szkp-map-service/app/Http/Controllers/Concerns/AuthorizesActivitySubmitter...

<?php

namespace App\Http\Controllers\Concerns;

use App\Models\Activity;
use Illuminate\Http\Request;

trait AuthorizesActivitySubmitter
{
    /**
     * 超级管理员、活动创建人、或绑定该活动场馆的用户，可对活动做「场馆范围」类操作前置校验。
     */
    protected function ensureVenueOrCreatorPermission(Request $request, Activity $activity): void
    {
        $user = $request->user();
        if ($user->isSuperAdmin()) {
            return;
        }
        if ($activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id) {
            return;
        }
        $allowed = $user->venues()->where('venues.id', $activity->venue_id)->exists();
        abort_unless($allowed, 403, '仅可操作已绑定场馆');
    }

    /**
     * 活动基础信息与场次：超级管理员或活动创建人可编辑。
     */
    protected function authorizeActivityFullEdit(Request $request, Activity $activity): void
    {
        $user = $request->user();
        if ($user?->isSuperAdmin()) {
            return;
        }
        abort_unless(
            $user && $activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id,
            403,
            '仅活动创建者可编辑活动信息与场次'
        );
    }

    /**
     * 可查看协作信息（审核记录、场次设置等）：超管、创建人、或该活动所属绑定场馆管理员。
     */
    protected function authorizeActivityCollaboratorView(Request $request, Activity $activity): void
    {
        $user = $request->user();
        if ($user?->isSuperAdmin()) {
            return;
        }
        if ($user && $activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id) {
            return;
        }
        if ($user && $user->venues()->where('venues.id', $activity->venue_id)->exists()) {
            return;
        }
        abort(403, '无权查看');
    }

    /**
     * 花絮：超管、活动所属绑定场馆用户、或活动创建人可编辑。
     * （活动所属场馆权限已由 {@see ActivityController::ensureVenuePermission} 或 {@see ensureVenueOrCreatorPermission} 保证。）
     */
    protected function authorizeActivityBehindScenesEdit(Request $request, Activity $activity): void
    {
        $user = $request->user();
        if ($user?->isSuperAdmin()) {
            return;
        }
        if ($user && $user->venues()->where('venues.id', $activity->venue_id)->exists()) {
            return;
        }
        if ($activity->submitted_by === null) {
            abort(403, '该平台录入的活动仅超级管理员可修改花絮');
        }
        abort_unless((int) $activity->submitted_by === (int) $user->id, 403, '只能编辑本人提交的活动花絮');
    }
}
修改 1 week ago			`<?php`

			`namespace App\Http\Controllers\Concerns;`

			`use App\Models\Activity;`
			`use Illuminate\Http\Request;`

			`trait AuthorizesActivitySubmitter`
			`{`
修改 4 days ago			`/**`
			`* 超级管理员、活动创建人、或绑定该活动场馆的用户，可对活动做「场馆范围」类操作前置校验。`
			`*/`
			`protected function ensureVenueOrCreatorPermission(Request $request, Activity $activity): void`
			`{`
			`$user = $request->user();`
			`if ($user->isSuperAdmin()) {`
			`return;`
			`}`
			`if ($activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id) {`
			`return;`
			`}`
			`$allowed = $user->venues()->where('venues.id', $activity->venue_id)->exists();`
			`abort_unless($allowed, 403, '仅可操作已绑定场馆');`
			`}`

			`/**`
			`* 活动基础信息与场次：超级管理员或活动创建人可编辑。`
			`*/`
			`protected function authorizeActivityFullEdit(Request $request, Activity $activity): void`
			`{`
			`$user = $request->user();`
			`if ($user?->isSuperAdmin()) {`
			`return;`
			`}`
			`abort_unless(`
			`$user && $activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id,`
			`403,`
			`'仅活动创建者可编辑活动信息与场次'`
			`);`
			`}`

			`/**`
			`* 可查看协作信息（审核记录、场次设置等）：超管、创建人、或该活动所属绑定场馆管理员。`
			`*/`
			`protected function authorizeActivityCollaboratorView(Request $request, Activity $activity): void`
			`{`
			`$user = $request->user();`
			`if ($user?->isSuperAdmin()) {`
			`return;`
			`}`
			`if ($user && $activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id) {`
			`return;`
			`}`
			`if ($user && $user->venues()->where('venues.id', $activity->venue_id)->exists()) {`
			`return;`
			`}`
			`abort(403, '无权查看');`
			`}`

修改 6 days ago			`/**`
			`* 花絮：超管、活动所属绑定场馆用户、或活动创建人可编辑。`
修改 4 days ago			`* （活动所属场馆权限已由 {@see ActivityController::ensureVenuePermission} 或 {@see ensureVenueOrCreatorPermission} 保证。）`
修改 6 days ago			`*/`
			`protected function authorizeActivityBehindScenesEdit(Request $request, Activity $activity): void`
修改 1 week ago			`{`
			`$user = $request->user();`
			`if ($user?->isSuperAdmin()) {`
			`return;`
			`}`
修改 6 days ago			`if ($user && $user->venues()->where('venues.id', $activity->venue_id)->exists()) {`
			`return;`
			`}`
修改 1 week ago			`if ($activity->submitted_by === null) {`
修改 6 days ago			`abort(403, '该平台录入的活动仅超级管理员可修改花絮');`
修改 1 week ago			`}`
修改 6 days ago			`abort_unless((int) $activity->submitted_by === (int) $user->id, 403, '只能编辑本人提交的活动花絮');`
修改 1 week ago			`}`
			`}`