更新
This commit is contained in:
@@ -7,6 +7,7 @@ namespace app\adminapi\lists\order;
|
||||
use app\adminapi\lists\BaseAdminDataLists;
|
||||
use app\common\lists\ListsSearchInterface;
|
||||
use app\common\model\Order;
|
||||
use app\common\model\auth\AdminRole;
|
||||
|
||||
/**
|
||||
* 订单列表
|
||||
@@ -27,6 +28,33 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @notes 权限过滤 - 普通员工只能看自己创建的订单
|
||||
* @param array $where
|
||||
* @return void
|
||||
*/
|
||||
private function filterByPermission(array &$where): void
|
||||
{
|
||||
// 检查是否是超管(root字段为1)
|
||||
if (!empty($this->adminInfo['root']) && $this->adminInfo['root'] == 1) {
|
||||
// 超管不过滤,可以看所有订单
|
||||
return;
|
||||
}
|
||||
|
||||
// 主管角色ID列表(可根据实际调整)
|
||||
$supervisorRoles = [0, 3];
|
||||
|
||||
// 检查当前用户是否是主管
|
||||
$roleIds = \app\common\model\auth\AdminRole::where('admin_id', $this->adminId)->column('role_id');
|
||||
|
||||
// 如果不是主管,只能看自己创建的订单
|
||||
$isSupervisor = count(array_intersect($roleIds, $supervisorRoles)) > 0;
|
||||
|
||||
if (!$isSupervisor) {
|
||||
$where[] = ['creator_id', '=', $this->adminId];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @notes 获取列表
|
||||
* @return array
|
||||
@@ -38,11 +66,14 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
|
||||
{
|
||||
$where = $this->searchWhere;
|
||||
|
||||
// 处理患者关键词搜索
|
||||
// 权限控制:普通员工只能看自己创建的订单
|
||||
$this->filterByPermission($where);
|
||||
|
||||
// 处理患者关键词搜索(从诊单表搜索)
|
||||
if (!empty($this->params['patient_keyword'])) {
|
||||
$where[] = ['patient_id', 'in', function ($query) {
|
||||
$query->table('user')
|
||||
->where('nickname|mobile', 'like', '%' . $this->params['patient_keyword'] . '%')
|
||||
$query->table('zyt_tcm_diagnosis')
|
||||
->where('patient_name|patient_phone', 'like', '%' . $this->params['patient_keyword'] . '%')
|
||||
->field('id');
|
||||
}];
|
||||
}
|
||||
@@ -57,7 +88,7 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
|
||||
}
|
||||
|
||||
return Order::where($where)
|
||||
->with(['patient', 'creator', 'details'])
|
||||
->with(['patient', 'creator'])
|
||||
->order(['create_time' => 'desc'])
|
||||
->limit($this->limitOffset, $this->pageSize)
|
||||
->select()
|
||||
@@ -72,11 +103,14 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
|
||||
{
|
||||
$where = $this->searchWhere;
|
||||
|
||||
// 处理患者关键词搜索
|
||||
// 权限控制:普通员工只能看自己创建的订单
|
||||
$this->filterByPermission($where);
|
||||
|
||||
// 处理患者关键词搜索(从诊单表搜索)
|
||||
if (!empty($this->params['patient_keyword'])) {
|
||||
$where[] = ['patient_id', 'in', function ($query) {
|
||||
$query->table('user')
|
||||
->where('nickname|mobile', 'like', '%' . $this->params['patient_keyword'] . '%')
|
||||
$query->table('zyt_tcm_diagnosis')
|
||||
->where('patient_name|patient_phone', 'like', '%' . $this->params['patient_keyword'] . '%')
|
||||
->field('id');
|
||||
}];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user