[FIX] 遷移機台授權為獨立模組:修復變數命名、補齊多語系並強化多租戶數據隔離
All checks were successful
star-cloud-deploy-demo / deploy-demo (push) Successful in 54s
All checks were successful
star-cloud-deploy-demo / deploy-demo (push) Successful in 54s
This commit is contained in:
@@ -195,11 +195,13 @@ class PermissionController extends Controller
|
||||
|
||||
$is_system = auth()->user()->isSystemAdmin() ? $request->boolean('is_system') : $role->is_system;
|
||||
|
||||
$role->update([
|
||||
$updateData = [
|
||||
'name' => $validated['name'],
|
||||
'is_system' => $is_system,
|
||||
'company_id' => $is_system ? null : $role->company_id,
|
||||
]);
|
||||
];
|
||||
|
||||
$role->update($updateData);
|
||||
|
||||
$perms = $validated['permissions'] ?? [];
|
||||
|
||||
@@ -363,6 +365,7 @@ class PermissionController extends Controller
|
||||
'status' => $validated['status'],
|
||||
'company_id' => $company_id,
|
||||
'phone' => $validated['phone'] ?? null,
|
||||
'is_admin' => (auth()->user()->isSystemAdmin() && !empty($validated['company_id'])),
|
||||
]);
|
||||
|
||||
$user->assignRole($role);
|
||||
@@ -430,6 +433,18 @@ class PermissionController extends Controller
|
||||
'phone' => $validated['phone'] ?? null,
|
||||
];
|
||||
|
||||
// 只有系統管理員在編輯租戶帳號時,且該帳號原本不是管理員,才可能觸發標記(視需求而定)
|
||||
// 這裡我們維持 storeAccount 的邏輯:如果是系統管理員幫公司「開站」或「首配」,才自動標記
|
||||
// 為求嚴謹,我們檢查該公司是否已經有 is_admin,如果沒有,當前這個人可以是第一個
|
||||
if (auth()->user()->isSystemAdmin() && !empty($validated['company_id']) && !$user->is_admin) {
|
||||
$hasAdmin = \App\Models\System\User::where('company_id', $validated['company_id'])
|
||||
->where('is_admin', true)
|
||||
->exists();
|
||||
if (!$hasAdmin) {
|
||||
$updateData['is_admin'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (auth()->user()->isSystemAdmin()) {
|
||||
// 防止超級管理員不小心把自己綁定到租客公司或降級
|
||||
if ($user->id === auth()->id()) {
|
||||
@@ -459,6 +474,7 @@ class PermissionController extends Controller
|
||||
'guard_name' => 'web',
|
||||
'company_id' => $target_company_id,
|
||||
'is_system' => false,
|
||||
'is_admin' => true,
|
||||
]);
|
||||
$newRole->syncPermissions($roleObj->getPermissionNames());
|
||||
$roleObj = $newRole;
|
||||
|
||||
Reference in New Issue
Block a user