优化公会信息权限

4 years ago · acaf3ec370
parent e523dc7e88
commit acaf3ec370
2 changed files with 18 additions and 6 deletions
--- a/Application/Admin/Controller/SocietyInfoController.class.php
+++ b/Application/Admin/Controller/SocietyInfoController.class.php
@ -14,6 +14,7 @@ class SocietyInfoController extends ThinkController
 {
    private $modelName = 'SocietyInfo';
    private $admininfo = '';
+    private $MarketEvent;
    private $level = [
        1=>'S',
        2=>'A',
@ -24,6 +25,7 @@ class SocietyInfoController extends ThinkController
    public function _initialize()
    {
        $this->admininfo = $_SESSION['onethink_admin']['user_auth'];
+        $this->MarketEvent = A("Market","Event");
        parent::_initialize();
    }
    //列表
@ -32,11 +34,20 @@ class SocietyInfoController extends ThinkController
        $model = M($this->modelName, 'tab_');
        $map = [];

-        if ($this->checkRule("Admin/SocietyInfo/lists", array('in','1,2')) || isMarketLeader() || is_administrator()) {
+        if (is_administrator()) {
            // 设置权限、admin、市场总监可以看所有数据
        } else {
-            // 其他用户只能看自己的
-            $map['create_account'] = $this->admininfo['username'];
+            $gid = session('user_group_id');
+            $markerGroup = $this->MarketEvent->isMarketAdminGroup($gid);
+            if($markerGroup){
+                if($markerGroup['department_level'] == $this->MarketEvent->getConfig("DirectorLevel")){
+                    //总监
+                    $map['create_account'] = ["in",$this->MarketEvent->getDepartmentUserId($markerGroup['department_id'],"nickname")];
+                }
+            }else{
+                // 其他用户只能看自己的
+                $map['create_account'] = $this->admininfo['username'];
+            }
        }

        if ($_REQUEST['text']||$_REQUEST['text']=='0') {
--- a/Application/Admin/Event/MarketEvent.class.php
+++ b/Application/Admin/Event/MarketEvent.class.php
@ -182,16 +182,17 @@ class MarketEvent extends Controller
        return M('auth_group','sys_')->save($savedata);
    }

-    public function getDepartmentUserId($department_id)
+    public function getDepartmentUserId($department_id,$type = "uid")
    {
+        $field = "mem.".$type;
        $res =  M("auth_group_access")
        ->alias("acc")
-        ->field("acc.uid")
+        ->field($field)
        ->where(['gro.department_id'=>$department_id])
        ->join("sys_member as mem on acc.uid = mem.uid")
        ->join("sys_auth_group as gro on acc.group_id = gro.id")
        ->select();
-        return array_column($res,'uid');
+        return array_column($res,$type);
    }

    public function getAdminCompanyId()