From 34b9cd8061ef4c1264c86ceb0afb4bd4bba9b756 Mon Sep 17 00:00:00 2001
From: mkm <727897186@qq.com>
Date: Mon, 21 Oct 2024 10:00:03 +0800
Subject: [PATCH] =?UTF-8?q?feat(admin):=20=E4=BF=AE=E5=A4=8D=E5=90=8E?=
 =?UTF-8?q?=E5=8F=B0=E5=95=86=E5=93=81=E7=8A=B6=E6=80=81=E6=93=8D=E4=BD=9C?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在 StoreProductController 的 status 方法中增加了权限检查逻辑
- 如果管理员属于 job_ids 包含 2 的角色组，则返回无权限操作的错误信息
- 有效防止了普通员工误操作商品状态
---
 .../controller/store_product/StoreProductController.php   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/admin/controller/store_product/StoreProductController.php b/app/admin/controller/store_product/StoreProductController.php
index 55c5f43d7..f2dbbe0fc 100644
--- a/app/admin/controller/store_product/StoreProductController.php
+++ b/app/admin/controller/store_product/StoreProductController.php
@@ -69,6 +69,14 @@ class StoreProductController extends BaseAdminController
      */
     public function status(){
         $params=$this->request->post();
+        $admin_info=$this->adminInfo;
+        if($admin_info['job_ids']){
+            foreach ($admin_info['job_ids'] as $key => $job_id) {
+                if($job_id==2){
+                    return $this->fail('无权限操作');
+                }
+            }
+        }
         StoreProduct::where('id',$params['id'])->update(['is_show'=>$params['is_show']]);
         return $this->success('操作成功',[],1,1);
     }