权限控制优化

app/admin/controller/After.php

@@ -489,7 +489,7 @@ class After extends Base
             $val = Validate::rule([
                 'returnCode' => 'require',
                 'status' => 'require|number|in:1,2,4,5,6,9,10,11',
-                'remark' => 'requireIf:status,6|requireIf:status,2|requireIf:status,10',
+                'remark' => 'requireIf:status,6|requireIf:status,10',
 //                'contactor|收货人' => 'requireIf:status,4',
 //                'mobile|联系电话' => 'requireIf:status,4',
 //                'addr_code|省市区编码' => 'requireIf:status,4',
@@ -518,6 +518,7 @@ class After extends Base
                     break;
                 case 9:
                     if ((($info['is_receive'] == 1) && (in_array($param['status'], [2, 4]) == false) || (($info['is_receive'] == 0) && (in_array($param['status'], [2, 5]) == false)))) throw new Exception('选项错误');
+                    if ($param['status'] == 2 && $param['remark'] == '') throw new Exception('remark不能为空');
 
 //                    if (in_array($param['status'], [2, 4, 5]) == false) throw new Exception('选项错误');
 //                    if ($this->level != 3) throw new Exception('当前状态下只能由供应商账号操作');
@@ -536,6 +537,7 @@ class After extends Base
                     break;
                 case 10:
                     if ((($info['is_receive'] == 1) && (in_array($param['status'], [2, 4]) == false) || (($info['is_receive'] == 0) && (in_array($param['status'], [2, 5]) == false)))) throw new Exception('选项错误');
+                    if ($param['status'] == 2 && $param['remark'] == '') throw new Exception('remark不能为空');
 
                     if ($param['status'] == 4) {
                         if ($param['contactor'] == '') throw new Exception('收货人不能为空');

app/admin/controller/AfterChild.php

@@ -2,6 +2,7 @@
 
 namespace app\admin\controller;
 
+use app\admin\model\DataGroup as DataGroupModel;
 use think\Exception;
 use think\facade\Db;
 use think\facade\Validate;
@@ -14,30 +15,52 @@ class AfterChild extends Base
     public function getList()
     {
 
-        $param = $this->request->only(['page' => 1, 'size' => 10, 'returnCode' => '', 'status' => '', 'orderCode' => '', 'outCode' => '', 'order_type' => ''], 'post', 'trim');
+        $param = $this->request->only(['page' => 1, 'size' => 10, 'returnCode' => '', 'status' => '', 'orderCode' => '', 'outCode' => '', 'order_type' => '', 'supplierNo' => ''], 'post', 'trim');
 
-        $where = [['a.is_del', '=', 0]];
-        if ($param['returnCode'] != '') $where[] = ['a.returnCode', 'like', '%' . $param['returnCode'] . '%'];
-        if ($param['status'] !== '') $where[] = ['a.status', '=', $param['status']];
-        if ($param['orderCode'] != '') $where[] = ['a.orderCode', 'like', '%' . $param['orderCode'] . '%'];
-        if ($param['outCode'] != '') $where[] = ['a.outCode', 'like', '%' . $param['outCode'] . '%'];
-        if ($param['order_type'] !== '') $where[] = ['d.order_type', '=', $param['order_type']];
-
-        $count = Db::name('order_return_child')
+        $db = Db::name('order_return_child')
             ->alias('a')
             ->leftJoin('warehouse_info b', 'b.wsm_code=a.send_wsm_code')
             ->leftJoin('warehouse_info c', 'c.wsm_code=a.return_wsm_code')
             ->leftJoin('order_return d', 'd.returnCode=a.returnCode and d.is_del=0')
-            ->where($where)
+            ->where('a.is_del', 0);
+
+        if ($param['returnCode'] != '') $db->whereLike('a.returnCode', '%' . $param['returnCode'] . '%');
+        if ($param['status'] !== '') $db->where('a.status', $param['status']);
+        if ($param['orderCode'] != '') $db->whereLike('a.orderCode', '%' . $param['orderCode'] . '%');
+        if ($param['outCode'] != '') $db->whereLike('a.outCode', '%' . $param['outCode'] . '%');
+        if ($param['order_type'] !== '') $db->where('d.order_type', $param['order_type']);
+        if ($param['supplierNo'] != '') $db->whereLike('d.supplierNo', '%' . $param['supplierNo'] . '%');
+
+        //数据权限相关
+        //供应商账号，只查询该供应商下所有数据
+        if ($this->level == 3 && $param['supplierNo'] == '') return json_show(1004, '供应商账号时供应商编码不能为空');
+
+
+        //1.超管，查看全部；
+        //2.业务公司账号-申请人，初始状态只查看自己创建的；
+        //3.业务公司账号-退回仓库负责人，只查看自己负责仓库的数据；
+        //4.业务公司账号-数据共享接受人，共享给自己的数据；
+        if ($this->level == 2) {
+
+            //是否仓库负责人
+            $is_contactor = Db::name('warehouse_info')
+                ->field('id')
+                ->where(['is_del' => 0, 'contactor' => $this->uid])
+                ->findOrEmpty();
+            if (empty($is_contactor)) {
+                $role = $this->checkDataShare();
+                $hand = resign_hand_user($this->uid, 0);
+                $db->whereIn('d.apply_id', array_unique(array_merge($role[DataGroupModel::$type_全部], $hand)));
+            } else {
+                $db->where('`a`.`return_wsm_code` in ' . Db::name('warehouse_info')->field('wsm_code')->where(['is_del' => 0, 'contactor' => $this->uid])->buildSql());
+            }
+        }
+
+        $count = $db
             ->count('a.id');
 
-        $list = Db::name('order_return_child')
-            ->alias('a')
-            ->field('a.id,a.returnCode,a.orderCode,a.outCode,a.order_out_child_status,a.outChildCode,b.supplierName send_supplierName,b.supplierNo send_supplierNo,b.name send_wsm_name,a.send_wsm_code,b.contactor_name send_contactor_name,a.send_num,a.return_num,c.supplierName return_supplierName,c.supplierNo return_supplierNo,c.name return_wsm_name,a.return_wsm_code,c.contactor_name return_contactor_name,a.status,d.companyNo,d.companyName,d.customer_code,d.customer_name,d.order_type')
-            ->leftJoin('warehouse_info b', 'b.wsm_code=a.send_wsm_code')
-            ->leftJoin('warehouse_info c', 'c.wsm_code=a.return_wsm_code')
-            ->leftJoin('order_return d', 'd.returnCode=a.returnCode and d.is_del=0')
-            ->where($where)
+        $list = $db
+            ->field('a.id,a.returnCode,a.orderCode,a.outCode,a.order_out_child_status,a.outChildCode,b.supplierName send_supplierName,b.supplierNo send_supplierNo,b.name send_wsm_name,a.send_wsm_code,b.contactor_name send_contactor_name,a.send_num,a.return_num,c.supplierName return_supplierName,c.supplierNo return_supplierNo,c.name return_wsm_name,a.return_wsm_code,c.contactor_name return_contactor_name,a.status,d.companyNo,d.companyName,d.customer_code,d.customer_name,d.order_type,d.apply_id,d.apply_name')
             ->order(['a.addtime' => 'desc', 'a.id' => 'desc'])
             ->page($param['page'], $param['size'])
             ->select()
@@ -542,7 +565,7 @@ class AfterChild extends Base
 
         $info = Db::name('order_return_child')
             ->alias('a')
-            ->field('a.*,b.supplierName send_supplierName,b.supplierNo send_supplierNo,b.name send_wsm_name,b.contactor_name send_contactor_name,c.supplierName return_supplierName,c.supplierNo return_supplierNo,c.name return_wsm_name,c.contactor_name return_contactor_name,d.companyNo,d.companyName,d.customer_code,d.customer_name')
+            ->field('a.*,b.supplierName send_supplierName,b.supplierNo send_supplierNo,b.name send_wsm_name,b.contactor_name send_contactor_name,c.supplierName return_supplierName,c.supplierNo return_supplierNo,c.name return_wsm_name,c.contactor_name return_contactor_name,d.companyNo,d.companyName,d.customer_code,d.customer_name,d.order_type,d.good_code spuCode')
             ->leftJoin('warehouse_info b', 'b.wsm_code=a.send_wsm_code')
             ->leftJoin('warehouse_info c', 'c.wsm_code=a.return_wsm_code')
             ->leftJoin('order_return d', 'd.returnCode=a.returnCode and d.is_del=0')

app/admin/controller/OrderOutChild.php

@@ -454,6 +454,9 @@ class OrderOutChild extends Base
                         if ($this->uid != $person[$child[$value['outChildCode']]['supplierNo']]) throw new Exception('非库存品和采返商品只能由供应商负责人操作');
                     }
                 }
+
+                if (($this->level) == 3 && ($sale[$child[$value['outChildCode']]['orderCode']]['is_stock'] == 1) && ($this->uid != $wsm_contactor[$child[$value['outChildCode']]['wsm_code']])) throw new Exception('库存品只能由仓库管理员操作');
+
                 //工单
                 if (!isset($child[$value['outChildCode']])) throw new Exception($value['outChildCode'] . '工单不存在或状态不允许发货');
 
@@ -600,20 +603,31 @@ class OrderOutChild extends Base
     }
 
     //根据发货单号查询发货工单(不控制权限，不分页，无token,该方法加入白名单)
-    public function getListByOutCode(){
+    public function getListByOutCode()
+    {
+
+        $param = $this->request->only(['outCode' => '', 'orderCode' => ''], 'post', 'trim');
+
+        $val = Validate::rule([
+            'outCode' => 'requireWithout:orderCode',
+            'orderCode' => 'requireWithout:outCode',
+        ]);
+
+        if ($val->check($param) == false) return json_show(1004, $val->getError());
 
-        $outCode=$this->request->post('outCode','','trim');
-        if($outCode=='') return json_show(1004,'发货单号不能为空');
+        $where = [['a.is_del', '=', 0]];
+        if ($param['outCode'] !== '') $where[] = ['a.outCode', 'like', '%' . $param['outCode'] . '%'];
+        if ($param['orderCode'] !== '') $where[] = ['a.orderCode', 'like', '%' . $param['orderCode'] . '%'];
 
-        $data=Db::name('order_out_child')
+        $data = Db::name('order_out_child')
             ->alias('a')
-            ->field('a.*,c.contactor_name')
+            ->field('a.*,c.contactor_name,c.name wsm_name')
             ->leftJoin('warehouse_info c', 'c.wsm_code=a.wsm_code AND c.is_del=0')
-            ->where(['a.is_del'=>0,'a.outCode'=>$outCode])
-            ->order(['a.addtime'=>'desc','a.id'=>'desc'])
+            ->where($where)
+            ->order(['a.addtime' => 'desc', 'a.id' => 'desc'])
             ->select()
             ->toArray();
-        return json_show(0,'获取列表成功',$data);
+        return json_show(0, '获取列表成功', $data);
     }
 
 

app/admin/controller/Purchin.php

@@ -998,7 +998,7 @@ class Purchin extends Base
 //            return json_show(1004, "新建失败");
         } catch (Exception $e) {
             Db::rollback();
-            return json_show(1004, $e->getMessage());
+            return json_show(1004, $e->getMessage().'|'.$e->getFile().'|'.$e->getLine());
         }
     }
 

app/admin/controller/Reorder.php

@@ -94,7 +94,7 @@ class Reorder extends Base
             $temp = Db::name("sale_return")
                 ->where(["orderCode" => $ordeCode, "is_del" => 0, "status" => 4])
                 ->count('id');
-            if ($temp == 0) return json_show(1004, '');
+            if ($temp == 0) return json_show(1004, '全部退货，请直接使用订单撤销功能');
         }
 
         $returnCode = makeNo("RN");
@@ -464,28 +464,53 @@ class Reorder extends Base
 //            $condition .="sr.cgderid = {$this->uid} or sr.apply_id in (".implode(',',$role['write']).")";
 //        }
 
-        //只有level2的账号过滤数据权限
+        //接口数据权限：
+        //1.超管，查看全部；
+        //2.业务公司账号-申请人，初始状态只查看自己创建的；
+        //3.业务公司账号-供应商负责人,只查看自己负责人的供应商的；
+        //4，业务公司账号-数据共享接受人，共享给自己的数据；
         if ($this->level == 2) {
-            $role = $this->checkDataShare();
-            $hand = resign_hand_user($this->uid, 0);
-            if (!empty($role[DataGroupModel::$type_全部])) {
-                $arr = array_unique(array_merge($hand, $role[DataGroupModel::$type_全部]));
+
+            //判断是否是供应商负责人
+            $is_person = Db::connect('mysql_sys')
+                ->name('supplier')
+                ->field('id')
+                ->where(['is_del' => 0, 'personid' => $this->uid])
+                ->findOrEmpty();
+
+            if (empty($is_person)) {
+                //考虑数据权限
+                $role = $this->checkDataShare();
+                $hand = resign_hand_user($this->uid, 0);
+                $where[] = ['sr.apply_id', 'in', array_unique(array_merge($role[DataGroupModel::$type_全部], $hand))];
+            } else {
+                //考虑负责的供应商
+                $code = Db::connect('mysql_sys')
+                    ->name('supplier')
+                    ->where(['is_del' => 0, 'personid' => $this->uid])
+                    ->column('code');
+                $where[] = ['sr.supplierNo', 'in', $code];
+            }
+//            $role = $this->checkDataShare();
+//            $hand = resign_hand_user($this->uid, 0);
+//            if (!empty($role[DataGroupModel::$type_全部])) {
+//                $arr = array_unique(array_merge($hand, $role[DataGroupModel::$type_全部]));
 //        	$uidim =implode(",",$hand);
 //			$condition .= "sr.cgderid in ($uidim) or sr.person_id in ($uidim) or sr.apply_id in (" . implode(',',$arr) .
 //			 ")";
-                $condition[] = ["sr.apply_id", "in", $arr];
-                $condition[] = ["sr.cgderid", "in", $hand];
-                $condition[] = ["sr.person_id", "in", $hand];
-            }
+//                $condition[] = ["sr.apply_id", "in", $arr];
+//                $condition[] = ["sr.cgderid", "in", $hand];
+//                $condition[] = ["sr.person_id", "in", $hand];
+//            }
         }
 
         //供应商账号不允许看到库存品数据
-        if ($this->level == 3) $where[] = ['b.is_stock', '<>', 1];
+//        if ($this->level == 3) $where[] = ['b.is_stock', '<>', 1];
 //        $role = $this->checkDataShare();
 //        if (!empty($role[DataGroupModel::$type_全部])) $condition .= "sr.cgderid = {$this->uid} or sr.person_id = {$this->uid} or sr.apply_id in (" . implode(',', $role[DataGroupModel::$type_全部]) . ")";
-        if (in_array($this->roleid, config('app.wsm_cgder_role'))) {
-            $where[] = ["b.order_type", "=", 1];
-        }
+//        if (in_array($this->roleid, config('app.wsm_cgder_role'))) {
+//            $where[] = ["b.order_type", "=", 1];
+//        }
         $company_name = isset($this->post['company_name']) && $this->post['company_name'] !== "" ? trim($this->post['company_name']) : "";
         if ($company_name !== "") $where[] = ["sr.apply_id", 'in', get_company_item_user_by_name($company_name)];
 
@@ -497,9 +522,9 @@ class Reorder extends Base
             ->leftJoin("sale b", "b.orderCode=sr.orderCode AND b.is_del=0")
             ->leftJoin('result_info c', 'c.result_code=sr.error_code')
             ->where($where)
-            ->where(function ($query) use ($condition) {
-                $query->whereOr($condition);
-            })
+//            ->where(function ($query) use ($condition) {
+//                $query->whereOr($condition);
+//            })
             ->count('sr.id');
         $total = ceil($count / $size);
         $page = $total >= $page ? $page : $total;
@@ -509,9 +534,9 @@ class Reorder extends Base
             ->leftJoin("sale b", "b.orderCode=sr.orderCode AND b.is_del=0")
             ->leftJoin('result_info c', 'c.result_code=sr.error_code')
             ->where($where)
-            ->where(function ($query) use ($condition) {
-                $query->whereOr($condition);
-            })
+//            ->where(function ($query) use ($condition) {
+//                $query->whereOr($condition);
+//            })
             ->order("sr.addtime desc")
             ->page($page, $size)
             ->select()
@@ -524,7 +549,7 @@ class Reorder extends Base
 //        $names = $userCommon->handle('getCodeAndName',['code'=>array_merge(array_column($list,'supplierNo'),array_column($list,'customer_code'))]);
 
         //校验是否开通了供应商账号
-        $supp_account = checkHasAccountBySupplierNos(array_unique(array_column($list,'supplierNo')));
+        $supp_account = checkHasAccountBySupplierNos(array_unique(array_column($list, 'supplierNo')));
 
         $data = [];
         foreach ($list as $value) {

app/admin/controller/ReorderChild.php

@@ -4,6 +4,7 @@ namespace app\admin\controller;
 
 //销售单退货工单
 use app\admin\model\ActionLog;
+use app\admin\model\DataGroup as DataGroupModel;
 use app\admin\model\ProcessOrder;
 use think\Exception;
 use think\facade\Db;
@@ -117,29 +118,50 @@ class ReorderChild extends Base
     public function getList()
     {
 
-        $param = $this->request->only(['page' => 1, 'size' => 10, 'returnCode' => '', 'status' => '', 'orderCode' => '', 'outCode' => '', 'outChildCode' => '', 'saleReturnChildCode' => '', 'order_type' => ''], 'post', 'trim');
-
-        $where = [['a.is_del', '=', 0]];
-        if ($param['returnCode'] != '') $where[] = ['a.returnCode', 'like', '%' . $param['returnCode'] . '%'];
-        if ($param['status'] !== '') $where[] = ['a.status', '=', $param['status']];
-        if ($param['orderCode'] != '') $where[] = ['a.orderCode', 'like', '%' . $param['orderCode'] . '%'];
-        if ($param['outCode'] != '') $where[] = ['a.outCode', 'like', '%' . $param['outCode'] . '%'];
-        if ($param['outChildCode'] != '') $where[] = ['a.outChildCode', 'like', '%' . $param['outChildCode'] . '%'];
-        if ($param['saleReturnChildCode'] != '') $where[] = ['a.saleReturnChildCode', 'like', '%' . $param['saleReturnChildCode'] . '%'];
-        if ($param['order_type'] !== '') $where[] = ['b.order_type', '=', $param['order_type']];
-
-        $count = Db::name('sale_return_child')
-            ->alias('a')
-            ->leftJoin('sale_return b', 'b.returnCode=a.returnCode and b.is_del=0')
-            ->leftJoin('warehouse_info c', 'c.wsm_code=a.return_wsm_code and c.is_del=0')->where($where)
-            ->count('a.id');
-
-        $list = Db::name('sale_return_child')
+        $db = Db::name('sale_return_child')
             ->alias('a')
-            ->field('a.id,a.saleReturnChildCode,a.type,a.outChildCode,a.outCode,a.companyNo,a.companyName,a.customer_code,a.customerName,a.num,a.sale_price,a.total_price,a.status,a.addtime,b.supplierNo,b.supplierName,a.return_wsm_code,c.name return_wsm_name,c.supplierNo return_supplierNo,c.supplierName return_supplierName,c.contactor_name return_contactor_name,b.order_type')
             ->leftJoin('sale_return b', 'b.returnCode=a.returnCode and b.is_del=0')
             ->leftJoin('warehouse_info c', 'c.wsm_code=a.return_wsm_code and c.is_del=0')
-            ->where($where)
+            ->where('a.is_del', 0);
+
+        $param = $this->request->only(['page' => 1, 'size' => 10, 'returnCode' => '', 'status' => '', 'orderCode' => '', 'outCode' => '', 'outChildCode' => '', 'saleReturnChildCode' => '', 'order_type' => '', 'supplierNo' => ''], 'post', 'trim');
+
+        if ($param['returnCode'] != '') $db->whereLike('a.returnCode', '%' . $param['returnCode'] . '%');
+        if ($param['status'] !== '') $db->where('a.status', $param['status']);
+        if ($param['orderCode'] != '') $db->whereLike('a.orderCode', '%' . $param['orderCode'] . '%');
+        if ($param['outCode'] != '') $db->whereLike('a.outCode', '%' . $param['outCode'] . '%');
+        if ($param['outChildCode'] != '') $db->whereLike('a.outChildCode', '%' . $param['outChildCode'] . '%');
+        if ($param['saleReturnChildCode'] != '') $db->whereLike('a.saleReturnChildCode', '%' . $param['saleReturnChildCode'] . '%');
+        if ($param['order_type'] !== '') $db->where('b.order_type', $param['order_type']);
+        if ($param['supplierNo'] != '') $db->whereLike('b.supplierNo', '%' . $param['supplierNo'] . '%');
+
+        //供应商账号，只查询该供应商下所有数据
+        if ($this->level == 3 && $param['supplierNo'] == '') return json_show(1004, '供应商账号时供应商编码不能为空');
+
+        //1.超管，查看全部；
+        //2.业务公司账号-申请人，初始状态只查看自己创建的；
+        //3.业务公司账号-退回仓库负责人，只查看自己负责仓库的数据；
+        //4.业务公司账号-数据共享接受人，共享给自己的数据；
+        if ($this->level == 2) {
+
+            //是否仓库负责人
+            $is_contactor = Db::name('warehouse_info')
+                ->field('id')
+                ->where(['is_del' => 0, 'contactor' => $this->uid])
+                ->findOrEmpty();
+            if (empty($is_contactor)) {
+                $role = $this->checkDataShare();
+                $hand = resign_hand_user($this->uid, 0);
+                $db->whereIn('b.apply_id', array_unique(array_merge($role[DataGroupModel::$type_全部], $hand)));
+            } else {
+                $db->where('`a`.`return_wsm_code` in ' . Db::name('warehouse_info')->field('wsm_code')->where(['is_del' => 0, 'contactor' => $this->uid])->buildSql());
+            }
+        }
+
+        $count = $db->count('a.id');
+
+        $list = $db
+            ->field('a.id,a.saleReturnChildCode,a.type,a.outChildCode,a.outCode,a.companyNo,a.companyName,a.customer_code,a.customerName,a.num,a.sale_price,a.total_price,a.status,a.addtime,b.supplierNo,b.supplierName,a.return_wsm_code,c.name return_wsm_name,c.supplierNo return_supplierNo,c.supplierName return_supplierName,c.contactor_name return_contactor_name,b.order_type,a.orderCode,a.returnCode,b.apply_name,b.apply_id')
             ->order(['a.addtime' => 'desc', 'a.id' => 'desc'])
             ->page($param['page'], $param['size'])
             ->select()
@@ -339,7 +361,7 @@ class ReorderChild extends Base
 
         $info = Db::name('sale_return_child')
             ->alias('a')
-            ->field('a.*,b.supplierNo,b.supplierName,c.name return_wsm_name,c.supplierNo return_supplierNo,c.supplierName return_supplierName,c.contactor_name return_contactor_name')
+            ->field('a.*,b.supplierNo,b.supplierName,c.name return_wsm_name,c.supplierNo return_supplierNo,c.supplierName return_supplierName,c.contactor_name return_contactor_name,b.good_code spuCode,b.order_type')
             ->leftJoin('sale_return b', 'b.returnCode=a.returnCode and b.is_del=0')
             ->leftJoin('warehouse_info c', 'c.wsm_code=a.return_wsm_code and c.is_del=0')
             ->where(['a.is_del' => 0, 'a.id' => $param['id']])

app/admin/model/OrderOutChild.php

@@ -53,6 +53,7 @@ class OrderOutChild extends Model
             "apply_id" => $out['apply_id'],
             "apply_name" => $out['apply_name'],
             "addrid" => $out['addrid'],
+            "status" => 1,
             "addtime" => date("Y-m-d H:i:s"),
             "updatetime" => date("Y-m-d H:i:s")
         ];
@@ -79,7 +80,7 @@ class OrderOutChild extends Model
             "order_type" => 'FHGD',
             "order_code" => $child['outChildCode'],
             "order_id" => $childout,
-            "order_status" => $child['status'],
+            "order_status" => $child['status'] ?? 1,
             "before_status" => 0,
             'holder_id'=>$child['apply_id'],
         ]);
@@ -121,7 +122,7 @@ class OrderOutChild extends Model
                 "order_type" => 'FHGD',
                 "order_code" => $child['outChildCode'],//出库单号
                 "order_id" => $childout,
-                "order_status" => $child['status'],
+                "order_status" => $child['status'] ?? 1,
                 "before_status" => 0,
                 'holder_id'=>$child['apply_id'],
             ]);