This commit is contained in:
Your Name
2026-03-11 14:33:49 +08:00
parent 38ad60f4bb
commit 08dd9cd307
57 changed files with 9547 additions and 379 deletions
+41 -7
View File
@@ -7,6 +7,7 @@ namespace app\adminapi\lists\order;
use app\adminapi\lists\BaseAdminDataLists;
use app\common\lists\ListsSearchInterface;
use app\common\model\Order;
use app\common\model\auth\AdminRole;
/**
* 订单列表
@@ -27,6 +28,33 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
];
}
/**
* @notes 权限过滤 - 普通员工只能看自己创建的订单
* @param array $where
* @return void
*/
private function filterByPermission(array &$where): void
{
// 检查是否是超管(root字段为1)
if (!empty($this->adminInfo['root']) && $this->adminInfo['root'] == 1) {
// 超管不过滤,可以看所有订单
return;
}
// 主管角色ID列表(可根据实际调整)
$supervisorRoles = [0, 3];
// 检查当前用户是否是主管
$roleIds = \app\common\model\auth\AdminRole::where('admin_id', $this->adminId)->column('role_id');
// 如果不是主管,只能看自己创建的订单
$isSupervisor = count(array_intersect($roleIds, $supervisorRoles)) > 0;
if (!$isSupervisor) {
$where[] = ['creator_id', '=', $this->adminId];
}
}
/**
* @notes 获取列表
* @return array
@@ -38,11 +66,14 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
{
$where = $this->searchWhere;
// 处理患者关键词搜索
// 权限控制:普通员工只能看自己创建的订单
$this->filterByPermission($where);
// 处理患者关键词搜索(从诊单表搜索)
if (!empty($this->params['patient_keyword'])) {
$where[] = ['patient_id', 'in', function ($query) {
$query->table('user')
->where('nickname|mobile', 'like', '%' . $this->params['patient_keyword'] . '%')
$query->table('zyt_tcm_diagnosis')
->where('patient_name|patient_phone', 'like', '%' . $this->params['patient_keyword'] . '%')
->field('id');
}];
}
@@ -57,7 +88,7 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
}
return Order::where($where)
->with(['patient', 'creator', 'details'])
->with(['patient', 'creator'])
->order(['create_time' => 'desc'])
->limit($this->limitOffset, $this->pageSize)
->select()
@@ -72,11 +103,14 @@ class OrderLists extends BaseAdminDataLists implements ListsSearchInterface
{
$where = $this->searchWhere;
// 处理患者关键词搜索
// 权限控制:普通员工只能看自己创建的订单
$this->filterByPermission($where);
// 处理患者关键词搜索(从诊单表搜索)
if (!empty($this->params['patient_keyword'])) {
$where[] = ['patient_id', 'in', function ($query) {
$query->table('user')
->where('nickname|mobile', 'like', '%' . $this->params['patient_keyword'] . '%')
$query->table('zyt_tcm_diagnosis')
->where('patient_name|patient_phone', 'like', '%' . $this->params['patient_keyword'] . '%')
->field('id');
}];
}