fix(api): 修复权限可见性与资源访问授权判定

2026-05-06 18:26:00 +08:00 · 2026-05-06 18:26:00 +08:00 · fa966ab489
commit fa966ab489
parent ce907ee7c4
3 changed files with 3 additions and 10 deletions
--- a/app/Http/Controllers/Api/PermissionController.php
+++ b/app/Http/Controllers/Api/PermissionController.php
@ -17,7 +17,7 @@ class PermissionController extends Controller
    public function __construct()
    {
        $this->middleware('auth:api');
-        $this->middleware('permission:platform.permissions.view,api')->only(['index', 'show']);
+        $this->middleware('permission:platform.permissions.view|platform.roles.manage|platform.users.manage,api')->only(['index', 'show']);
        $this->middleware('permission:platform.permissions.manage,api')->only(['store', 'update', 'destroy', 'syncRolePermissions']);
    }

--- a/app/Http/Controllers/Api/ServerResourceController.php
+++ b/app/Http/Controllers/Api/ServerResourceController.php
@ -72,13 +72,6 @@ class ServerResourceController extends Controller
    private function resolveResourceIdsFromPermissions(User $user): Collection
    {
        $allPermissions = $user->getAllPermissions();
-        if ($allPermissions->contains(fn (Permission $permission): bool => $permission->name === 'resource.servers.use')) {
-            return ServerResource::query()
-                ->whereNotNull('parent_id')
-                ->pluck('id')
-                ->values();
-        }
-
        $resourceIds = collect();
        foreach ($allPermissions as $permission) {
            $permissionName = (string) $permission->name;
@ -682,7 +675,7 @@ class ServerResourceController extends Controller

    private function canUseResource(User $user, ServerResource $resource, string $protocol): bool
    {
-        if ($user->can('platform.servers.view') || $user->can('resource.servers.use')) {
+        if ($user->can('platform.servers.view')) {
            return true;
        }

--- a/app/Http/Controllers/Api/UserController.php
+++ b/app/Http/Controllers/Api/UserController.php
@ -544,7 +544,7 @@ class UserController extends Controller
        $managedResourceIds = Permission::query()
            ->where('guard_name', 'api')
            ->where('name', 'like', 'resource.servers.use.%')
-            ->where('description', 'like', '服务器资源访问权限（资源ID:%')
+            ->where('description', 'like', '服务器资源访问权限（%资源ID:%')
            ->pluck('description')
            ->map(fn (string $description): ?int => $this->resourceIdFromPermissionDescription($description))
            ->filter(fn (?int $resourceId): bool => $resourceId !== null)