更新权限判定处理
This commit is contained in:
parent
207c493062
commit
db94cd49ed
|
|
@ -88,7 +88,7 @@ class ArticleIndex extends ApiController
|
||||||
$share_dids = explode(',', $detail['share_dids']);
|
$share_dids = explode(',', $detail['share_dids']);
|
||||||
}
|
}
|
||||||
if($detail['uid'] !=$uid && !in_array($uid,$share_uids) && !in_array($did,$share_dids) && $detail['is_share'] !=1){
|
if($detail['uid'] !=$uid && !in_array($uid,$share_uids) && !in_array($did,$share_dids) && $detail['is_share'] !=1){
|
||||||
$this->apiError("无权限访问");
|
$this->apiError('用户无权限', [], 2);
|
||||||
}
|
}
|
||||||
$detail['cate_title'] = Db::name('ArticleCate')->where(['id' => $detail['cate_id']])->value('title');
|
$detail['cate_title'] = Db::name('ArticleCate')->where(['id' => $detail['cate_id']])->value('title');
|
||||||
if($detail['file_ids'] !=''){
|
if($detail['file_ids'] !=''){
|
||||||
|
|
|
||||||
|
|
@ -293,7 +293,7 @@ class Common extends ApiController
|
||||||
if($param['check'] == 1){
|
if($param['check'] == 1){
|
||||||
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
||||||
if (!in_array($this->uid, $check_admin_ids)){
|
if (!in_array($this->uid, $check_admin_ids)){
|
||||||
$this->apiError("您没权限审核该审批");
|
$this->apiError("您没权限审核该审批", [], 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
//多人会签审批
|
//多人会签审批
|
||||||
|
|
@ -435,7 +435,7 @@ class Common extends ApiController
|
||||||
else if($param['check'] == 2){
|
else if($param['check'] == 2){
|
||||||
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
||||||
if (!in_array($this->uid, $check_admin_ids)){
|
if (!in_array($this->uid, $check_admin_ids)){
|
||||||
$this->apiError("您没权限审核该审批");
|
$this->apiError("您没权限审核该审批", [], 2);
|
||||||
}
|
}
|
||||||
//拒绝审核,数据操作
|
//拒绝审核,数据操作
|
||||||
$param['check_status'] = 3;
|
$param['check_status'] = 3;
|
||||||
|
|
@ -504,7 +504,7 @@ class Common extends ApiController
|
||||||
}
|
}
|
||||||
else if($param['check'] == 3){
|
else if($param['check'] == 3){
|
||||||
if($detail['admin_id'] != $this->uid){
|
if($detail['admin_id'] != $this->uid){
|
||||||
$this->apiError("你没权限操作");
|
$this->apiError("你没权限操作", [], 2);
|
||||||
}
|
}
|
||||||
//撤销审核,数据操作
|
//撤销审核,数据操作
|
||||||
$param['check_status'] = 4;
|
$param['check_status'] = 4;
|
||||||
|
|
|
||||||
|
|
@ -506,7 +506,7 @@ class FinanceExpense extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthExpense($this->uid);
|
$auth = isAuthExpense($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError('你没有权限,请联系管理员或者HR');
|
$this->apiError('你没有权限,请联系管理员或者HR', [], 2);
|
||||||
}
|
}
|
||||||
$param = get_params();
|
$param = get_params();
|
||||||
$where = [];
|
$where = [];
|
||||||
|
|
@ -533,7 +533,7 @@ class FinanceExpense extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthExpense($this->uid);
|
$auth = isAuthExpense($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError('你没有打款权限,请联系管理员或者HR');
|
$this->apiError('你没有打款权限,请联系管理员或者HR', [], 2);
|
||||||
}
|
}
|
||||||
$expense = (new ExpenseList())->detail($param['id'] ?? 0);
|
$expense = (new ExpenseList())->detail($param['id'] ?? 0);
|
||||||
if (empty($expense)) {
|
if (empty($expense)) {
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,7 @@ class FinanceIncome extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthIncome($this->uid);
|
$auth = isAuthIncome($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError("你没有到账管理权限,请联系管理员或者HR");
|
$this->apiError("你没有到账管理权限,请联系管理员或者HR", [], 2);
|
||||||
}
|
}
|
||||||
if (empty($param['enter_type'])) {
|
if (empty($param['enter_type'])) {
|
||||||
$this->apiError("到账类型不能为空");
|
$this->apiError("到账类型不能为空");
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@ class FinanceInvoice extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthInvoice($this->uid);
|
$auth = isAuthInvoice($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError('你没有权限,请联系管理员或者HR');
|
$this->apiError('你没有权限,请联系管理员或者HR', [], 2);
|
||||||
}
|
}
|
||||||
$param = get_params();
|
$param = get_params();
|
||||||
$where = [];
|
$where = [];
|
||||||
|
|
@ -455,7 +455,7 @@ class FinanceInvoice extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthInvoice($this->uid);
|
$auth = isAuthInvoice($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError("你没有开票权限,请联系管理员或者HR");
|
$this->apiError("你没有开票权限,请联系管理员或者HR", [], 2);
|
||||||
}
|
}
|
||||||
if (empty($param['id'])) {
|
if (empty($param['id'])) {
|
||||||
$this->apiError("id不能为空");
|
$this->apiError("id不能为空");
|
||||||
|
|
@ -490,7 +490,7 @@ class FinanceInvoice extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthInvoice($this->uid);
|
$auth = isAuthInvoice($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError("你没有开票权限,请联系管理员或者HR");
|
$this->apiError("你没有开票权限,请联系管理员或者HR", [], 2);
|
||||||
}
|
}
|
||||||
if (empty($param['id'])) {
|
if (empty($param['id'])) {
|
||||||
$this->apiError("id不能为空");
|
$this->apiError("id不能为空");
|
||||||
|
|
@ -521,7 +521,7 @@ class FinanceInvoice extends ApiController
|
||||||
$this->uid = JWT_UID;
|
$this->uid = JWT_UID;
|
||||||
$auth = isAuthInvoice($this->uid);
|
$auth = isAuthInvoice($this->uid);
|
||||||
if($auth == 0){
|
if($auth == 0){
|
||||||
$this->apiError("你没有开票权限,请联系管理员或者HR");
|
$this->apiError("你没有开票权限,请联系管理员或者HR", [], 2);
|
||||||
}
|
}
|
||||||
if (empty($param['id'])) {
|
if (empty($param['id'])) {
|
||||||
$this->apiError("id不能为空");
|
$this->apiError("id不能为空");
|
||||||
|
|
|
||||||
|
|
@ -308,7 +308,7 @@ class OaApprove extends ApiController
|
||||||
if($param['check'] == 1){
|
if($param['check'] == 1){
|
||||||
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
||||||
if (!in_array($this->uid, $check_admin_ids)){
|
if (!in_array($this->uid, $check_admin_ids)){
|
||||||
$this->apiError("您没权限审核该审批");
|
$this->apiError("您没权限审核该审批", [], 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
//多人会签审批
|
//多人会签审批
|
||||||
|
|
@ -450,7 +450,7 @@ class OaApprove extends ApiController
|
||||||
else if($param['check'] == 2){
|
else if($param['check'] == 2){
|
||||||
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
$check_admin_ids = explode(",", strval($detail['check_admin_ids']));
|
||||||
if (!in_array($this->uid, $check_admin_ids)){
|
if (!in_array($this->uid, $check_admin_ids)){
|
||||||
$this->apiError("您没权限审核该审批");
|
$this->apiError("您没权限审核该审批", [], 2);
|
||||||
}
|
}
|
||||||
//拒绝审核,数据操作
|
//拒绝审核,数据操作
|
||||||
$param['check_status'] = 3;
|
$param['check_status'] = 3;
|
||||||
|
|
@ -519,7 +519,7 @@ class OaApprove extends ApiController
|
||||||
}
|
}
|
||||||
else if($param['check'] == 3){
|
else if($param['check'] == 3){
|
||||||
if($detail['admin_id'] != $this->uid){
|
if($detail['admin_id'] != $this->uid){
|
||||||
$this->apiError("你没权限操作");
|
$this->apiError("你没权限操作", [], 2);
|
||||||
}
|
}
|
||||||
//撤销审核,数据操作
|
//撤销审核,数据操作
|
||||||
$param['check_status'] = 4;
|
$param['check_status'] = 4;
|
||||||
|
|
|
||||||
|
|
@ -246,7 +246,7 @@ class ProjectIndex extends ApiController
|
||||||
}
|
}
|
||||||
$this->apiSuccess('操作成功');
|
$this->apiSuccess('操作成功');
|
||||||
} else {
|
} else {
|
||||||
$this->apiError('只有创建人或者负责人才有权限修改项目');
|
$this->apiError('只有创建人或者负责人才有权限修改项目', [], 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -369,7 +369,7 @@ class ProjectIndex extends ApiController
|
||||||
}
|
}
|
||||||
$detail = Db::name('Project')->where('id', $id)->find();
|
$detail = Db::name('Project')->where('id', $id)->find();
|
||||||
if ($detail['admin_id'] != $this->uid) {
|
if ($detail['admin_id'] != $this->uid) {
|
||||||
$this->apiError('你不是该项目的创建人,无权限删除');
|
$this->apiError('你不是该项目的创建人,无权限删除', [], 2);
|
||||||
}
|
}
|
||||||
if (Db::name('Project')->where('id', $id)->update(['delete_time' => time()]) !== false) {
|
if (Db::name('Project')->where('id', $id)->update(['delete_time' => time()]) !== false) {
|
||||||
$log_data = array(
|
$log_data = array(
|
||||||
|
|
|
||||||
|
|
@ -123,7 +123,7 @@ class ProjectTask extends ApiController
|
||||||
$this->apiSuccess('获取成功', compact('detail', 'file_array'));
|
$this->apiSuccess('获取成功', compact('detail', 'file_array'));
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
$this->apiError('您没权限查看该任务');
|
$this->apiError('您没权限查看该任务', [], 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -139,7 +139,7 @@ class ProjectTask extends ApiController
|
||||||
$this->apiError('项目任务不存在');
|
$this->apiError('项目任务不存在');
|
||||||
}
|
}
|
||||||
if ($detail['admin_id'] != $this->uid) {
|
if ($detail['admin_id'] != $this->uid) {
|
||||||
$this->apiError('你不是该任务的创建人,无权限删除');
|
$this->apiError('你不是该任务的创建人,无权限删除', [], 2);
|
||||||
}
|
}
|
||||||
if (Db::name('ProjectTask')->where('id', $id)->update(['delete_time' => time()]) !== false) {
|
if (Db::name('ProjectTask')->where('id', $id)->update(['delete_time' => time()]) !== false) {
|
||||||
$log_data = array(
|
$log_data = array(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue