From acba3c9f62fe4e1b1c66f1469b39b4ebeed6dd56 Mon Sep 17 00:00:00 2001 From: Boen_Shi Date: Wed, 29 Apr 2026 14:24:32 +0800 Subject: [PATCH] =?UTF-8?q?fix(=E6=9C=8D=E5=8A=A1=E5=99=A8=E8=B5=84?= =?UTF-8?q?=E6=BA=90):=20=E4=BF=AE=E5=A4=8D=E8=A7=92=E8=89=B2=E7=BB=A7?= =?UTF-8?q?=E6=89=BF=E6=9D=83=E9=99=90=E4=B8=8B=E8=B5=84=E6=BA=90=E4=B8=8D?= =?UTF-8?q?=E5=8F=AF=E8=A7=81=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 资源列表筛选增加对角色继承权限的解析,合并用户直连权限与继承权限后再计算可见资源。 --- .gitignore | 1 + .../Api/ServerResourceController.php | 35 ++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 7abfa0b..3d491bc 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ AGENTS.md CLAUDE.md .mcp.json boost.json +LOG.md diff --git a/app/Http/Controllers/Api/ServerResourceController.php b/app/Http/Controllers/Api/ServerResourceController.php index bbca3c4..8ef5b34 100644 --- a/app/Http/Controllers/Api/ServerResourceController.php +++ b/app/Http/Controllers/Api/ServerResourceController.php @@ -16,6 +16,7 @@ use Illuminate\Http\Client\ConnectionException; use Illuminate\Http\Client\RequestException; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; +use Illuminate\Support\Collection; use Illuminate\Support\Facades\Http; use Illuminate\Validation\ValidationException; use Spatie\Permission\Models\Permission; @@ -38,7 +39,7 @@ class ServerResourceController extends Controller $user = auth('api')->user(); if ($user && ! $user->can('platform.servers.view')) { - $resourceIds = $user->serverResources() + $pivotResourceIds = $user->serverResources() ->where(function ($pivotQuery) { $pivotQuery->where('can_ssh', true) ->orWhere('can_sftp', true) @@ -47,6 +48,13 @@ class ServerResourceController extends Controller ->pluck('server_resources.id') ->values(); + $permissionResourceIds = $this->resolveResourceIdsFromPermissions($user); + $resourceIds = $pivotResourceIds + ->merge($permissionResourceIds) + ->map(fn ($id): int => (int) $id) + ->unique() + ->values(); + $parentIds = ServerResource::query() ->whereIn('id', $resourceIds) ->pluck('parent_id') @@ -61,6 +69,31 @@ class ServerResourceController extends Controller return response()->json(['code' => 0, 'message' => 'ok', 'data' => $query->paginate(500)]); } + private function resolveResourceIdsFromPermissions(User $user): Collection + { + $allPermissions = $user->getAllPermissions(); + if ($allPermissions->contains(fn (Permission $permission): bool => $permission->name === 'resource.servers.use')) { + return ServerResource::query() + ->whereNotNull('parent_id') + ->pluck('id') + ->values(); + } + + $resourceIds = collect(); + foreach ($allPermissions as $permission) { + if (! str_starts_with((string) $permission->name, 'resource.servers.use.')) { + continue; + } + + $description = (string) ($permission->description ?? ''); + if (preg_match('/资源ID[::]\s*(\d+)/u', $description, $matches) === 1) { + $resourceIds->push((int) $matches[1]); + } + } + + return $resourceIds->unique()->values(); + } + #[Apidoc\Title('创建资源'), Apidoc\Method('POST'), Apidoc\Url('/servers')] public function store(StoreServerResourceRequest $request): JsonResponse {