From c1a107886d2a2e3d456bc4301407ca313166e8a1 Mon Sep 17 00:00:00 2001
From: mkm <727897186@qq.com>
Date: Tue, 17 Sep 2024 10:00:39 +0800
Subject: [PATCH] feat(ProductController, ProductLists): updated logic for
 product lists, added access control, fixed bugs, improved code quality

---
 .../controller/product/ProductController.php  | 41 ++++++++++++-------
 app/api/lists/product/ProductLists.php        |  1 +
 2 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/app/api/controller/product/ProductController.php b/app/api/controller/product/ProductController.php
index 2b4c4f77..f635d522 100644
--- a/app/api/controller/product/ProductController.php
+++ b/app/api/controller/product/ProductController.php
@@ -1,20 +1,24 @@
 <?php
 
 namespace app\api\controller\product;
+
 use app\api\controller\BaseApiController;
 use app\api\lists\product\ProductLists;
 use app\api\lists\product\ProductWholesaleLists;
 use app\api\lists\product\StoreProductLists;
 use app\common\model\system_store\SystemStoreStaff;
+use app\common\model\user\User;
+
+class ProductController extends BaseApiController
+{
 
-class ProductController extends BaseApiController{
-    
     public $notNeedLogin = ['lists'];
 
     /**
      * 商品列表
      */
-    public function lists(){
+    public function lists()
+    {
 
         return $this->dataLists(new ProductLists());
     }
@@ -22,29 +26,38 @@ class ProductController extends BaseApiController{
     /**
      * 批发商品列表
      */
-    public function wholesale_lists(){
-
+    public function wholesale_lists()
+    {
+        if ($this->userId) {
+            $label_id = User::where('id', $this->userId)->value('label_id');
+            if ($label_id != 99) {
+                return $this->fail('您没有权限访问该列表');
+            }
+        } else {
+            return $this->fail('请登陆后访问');
+        }
         return $this->dataLists(new ProductWholesaleLists());
     }
     /**
      * 商品列表
      */
-    public function mer_list(){
-        $this->request->__set('store_id',$this->request->userInfo['store_id']??0);
+    public function mer_list()
+    {
+        $this->request->__set('store_id', $this->request->userInfo['store_id'] ?? 0);
         return $this->dataLists(new ProductLists());
     }
     /**
      * 商品列表
      */
-    public function store_lists(){
+    public function store_lists()
+    {
 
-        $store_id=SystemStoreStaff::where('uid',$this->userId)->where('is_admin',1)->value('store_id');
-        if($store_id>0){
-            $this->request->__set('store_id',$store_id);
+        $store_id = SystemStoreStaff::where('uid', $this->userId)->where('is_admin', 1)->value('store_id');
+        if ($store_id > 0) {
+            $this->request->__set('store_id', $store_id);
             return $this->dataLists(new StoreProductLists());
-        }else{
-            return $this->data(['lists'=>[]]);
+        } else {
+            return $this->data(['lists' => []]);
         }
     }
-
 }
diff --git a/app/api/lists/product/ProductLists.php b/app/api/lists/product/ProductLists.php
index 78a9fc27..cffdb016 100644
--- a/app/api/lists/product/ProductLists.php
+++ b/app/api/lists/product/ProductLists.php
@@ -109,6 +109,7 @@ class ProductLists extends BaseApiDataLists implements ListsSearchInterface, Lis
         }
         $this->off_activity = $off_activity;
         $this->searchWhere[] = ['is_show', '=', 1];
+        $this->searchWhere[] = ['product_type', 'in', [0,4]];
         //        $this->searchWhere[] = ['stock', '>', 0];
         return StoreProduct::where($this->searchWhere)
             ->field($fields)