wangyifang
/
szkp-map-service
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '31cab09e50'
${ noResults }
szkp-map-service/app/Http/Controllers/Concerns/AuthorizesActivitySubmitter...

79 lines
2.8 KiB
Raw Blame History

<?php
namespace App\Http\Controllers\Concerns;
use App\Models\Activity;
use Illuminate\Http\Request;
trait AuthorizesActivitySubmitter
{
/**
* 超级管理员、活动创建人、或绑定该活动场馆的用户,可对活动做「场馆范围」类操作前置校验。
*/
protected function ensureVenueOrCreatorPermission(Request $request, Activity $activity): void
{
$user = $request->user();
if ($user->isSuperAdmin()) {
return;
}
if ($activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id) {
return;
}
$allowed = $user->venues()->where('venues.id', $activity->venue_id)->exists();
abort_unless($allowed, 403, '仅可操作已绑定场馆');
}
/**
* 活动基础信息与场次:超级管理员或活动创建人可编辑。
*/
protected function authorizeActivityFullEdit(Request $request, Activity $activity): void
{
$user = $request->user();
if ($user?->isSuperAdmin()) {
return;
}
abort_unless(
$user && $activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id,
403,
'仅活动创建者可编辑活动信息与场次'
);
}
/**
* 可查看协作信息(审核记录、场次设置等):超管、创建人、或该活动所属绑定场馆管理员。
*/
protected function authorizeActivityCollaboratorView(Request $request, Activity $activity): void
{
$user = $request->user();
if ($user?->isSuperAdmin()) {
return;
}
if ($user && $activity->submitted_by !== null && (int) $activity->submitted_by === (int) $user->id) {
return;
}
if ($user && $user->venues()->where('venues.id', $activity->venue_id)->exists()) {
return;
}
abort(403, '无权查看');
}
/**
* 花絮:超管、活动所属绑定场馆用户、或活动创建人可编辑。
* (活动所属场馆权限已由 {@see ActivityController::ensureVenuePermission} 或 {@see ensureVenueOrCreatorPermission} 保证。)
*/
protected function authorizeActivityBehindScenesEdit(Request $request, Activity $activity): void
{
$user = $request->user();
if ($user?->isSuperAdmin()) {
return;
}
if ($user && $user->venues()->where('venues.id', $activity->venue_id)->exists()) {
return;
}
if ($activity->submitted_by === null) {
abort(403, '该平台录入的活动仅超级管理员可修改花絮');
}
abort_unless((int) $activity->submitted_by === (int) $user->id, 403, '只能编辑本人提交的活动花絮');
}
}
Reference in new issue View Git Blame Copy Permalink