瀏覽代碼

Fix 非超管,权限赋予时 角色表未正常输出

简化是否能赋予的判断 ;
增加内部名称的唯一性判断;
兔姬桑 4 年之前
父節點
當前提交
def256c2cd

+ 18 - 17
app/Http/Controllers/Admin/UserController.php

@@ -112,25 +112,25 @@ class UserController extends Controller
         }
 
         return view('admin.user.index', [
-            'userList' => $query->orderByDesc('id')->paginate(15)->appends($request->except('page')),
+            'userList'   => $query->orderByDesc('id')->paginate(15)->appends($request->except('page')),
             'userGroups' => UserGroup::all()->pluck('name', 'id')->toArray(),
-            'levels' => Level::all()->pluck('name', 'level')->toArray(),
+            'levels'     => Level::all()->pluck('name', 'level')->toArray(),
         ]);
     }
 
     // 添加账号页面
     public function create()
     {
-        if (Auth::getUser()->hasRole('Super Admin')) {
+        if (Auth::getUser()->hasRole('Super Admin')) { // 超级管理员直接获取全部角色
             $roles = Role::all()->pluck('description', 'name');
-        } elseif (Auth::getUser()->hasPermissionTo('give roles')) {
-            $roles = Auth::getUser()->roles();
+        } elseif (Auth::getUser()->can('give roles')) { // 有权者只能获得已有角色,防止权限泛滥
+            $roles = Auth::getUser()->roles()->pluck('description', 'name');
         }
 
         return view('admin.user.info', [
-            'levels' => Level::orderBy('level')->get(),
+            'levels'     => Level::orderBy('level')->get(),
             'userGroups' => UserGroup::orderBy('id')->get(),
-            'roles' => $roles ?? [],
+            'roles'      => $roles ?? null,
         ]);
     }
 
@@ -153,8 +153,9 @@ class UserController extends Controller
 
         $roles = $request->input('roles');
         try {
-            if ($roles && (Auth::getUser()->hasPermissionTo('give roles') || (in_array('Super Admin', $roles, true)
-                        && Auth::getUser()->hasRole('Super Admin')) || Auth::getUser()->hasRole('Super Admin'))) {
+            if ($roles && (Auth::getUser()->can('give roles') || (in_array('Super Admin', $roles, true) && Auth::getUser()->hasRole('Super Admin')))) {
+                // 编辑用户权限
+                // 只有超级管理员才有赋予超级管理的权限
                 $user->assignRole($roles);
             }
 
@@ -176,17 +177,17 @@ class UserController extends Controller
     // 编辑账号页面
     public function edit(User $user)
     {
-        if (Auth::getUser()->hasRole('Super Admin')) {
+        if (Auth::getUser()->hasRole('Super Admin')) { // 超级管理员直接获取全部角色
             $roles = Role::all()->pluck('description', 'name');
-        } elseif (Auth::getUser()->hasPermissionTo('give roles')) {
-            $roles = Auth::getUser()->roles();
+        } elseif (Auth::getUser()->can('give roles')) { // 有权者只能获得已有角色,防止权限泛滥
+            $roles = Auth::getUser()->roles()->pluck('description', 'name');
         }
 
         return view('admin.user.info', [
-            'user' => $user->load('inviter:id,email'),
-            'levels' => Level::orderBy('level')->get(),
+            'user'       => $user->load('inviter:id,email'),
+            'levels'     => Level::orderBy('level')->get(),
             'userGroups' => UserGroup::orderBy('id')->get(),
-            'roles' => $roles ?? [],
+            'roles'      => $roles ?? null,
         ]);
     }
 
@@ -205,7 +206,7 @@ class UserController extends Controller
         // 只有超级管理员才能赋予超级管理员
         $roles = $request->input('roles');
         try {
-            if ($roles && (Auth::getUser()->hasPermissionTo('give roles') || (in_array('Super Admin', $roles, true)
+            if ($roles && (Auth::getUser()->can('give roles') || (in_array('Super Admin', $roles, true)
                         && Auth::getUser()->hasRole('Super Admin')) || Auth::getUser()->hasRole('Super Admin'))) {
                 $user->syncRoles($roles);
             }
@@ -323,7 +324,7 @@ class UserController extends Controller
     public function export(User $user)
     {
         return view('admin.user.export', [
-            'user' => $user,
+            'user'     => $user,
             'nodeList' => Node::whereStatus(1)->orderByDesc('sort')->orderBy('id')->paginate(15)->appends(\request('page')),
         ]);
     }

+ 6 - 1
app/Http/Requests/Admin/RoleRequest.php

@@ -8,8 +8,13 @@ class RoleRequest extends FormRequest
 {
     public function rules()
     {
+        $unq_name = '';
+        if ($this->method() === 'PUT' || $this->method() === 'PATCH') {
+            $unq_name = ','.$this->role->id;
+        }
+
         return [
-            'name' => 'required|string',
+            'name'        => 'required|string|unique:roles,name'.$unq_name,
             'description' => 'required|string',
             'permissions' => 'exists:permissions,name',
         ];

+ 9 - 9
resources/views/admin/role/info.blade.php

@@ -28,19 +28,19 @@
                     @isset($role)@method('PUT')@endisset
                     @csrf
                     <div class="form-group row">
-                        <label class="col-md-2 col-sm-3 col-form-label" for="description">显示名称</label>
-                        <div class="col-md-5 col-sm-9">
-                            <input type="text" class="form-control" name="description" id="description" required/>
-                            <span class="text-help"> 名称,例如:管理员 </span>
-                        </div>
-                    </div>
-                    <div class="form-group row">
-                        <label class="col-md-2 col-sm-3 col-form-label" for="name">内部名称</label>
+                        <label class="col-md-2 col-sm-3 col-form-label" for="name">名称</label>
                         <div class="col-md-5 col-sm-9">
                             <input type="text" class="form-control" name="name" id="name" required/>
-                            <span class="text-help"> 名称,例如:Administrator </span>
+                            <span class="text-help"> 唯一标识名称,例如:Administrator </span>
                         </div>
                     </div>
+                        <div class="form-group row">
+                            <label class="col-md-2 col-sm-3 col-form-label" for="description">描述名称</label>
+                            <div class="col-md-5 col-sm-9">
+                                <input type="text" class="form-control" name="description" id="description" required/>
+                                <span class="text-help"> 面板显示名称,例如:管理员 </span>
+                            </div>
+                        </div>
                     <div class="form-group row">
                         <label class="col-md-2 col-sm-3 col-form-label" for="permissions">选择权限</label>
                         <div class="col-md-9 col-sm-9">