diff --git a/app/admin/BaseController.php b/app/admin/BaseController.php index bc42f84..a34e0e1 100644 --- a/app/admin/BaseController.php +++ b/app/admin/BaseController.php @@ -187,4 +187,15 @@ abstract class BaseController } } + /** + * 获取当前用户的 tenant_id + * + * @return int 租户ID + */ + protected function getTenantId(): int + { + $userInfo = $this->getAdminUserInfo(); + return isset($userInfo['tenant_id']) ? intval($userInfo['tenant_id']) : 0; + } + } diff --git a/app/admin/controller/Erp/EmployeeController.php b/app/admin/controller/Erp/EmployeeController.php index b00bdb9..bfdb97a 100644 --- a/app/admin/controller/Erp/EmployeeController.php +++ b/app/admin/controller/Erp/EmployeeController.php @@ -20,7 +20,15 @@ class EmployeeController extends BaseController */ public function getEmployee() { - $list = Employee::where('delete_time', null)->select()->toArray(); + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $list = Employee::where('delete_time', null) + ->where('tenant_id', $tenantId) + ->select() + ->toArray(); return json([ 'code' => 200, 'msg' => '获取成功', @@ -33,9 +41,16 @@ class EmployeeController extends BaseController */ public function getEmployeeDetail($id) { - $detail = Employee::where('id', $id)->where('delete_time', null)->find()->toArray(); - $detail['leader_name'] = AdminUser::where('id', $detail['leader_id'])->value('name'); - $detail['parent_name'] = Employee::where('id', $detail['parent_id'])->value('org_name'); + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $detail = Employee::where('id', $id) + ->where('delete_time', null) + ->where('tenant_id', $tenantId) + ->find() + ->toArray(); return json([ 'code' => 200, 'msg' => '获取成功', @@ -48,7 +63,14 @@ class EmployeeController extends BaseController */ public function createEmployee() { + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + $data = $this->request->post(); + $data['tenant_id'] = $tenantId; + $employee = Employee::create($data); if ($employee) { return json([ @@ -69,9 +91,18 @@ class EmployeeController extends BaseController */ public function editEmployee($id) { + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + $data = $this->request->post(); - $employee = Employee::where('id', $id)->update($data); - if ($employee) { + unset($data['tenant_id']); // 不允许修改租户ID + + $employee = Employee::where('id', $id) + ->where('tenant_id', $tenantId) + ->update($data); + if ($employee !== false) { return json([ 'code' => 200, 'msg' => '编辑成功', @@ -90,7 +121,14 @@ class EmployeeController extends BaseController */ public function deleteEmployee($id) { - $employee = Employee::where('id', $id)->update(['delete_time' => date('Y-m-d H:i:s')]); + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $employee = Employee::where('id', $id) + ->where('tenant_id', $tenantId) + ->update(['delete_time' => date('Y-m-d H:i:s')]); if ($employee) { return json([ 'code' => 200, diff --git a/app/admin/controller/Erp/OrganizationController.php b/app/admin/controller/Erp/OrganizationController.php index 24f847b..6bd3a04 100644 --- a/app/admin/controller/Erp/OrganizationController.php +++ b/app/admin/controller/Erp/OrganizationController.php @@ -20,7 +20,15 @@ class OrganizationController extends BaseController */ public function getOrganization() { - $list = Organization::where('delete_time', null)->select()->toArray(); + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $list = Organization::where('delete_time', null) + ->where('tenant_id', $tenantId) + ->select() + ->toArray(); return json([ 'code' => 200, 'msg' => '获取成功', @@ -33,7 +41,16 @@ class OrganizationController extends BaseController */ public function getOrganizationDetail($id) { - $detail = Organization::where('id', $id)->where('delete_time', null)->find()->toArray(); + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $detail = Organization::where('id', $id) + ->where('delete_time', null) + ->where('tenant_id', $tenantId) + ->find() + ->toArray(); $detail['leader_name'] = AdminUser::where('id', $detail['leader_id'])->value('name'); $detail['parent_name'] = Organization::where('id', $detail['parent_id'])->value('org_name'); return json([ @@ -48,7 +65,14 @@ class OrganizationController extends BaseController */ public function createOrganization() { + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + $data = $this->request->post(); + $data['tenant_id'] = $tenantId; + $organization = Organization::create($data); if ($organization) { return json([ @@ -69,9 +93,18 @@ class OrganizationController extends BaseController */ public function editOrganization($id) { + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + $data = $this->request->post(); - $organization = Organization::where('id', $id)->update($data); - if ($organization) { + unset($data['tenant_id']); // 不允许修改租户ID + + $organization = Organization::where('id', $id) + ->where('tenant_id', $tenantId) + ->update($data); + if ($organization !== false) { return json([ 'code' => 200, 'msg' => '编辑成功', @@ -90,7 +123,14 @@ class OrganizationController extends BaseController */ public function deleteOrganization($id) { - $organization = Organization::where('id', $id)->update(['delete_time' => date('Y-m-d H:i:s')]); + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $organization = Organization::where('id', $id) + ->where('tenant_id', $tenantId) + ->update(['delete_time' => date('Y-m-d H:i:s')]); if ($organization) { return json([ 'code' => 200, @@ -103,4 +143,50 @@ class OrganizationController extends BaseController ]); } } + + /** + * 获取企业单位 + */ + public function getCompanys() + { + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $where = [['delete_time', '=', null], ['is_company', '=', 1], ['tenant_id', '=', $tenantId]]; + + $list = Organization::where($where)->select()->toArray(); + return json([ + 'code' => 200, + 'msg' => '获取成功', + 'data' => $list + ]); + } + + /** + * 获取部门 + */ + public function getDepartments() + { + $tenantId = $this->getTenantId(); + if (!$tenantId) { + return json(['code' => 403, 'msg' => '无法获取租户信息']); + } + + $parentId = input('parent_id/d', 0); + + $where = [['delete_time', '=', null], ['is_company', '=', 0], ['tenant_id', '=', $tenantId]]; + + if ($parentId > 0) { + $where[] = ['parent_id', '=', $parentId]; + } + + $list = Organization::where($where)->select()->toArray(); + return json([ + 'code' => 200, + 'msg' => '获取成功', + 'data' => $list + ]); + } } diff --git a/app/admin/route/routes/erp.php b/app/admin/route/routes/erp.php index fb73f77..3f9f9c8 100644 --- a/app/admin/route/routes/erp.php +++ b/app/admin/route/routes/erp.php @@ -8,8 +8,10 @@ Route::group('erp', function() { Route::post('createOrganization', 'app\admin\controller\Erp\OrganizationController/createOrganization'); Route::post('editOrganization/:id', 'app\admin\controller\Erp\OrganizationController/editOrganization'); Route::delete('deleteOrganization/:id', 'app\admin\controller\Erp\OrganizationController/deleteOrganization'); -}); + Route::get('getCompanys', 'app\admin\controller\Erp\OrganizationController/getCompanys'); + Route::get('getDepartments', 'app\admin\controller\Erp\OrganizationController/getDepartments'); +}); // 员工管理路由 Route::group('erp', function() { Route::get('getEmployee', 'app\admin\controller\Erp\EmployeeController/getEmployee');