Merge branch 'liuzj-permission-dev' into test

app/Http/Kernel.php

@@ -4,6 +4,7 @@ namespace App\Http;
 
 use App\Http\Middleware\EnableCrossRequestMiddleware;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
+use Modules\Permissions\Middlewares\RoleCheck;
 
 class Kernel extends HttpKernel
 {
@@ -64,5 +65,6 @@ class Kernel extends HttpKernel
         'signed' => \App\Http\Middleware\ValidateSignature::class,
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'roleCheck' => RoleCheck::class,
     ];
 }

modules/Jiesuan/routes/route.php

@@ -14,21 +14,21 @@ Route::prefix('jiesuanManage')->group(function () {
         Route::get('listAvailableBankCard', [BankAccountController::class, 'listAvailableBankCard']);
         Route::get('listBank', [BankAccountController::class, 'listBank']);
         Route::get('listShangwu', [BankAccountController::class, 'listShangwu']);
-        Route::post('addCompanyCard', [BankAccountController::class, 'addCompanyCard']);
+        Route::post('addCompanyCard', [BankAccountController::class, 'addCompanyCard'])->middleware(['roleCheck:company']);
     });
 
     Route::prefix('jiesuan')->group(function(){
         Route::get('listTixian', [JiesuanController::class, 'listTixian']);
         Route::get('list', [JiesuanController::class, 'list']);
         Route::get('accountInfo', [JiesuanController::class, 'accountInfo']);
-        Route::post('tixian', [JiesuanController::class, 'tixian']);
+        Route::post('tixian', [JiesuanController::class, 'tixian'])->middleware(['roleCheck:company']);
     });
 
     Route::prefix('financeCheck')->group(function(){
-       Route::get('list', [FinanceCheckController::class, 'list']);
-       Route::post('check', [FinanceCheckController::class, 'check']);
-       Route::post('remit', [FinanceCheckController::class, 'remit']);
-       Route::get('getShanghuAccountInfo', [FinanceCheckController::class, 'getShanghuAccountInfo']);
+       Route::get('list', [FinanceCheckController::class, 'list'])->middleware(['roleCheck:financer']);
+       Route::post('check', [FinanceCheckController::class, 'check'])->middleware(['roleCheck:financer']);
+       Route::post('remit', [FinanceCheckController::class, 'remit'])->middleware(['roleCheck:financer']);
+       Route::get('getShanghuAccountInfo', [FinanceCheckController::class, 'getShanghuAccountInfo'])->middleware(['roleCheck:financer']);
     });
 
     // 结算账户审核

modules/Permissions/Middlewares/RoleCheck.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Modules\Permissions\Middlewares;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Route;
+use Modules\Common\Errors\Errors;
+use Modules\Common\Exceptions\CommonBusinessException;
+use Modules\Jiesuan\Http\Controllers\FinanceCheckController;
+use Modules\Permissions\Exceptions\PermissionForbidden;
+use Modules\User\Models\User;
+
+/**
+ * 检测用户角色权限
+ * 使用方法:
+ * Route::get('list', [FinanceCheckController::class, 'list'])->middleware(['roleCheck:aa,bb,cc'])
+ * aa,bb,cc 代表可以操作的多个角色的 identify
+ */
+class RoleCheck
+{
+    public function handle(Request $request, \Closure $next, ...$enableRoles)
+    {
+        /* @var User $user */
+        $user = $request->user(getGuardName());
+        $role = $user->roles();
+        if($role->pluck('identify')->intersect($enableRoles)->isEmpty()) {
+            CommonBusinessException::throwError(Errors::NO_OPERATE_PERMISSION);
+        }
+        return $next($request);
+    }
+}

tests/Jiesuan/Http/Controllers/FinanceCheckControllerTest.php

@@ -17,8 +17,8 @@ class FinanceCheckControllerTest extends UsedTestCase
             'status' => 4,
 //            'owner_name' => 'fsd1'
         ]);
-//        $res->dump();
-        $this->dumpJson($res);
+        $res->dump();
+//        $this->dumpJson($res);
     }
     public function testCheck()
     {

tests/UsedTestCase.php

@@ -13,9 +13,9 @@ abstract class UsedTestCase extends BaseTestCase
     {
         parent::setUp(); // TODO: Change the autogenerated stub
         $tokenInfo = $this->post('http://localhost/api/login', [
-            'email' => 'catch@admin.com',
+//            'email' => 'catch@admin.com',
             'remember' => false,
-//            'email' => 'xiaoli@qq.com',
+            'email' => 'xiaoli@qq.com',
             'password' => 'catchadmin',
 //            'email' => 'aa4@test.com',
         ])->json();