp', Db::raw("FIND_IN_SET('{$uid}',a.check_admin_ids)")];
 				$whereOr[] = ['', 'exp', Db::raw("FIND_IN_SET('{$uid}',a.flow_admin_ids)")];
+				$dids = get_department_role($this->uid);
+				if(!empty($dids)){
+					$whereOr[] =['a.sign_did', 'in', $dids];
+				}
 			}
 			
             $model = new ContractList();
@@ -82,6 +86,10 @@ class Index extends BaseController
 			if($auth==0){
 				$whereOr[] =['a.admin_id|a.prepared_uid|a.sign_uid|a.keeper_uid', '=', $uid];
 				$whereOr[] = ['', 'exp', Db::raw("FIND_IN_SET('{$uid}',a.share_ids)")];
+				$dids = get_department_role($this->uid);
+				if(!empty($dids)){
+					$whereOr[] =['a.sign_did', 'in', $dids];
+				}
 			}			
             $model = new ContractList();
 			$list = $model->get_list($param, $where, $whereOr);
@@ -192,22 +200,26 @@ class Index extends BaseController
 		$is_check_admin = 0;
 		$is_create_admin = 0;
 		$check_record = [];
-		$auth_array=[];
-		if(!empty($detail['share_ids'])){
-			$share_ids = explode(",",$detail['share_ids']);
-			$auth_array = array_merge($auth_array,$share_ids);
-		}
-		if(!empty($detail['check_admin_ids'])){
-			$check_admin_ids = explode(",",$detail['check_admin_ids']);
-			$auth_array = array_merge($auth_array,$check_admin_ids);
-		}
-		if(!empty($detail['flow_admin_ids'])){
-			$flow_admin_ids = explode(",",$detail['flow_admin_ids']);
-			$auth_array = array_merge($auth_array,$flow_admin_ids);
-		}		
-		array_push($auth_array,$detail['admin_id'],$detail['prepared_uid'],$detail['sign_uid'],$detail['keeper_uid']);
-		if($auth==0 && !in_array($this->uid,$auth_array)){
-			return view('../../base/view/common/roletemplate');
+		if($auth==0){
+			$auth_array=[];
+			if(!empty($detail['share_ids'])){
+				$share_ids = explode(",",$detail['share_ids']);
+				$auth_array = array_merge($auth_array,$share_ids);
+			}
+			if(!empty($detail['check_admin_ids'])){
+				$check_admin_ids = explode(",",$detail['check_admin_ids']);
+				$auth_array = array_merge($auth_array,$check_admin_ids);
+			}
+			if(!empty($detail['flow_admin_ids'])){
+				$flow_admin_ids = explode(",",$detail['flow_admin_ids']);
+				$auth_array = array_merge($auth_array,$flow_admin_ids);
+			}		
+			array_push($auth_array,$detail['admin_id'],$detail['prepared_uid'],$detail['sign_uid'],$detail['keeper_uid']);
+			//部门负责人
+			$dids = get_department_role($this->uid);
+			if(!in_array($this->uid,$auth_array) && !in_array($detail['sign_did'],$dids)){
+				return view('../../base/view/common/roletemplate');
+			}
 		}
 		
 		$detail['create_user'] = Db::name('Admin')->where(['id' => $detail['admin_id']])->value('name');
diff --git a/app/customer/common.php b/app/customer/common.php
index c244d33..60a2227 100644
--- a/app/customer/common.php
+++ b/app/customer/common.php
@@ -17,27 +17,32 @@ function customer_auth($uid,$customer_id,$ajax=0,$level=0)
 	$customer =  Db::name('Customer')->where(['id' => $customer_id])->find();
 	//是否是客户管理员
     $auth = isAuth($uid,'customer_admin');
-	if($auth==1){
-		return $customer;
-	}
-	$auth_array=[];
 	if($customer['belong_uid']==0){
 		return $customer;
 	}
-	if(!empty($customer['share_ids']) && $level==0){
-		$auth_array = explode(",",$customer['share_ids']);
-	}		
-	array_push($auth_array,$customer['belong_uid']);	
-	if(!in_array($uid,$auth_array)){
-		if($ajax == 1){
-			to_assign(1,'无权限操作');
+	if($auth==1){
+		return $customer;
+	}
+	else if($auth==0){
+		$auth_array=[];
+		if(!empty($customer['share_ids'])){
+			$share_ids = explode(",",$customer['share_ids']);
+			$auth_array = array_merge($auth_array,$share_ids);
+		}	
+		array_push($auth_array,$customer['belong_uid']);
+		//部门负责人
+		$dids = get_department_role($uid);
+		if(!in_array($uid,$auth_array) && !in_array($customer['belong_did'],$dids)){
+			if($ajax == 1){
+				to_assign(1,'无权限操作');
+			}
+			else{
+				throw new \think\exception\HttpException(405, '无权限访问');
+			}
 		}
 		else{
-			throw new \think\exception\HttpException(405, '无权限访问');
-		}		
-	}
-	else{
-		return $customer;
+			return $customer;
+		}
 	}
 }
 
diff --git a/app/customer/controller/Contact.php b/app/customer/controller/Contact.php
index b2b3b06..325a56c 100644
--- a/app/customer/controller/Contact.php
+++ b/app/customer/controller/Contact.php
@@ -32,7 +32,7 @@ class Contact extends BaseController
 			$uid = $this->uid;
 			$auth = isAuth($uid,'customer_admin');
 			if($auth==0){
-				$dids = get_department_son($this->did,0);
+				$dids = get_department_role($this->uid);
 				if(!empty($dids)){
 					$whereOr[] =['c.belong_did', 'in', $dids];
 				}
diff --git a/app/customer/controller/Index.php b/app/customer/controller/Index.php
index 8da3e37..02fd16d 100644
--- a/app/customer/controller/Index.php
+++ b/app/customer/controller/Index.php
@@ -35,7 +35,7 @@ class Index extends BaseController
 			
 			$uid = $this->uid;
 			$auth = isAuth($uid,'customer_admin');
-			$dids = get_department_son($this->did,0);
+			$dids = get_department_role($this->uid);
 			if($auth==0){
 				if($tab==1){
 					$whereOr[] =['a.belong_uid', '=', $uid];
@@ -376,7 +376,8 @@ class Index extends BaseController
         $id = get_params("id");
 		//查看权限判断
 		$customer = customer_auth($this->uid,$id);
-        $detail = (new CustomerList())->detail($id);		
+		
+        $detail = (new CustomerList())->detail($id);				
 		$contact = Db::name('CustomerContact')->where(['is_default'=>1,'cid'=>$id])->find();
         View::assign('contact', $contact);
         View::assign('detail', $detail);