[FEAT] 優化帳號管理授權顯示邏輯與 UI 樣式一致性
All checks were successful
star-cloud-deploy-demo / deploy-demo (push) Successful in 59s
All checks were successful
star-cloud-deploy-demo / deploy-demo (push) Successful in 59s
This commit is contained in:
@@ -12,6 +12,26 @@ class Machine extends Model
|
||||
use HasFactory, TenantScoped;
|
||||
use \Illuminate\Database\Eloquent\SoftDeletes;
|
||||
|
||||
protected static function booted()
|
||||
{
|
||||
// 權限隔離:一般帳號登入時只能看到自己被分配的機台
|
||||
static::addGlobalScope('machine_access', function (\Illuminate\Database\Eloquent\Builder $builder) {
|
||||
$user = auth()->user();
|
||||
// 如果是在 Console、或是系統管理員、或是租戶的「管理員」角色,則不限制 (可看該公司所有機台)
|
||||
if (app()->runningInConsole() || !$user || $user->isSystemAdmin() || $user->hasRole('管理員') || $user->hasRole('super-admin')) {
|
||||
return;
|
||||
}
|
||||
|
||||
// 一般租戶帳號:限制只能看自己擁有的機台
|
||||
$builder->whereExists(function ($query) use ($user) {
|
||||
$query->select(\Illuminate\Support\Facades\DB::raw(1))
|
||||
->from('machine_user')
|
||||
->whereColumn('machine_user.machine_id', 'machines.id')
|
||||
->where('machine_user.user_id', $user->id);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
protected $fillable = [
|
||||
'company_id',
|
||||
'name',
|
||||
@@ -101,4 +121,8 @@ class Machine extends Model
|
||||
return $this->belongsTo(\App\Models\System\User::class, 'updater_id');
|
||||
}
|
||||
|
||||
public function users()
|
||||
{
|
||||
return $this->belongsToMany(\App\Models\System\User::class);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -69,6 +69,14 @@ class User extends Authenticatable
|
||||
return $this->belongsTo(Company::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the machines assigned to the user.
|
||||
*/
|
||||
public function machines()
|
||||
{
|
||||
return $this->belongsToMany(\App\Models\Machine\Machine::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user is a system administrator.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user