repair_lite/app/Models/Permission.php

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;

const SUPER_ADMIN = 1; // 超级管理员，拥有所有权限
const SYSTEM_ADMIN = 2; // 系统管理员，交付产品时可提供的最高管理员账号
const GUEST_USER = 128; //普通用户

class Permission extends Model
{
    protected $table = "permission";
    public $timestamps = false;

    // 此时应该初始化需要的管理员账号
    function __construct(array $attributes = [])
    {
        parent::__construct($attributes);
    }

    /**
     * @param string $uid
     * @param int $rights
     * @return string
     */
    public function IsAccess(string $uid, int $rights)
    {
//        $this->where("uid",$uid)
//            ->where("is_del", false)
//            ->where("status", "normal")
//            ->where("role", "&");
        $data = DB::select("select uid from permission where uid = ? and is_del = false and status = normal and role & ? > 0;", [$uid, $rights]);
        if (!$data) {
            return "permission denied";
        }
        return $data->uid;
    }

    /**
     * @param string $adminUid
     * @param string $uid
     * @param string $rights
     * @return string
     */
    public function ModifyRole(string $adminUid, string $uid, string $rights)
    {
        // Verify that the current user has permission to modify permissions
        $data = DB::select("select uid, role from permission where uid = ? and is_del = false and status = ? and role & ? > 0;", [$adminUid, "normal", SUPER_ADMIN | SYSTEM_ADMIN]);
        log::debug($data);
        if (!$data) {
            log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but permission denied");
            return "permission denied";
        }
        if ($data->uid < 1) {
            log::debug("ModifyRole with adminUid: " . $adminUid . ", uid: " . $uid . ", rights: " . $rights . " but invalid admin uid: " . $adminUid);
            return "invalid admin uid: " . $adminUid;
        }

        if ($data->right >= $rights) {
            log::debug("ModifyRole with adminUid: " . $adminUid . ", admin role: ". $data->role . ", uid: " . $uid . ", rights: " . $rights . " but have no permission to grant higher rights");
            return "have no permission to grant higher rights";
        }

        // modify the user's rights
        $result = $this->where("uid", $uid)
            ->where("is_del", false)
            ->where("status", "normal")
            ->update(["role" => $rights]);
        if (!$result) {
            return "grant rights failed";
        }
        return "success";
    }

}