|
@@ -40,21 +40,181 @@ class Procuremen extends Backend
|
|
|
protected $pickHiddenScydgySetCache = null;
|
|
protected $pickHiddenScydgySetCache = null;
|
|
|
|
|
|
|
|
/**
|
|
/**
|
|
|
|
|
+ * 采购子接口均走菜单规则鉴权;下列方法在方法内用 hasProcuremenPerm 做别名校验。
|
|
|
* @var array
|
|
* @var array
|
|
|
*/
|
|
*/
|
|
|
protected $noNeedRight = [
|
|
protected $noNeedRight = [
|
|
|
- 'review', 'reviewCompanies', 'outward_detail', 'export_month_outward', 'snapshotToProcure',
|
|
|
|
|
- 'pick', 'audit', 'confirm', 'pickreview', 'picksubmit', 'pickadd', 'auditissue', 'auditsubmit',
|
|
|
|
|
- 'auditresendsms', 'auditabandon', 'archiveabandon', 'auditresendemail', 'purchaseconfirmpick', 'purchaseapprovalreject', 'add', 'pickdelete', 'completeDirectly', 'rfqlist', 'details',
|
|
|
|
|
|
|
+ 'pickreview', 'review', 'reviewcompanies',
|
|
|
];
|
|
];
|
|
|
|
|
|
|
|
public function _initialize()
|
|
public function _initialize()
|
|
|
{
|
|
{
|
|
|
parent::_initialize();
|
|
parent::_initialize();
|
|
|
$this->model = new \app\admin\model\Procuremen;
|
|
$this->model = new \app\admin\model\Procuremen;
|
|
|
|
|
+ $this->assignProcuremenAuthConfig();
|
|
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * 是否拥有采购子权限(支持 procuremen/pickreview 与 procuremen/pickreview/index 等写法)
|
|
|
|
|
+ *
|
|
|
|
|
+ * @param string[] $actions 如 pickreview、procuremen/picksubmit
|
|
|
|
|
+ */
|
|
|
|
|
+ protected function hasProcuremenPerm(array $actions): bool
|
|
|
|
|
+ {
|
|
|
|
|
+ foreach ($actions as $action) {
|
|
|
|
|
+ $action = strtolower(trim((string)$action));
|
|
|
|
|
+ if ($action === '') {
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+ if (strpos($action, 'procuremen/') !== 0) {
|
|
|
|
|
+ $action = 'procuremen/' . $action;
|
|
|
|
|
+ }
|
|
|
|
|
+ if ($this->auth->check($action)) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ $suffixes = [];
|
|
|
|
|
+ foreach ($actions as $action) {
|
|
|
|
|
+ $action = strtolower(trim((string)$action));
|
|
|
|
|
+ $action = preg_replace('#^procuremen/#', '', $action);
|
|
|
|
|
+ if ($action !== '') {
|
|
|
|
|
+ $suffixes[$action] = true;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ if ($suffixes === []) {
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+ try {
|
|
|
|
|
+ foreach ($this->auth->getRuleList() as $rule) {
|
|
|
|
|
+ $rule = strtolower((string)$rule);
|
|
|
|
|
+ if (strpos($rule, 'procuremen/') !== 0) {
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+ foreach (array_keys($suffixes) as $suffix) {
|
|
|
|
|
+ if ($rule === 'procuremen/' . $suffix || strpos($rule, 'procuremen/' . $suffix . '/') === 0) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ } catch (\Throwable $e) {
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /**
|
|
|
|
|
+ * 仅精确匹配规则名(删除/完结等敏感操作,避免模糊匹配误放行)
|
|
|
|
|
+ *
|
|
|
|
|
+ * @param string[] $actions
|
|
|
|
|
+ */
|
|
|
|
|
+ protected function hasProcuremenPermStrict(array $actions): bool
|
|
|
|
|
+ {
|
|
|
|
|
+ foreach ($actions as $action) {
|
|
|
|
|
+ $action = strtolower(trim((string)$action));
|
|
|
|
|
+ if ($action === '') {
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+ if (strpos($action, 'procuremen/') !== 0) {
|
|
|
|
|
+ $action = 'procuremen/' . $action;
|
|
|
|
|
+ }
|
|
|
|
|
+ if ($this->auth->check($action)) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /**
|
|
|
|
|
+ * 当前角色已勾选的菜单规则中,是否包含指定标题(与「删除按钮」「完结按钮」等中文节点对应)
|
|
|
|
|
+ *
|
|
|
|
|
+ * @param string[] $titles
|
|
|
|
|
+ */
|
|
|
|
|
+ protected function authHasAssignedRuleTitle(array $titles): bool
|
|
|
|
|
+ {
|
|
|
|
|
+ $titles = array_values(array_filter(array_map('trim', $titles)));
|
|
|
|
|
+ if ($titles === []) {
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+ try {
|
|
|
|
|
+ $ids = $this->auth->getRuleIds();
|
|
|
|
|
+ if (in_array('*', $ids, true)) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+ if ($ids === []) {
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+ $rows = Db::name('auth_rule')
|
|
|
|
|
+ ->where('status', 'normal')
|
|
|
|
|
+ ->whereIn('id', $ids)
|
|
|
|
|
+ ->column('title');
|
|
|
|
|
+ foreach ($rows as $title) {
|
|
|
|
|
+ $t = trim((string)$title);
|
|
|
|
|
+ if ($t !== '' && in_array($t, $titles, true)) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ } catch (\Throwable $e) {
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return false;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ protected function procuremenCanPickDelete(): bool
|
|
|
|
|
+ {
|
|
|
|
|
+ if ($this->hasProcuremenPermStrict(['pickdelete'])) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return $this->authHasAssignedRuleTitle(['删除按钮', '删除']);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ protected function procuremenCanComplete(): bool
|
|
|
|
|
+ {
|
|
|
|
|
+ if ($this->hasProcuremenPermStrict(['completedirectly', 'completeDirectly'])) {
|
|
|
|
|
+ return true;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return $this->authHasAssignedRuleTitle(['完结按钮', '完结']);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ protected function procuremenCanDispatch(): bool
|
|
|
|
|
+ {
|
|
|
|
|
+ return $this->hasProcuremenPerm(['pickreview', 'picksubmit', 'review']);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /**
|
|
|
|
|
+ * 前端按钮显隐(Config.procuremenAuth)
|
|
|
|
|
+ */
|
|
|
|
|
+ protected function assignProcuremenAuthConfig(): void
|
|
|
|
|
+ {
|
|
|
|
|
+ $authMap = [
|
|
|
|
|
+ 'pickreview' => $this->procuremenCanDispatch(),
|
|
|
|
|
+ 'picksubmit' => $this->hasProcuremenPerm(['picksubmit', 'pickreview', 'review']),
|
|
|
|
|
+ 'pickdelete' => $this->procuremenCanPickDelete(),
|
|
|
|
|
+ 'completedirectly' => $this->procuremenCanComplete(),
|
|
|
|
|
+ 'snapshottoprocure' => $this->hasProcuremenPerm(['snapshottoprocure', 'snapshotToProcure']),
|
|
|
|
|
+ 'auditissue' => $this->hasProcuremenPerm(['auditissue']),
|
|
|
|
|
+ 'auditsubmit' => $this->hasProcuremenPerm(['auditsubmit']),
|
|
|
|
|
+ 'auditresendsms' => $this->hasProcuremenPerm(['auditresendsms']),
|
|
|
|
|
+ 'auditresendemail' => $this->hasProcuremenPerm(['auditresendemail']),
|
|
|
|
|
+ 'auditabandon' => $this->hasProcuremenPerm(['auditabandon']),
|
|
|
|
|
+ 'outward_detail' => $this->hasProcuremenPerm(['outward_detail', 'outwarddetail']),
|
|
|
|
|
+ 'purchaseconfirmpick' => $this->hasProcuremenPerm(['purchaseconfirmpick', 'purchaseConfirmPick']),
|
|
|
|
|
+ 'purchaseapprovalreject' => $this->hasProcuremenPerm(['purchaseapprovalreject', 'purchaseApprovalReject']),
|
|
|
|
|
+ 'details' => $this->hasProcuremenPerm(['details']),
|
|
|
|
|
+ 'archiveabandon' => $this->hasProcuremenPerm(['archiveabandon']),
|
|
|
|
|
+ 'export_month_outward' => $this->hasProcuremenPerm(['export_month_outward', 'exportMonthOutward']),
|
|
|
|
|
+ 'review' => $this->hasProcuremenPerm(['review', 'picksubmit', 'pickreview']),
|
|
|
|
|
+ 'reviewcompanies' => $this->hasProcuremenPerm(['reviewcompanies', 'reviewCompanies', 'pickreview', 'picksubmit', 'review']),
|
|
|
|
|
+ 'add' => $this->hasProcuremenPerm(['add']),
|
|
|
|
|
+ 'rfqlist' => $this->hasProcuremenPerm(['rfqlist']),
|
|
|
|
|
+ 'pickadd' => $this->hasProcuremenPerm(['pickadd', 'pickAdd']),
|
|
|
|
|
+ ];
|
|
|
|
|
+ $this->assignconfig('procuremenAuth', $authMap);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* 手机端协助明细首页直达链接(登录后打开对应明细,免搜索)
|
|
* 手机端协助明细首页直达链接(登录后打开对应明细,免搜索)
|
|
|
* 配置 application/extra/mproc.php:mobile_base_url、mobile_index_path
|
|
* 配置 application/extra/mproc.php:mobile_base_url、mobile_index_path
|
|
@@ -652,6 +812,10 @@ class Procuremen extends Backend
|
|
|
$this->view->assign('sidebarYearMonths', $sidebar);
|
|
$this->view->assign('sidebarYearMonths', $sidebar);
|
|
|
$this->view->assign('procuremenStage', $stage);
|
|
$this->view->assign('procuremenStage', $stage);
|
|
|
$this->view->assign('procuremenPageTitle', $pageTitle);
|
|
$this->view->assign('procuremenPageTitle', $pageTitle);
|
|
|
|
|
+ $this->view->assign('procuremenBtnDispatch', $this->procuremenCanDispatch());
|
|
|
|
|
+ $this->view->assign('procuremenBtnPickDelete', $this->procuremenCanPickDelete());
|
|
|
|
|
+ $this->view->assign('procuremenBtnComplete', $this->procuremenCanComplete());
|
|
|
|
|
+ $this->view->assign('procuremenBtnAuditAbandon', $this->hasProcuremenPerm(['auditabandon']));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/** 协助下发(选工序+供应商,发短信邮件通知报价) */
|
|
/** 协助下发(选工序+供应商,发短信邮件通知报价) */
|
|
@@ -2573,6 +2737,9 @@ class Procuremen extends Backend
|
|
|
if (!$this->request->isPost() || !$this->request->isAjax()) {
|
|
if (!$this->request->isPost() || !$this->request->isAjax()) {
|
|
|
$this->error(__('参数错误'));
|
|
$this->error(__('参数错误'));
|
|
|
}
|
|
}
|
|
|
|
|
+ if (!$this->procuremenCanComplete()) {
|
|
|
|
|
+ $this->error(__('You have no permission'));
|
|
|
|
|
+ }
|
|
|
$row = json_decode($this->request->post('row_json', ''), true);
|
|
$row = json_decode($this->request->post('row_json', ''), true);
|
|
|
if (!is_array($row)) {
|
|
if (!is_array($row)) {
|
|
|
$this->error(__('Invalid parameters'));
|
|
$this->error(__('Invalid parameters'));
|
|
@@ -5434,6 +5601,9 @@ class Procuremen extends Backend
|
|
|
*/
|
|
*/
|
|
|
public function pickReview()
|
|
public function pickReview()
|
|
|
{
|
|
{
|
|
|
|
|
+ if (!$this->hasProcuremenPerm(['pickreview', 'picksubmit', 'review'])) {
|
|
|
|
|
+ $this->error(__('You have no permission'));
|
|
|
|
|
+ }
|
|
|
if ($this->request->isPost()) {
|
|
if ($this->request->isPost()) {
|
|
|
$this->error('请使用弹窗内「确认下发」提交');
|
|
$this->error('请使用弹窗内「确认下发」提交');
|
|
|
}
|
|
}
|
|
@@ -5645,6 +5815,9 @@ class Procuremen extends Backend
|
|
|
if (!$this->request->isPost() || !$this->request->isAjax()) {
|
|
if (!$this->request->isPost() || !$this->request->isAjax()) {
|
|
|
$this->error(__('Invalid parameters'));
|
|
$this->error(__('Invalid parameters'));
|
|
|
}
|
|
}
|
|
|
|
|
+ if (!$this->procuremenCanPickDelete()) {
|
|
|
|
|
+ $this->error(__('You have no permission'));
|
|
|
|
|
+ }
|
|
|
$rowsRaw = $this->request->post('rows_json', '[]');
|
|
$rowsRaw = $this->request->post('rows_json', '[]');
|
|
|
$rows = json_decode(is_string($rowsRaw) ? $rowsRaw : '', true);
|
|
$rows = json_decode(is_string($rowsRaw) ? $rowsRaw : '', true);
|
|
|
if (!is_array($rows) || $rows === []) {
|
|
if (!is_array($rows) || $rows === []) {
|
|
@@ -6452,6 +6625,9 @@ class Procuremen extends Backend
|
|
|
*/
|
|
*/
|
|
|
public function review()
|
|
public function review()
|
|
|
{
|
|
{
|
|
|
|
|
+ if (!$this->hasProcuremenPerm(['review', 'picksubmit', 'pickreview'])) {
|
|
|
|
|
+ $this->error(__('You have no permission'));
|
|
|
|
|
+ }
|
|
|
if ($this->request->isPost()) {
|
|
if ($this->request->isPost()) {
|
|
|
$this->error('请使用第一步「协助下发」通知供应商,再在「确认供应商」中选定一家');
|
|
$this->error('请使用第一步「协助下发」通知供应商,再在「确认供应商」中选定一家');
|
|
|
}
|
|
}
|
|
@@ -6465,6 +6641,9 @@ class Procuremen extends Backend
|
|
|
*/
|
|
*/
|
|
|
public function reviewCompanies()
|
|
public function reviewCompanies()
|
|
|
{
|
|
{
|
|
|
|
|
+ if (!$this->hasProcuremenPerm(['reviewcompanies', 'pickreview', 'picksubmit', 'review'])) {
|
|
|
|
|
+ $this->error(__('You have no permission'));
|
|
|
|
|
+ }
|
|
|
if (!$this->request->isAjax()) {
|
|
if (!$this->request->isAjax()) {
|
|
|
$this->error(__('Invalid parameters'));
|
|
$this->error(__('Invalid parameters'));
|
|
|
}
|
|
}
|