公司可以创建自定义字段，不可以创建全局自定义字段，超级管理员创建的全局自定义字段

app/Http/Controllers/API/CustomFieldController.php

@@ -19,7 +19,7 @@ class CustomFieldController extends Controller
      */
     public function index(Request $request)
     {
-        $customFields = CustomField::query()->filter($request->all())->get();
+        $customFields = CustomField::query()->allowed()->filter($request->all())->get();
 
         return CustomFieldResource::collection($customFields);
     }
@@ -29,24 +29,27 @@ class CustomFieldController extends Controller
      */
     public function store(CreateOrUpdateRequest $request)
     {
-        if (Auth::user()->super_admin) {
-            $namingRule = NamingRule::query()->where("id", $request->group)->first();
-            if (!in_array($request->group, config("custom-field.groups")) && !$namingRule) {
-                return $this->forbidden("Operation without permission");
-            }
-        } else {
-            $namingRule = NamingRule::query()->where("company_id", Auth::user()->company_id)->where("id", $request->group)->first();
-            if (! $namingRule) {
-                return $this->forbidden('Naming rule does not exist');
-            }
+        $namingRule = NamingRule::query()->where("id", $request->group)->first();
+        if (!in_array($request->group, config("custom-field.groups")) && !$namingRule) {
+            return $this->forbidden("Operation without permission");
         }
 
-        CustomField::query()->updateOrCreate([
+        $global = Auth::user()->super_admin ? 1 : 0;
+
+        if ($global === 1 && !Auth::user()->super_admin) {
+            return $this->forbidden("Cannot change global Custom Field without super admin permissions");
+        }
+
+
+        CustomField::query()->allowed()->updateOrCreate([
             'group' => $request->group,
             'key' => $request->key,
-        ], $request->all());
+            'company_id'=>Auth::user()->company_id,
+            'global'=>$global,
+        ],$request->all());
 
         return $this->created();
+
     }
 
     public function groups()
@@ -72,7 +75,7 @@ class CustomFieldController extends Controller
      */
     public function show(string $id)
     {
-        $field = CustomField::query()->findOrFail($id);
+        $field = CustomField::query()->allowed()->findOrFail($id);
 
         return new CustomFieldResource($field);
     }
@@ -91,7 +94,11 @@ class CustomFieldController extends Controller
     public function destroy(string $id)
     {
         //
-        $field = CustomField::query()->findOrFail($id);
+        $field = CustomField::query()->allowed()->findOrFail($id);
+
+        if ($field->global === 1 && !Auth::user()->super_admin) {
+            return $this->forbidden("Cannot delete global Custom Field without super admin permissions");
+        }
         $field->delete();
         return $this->noContent();
     }

app/Http/Resources/API/CustomFieldResource.php

@@ -24,6 +24,8 @@ class CustomFieldResource extends JsonResource
             'type' => $this->type,
             'required' => $this->required,
             'remark' => $this->remark,
+            'global'=>$this->global,
+            'company_id'=>$this->company_id,
         ];
     }
 }

app/Http/Resources/API/UserInfoResource.php

@@ -4,6 +4,7 @@ namespace App\Http\Resources\API;
 
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Facades\Auth;
 
 class UserInfoResource extends JsonResource
 {
@@ -29,6 +30,7 @@ class UserInfoResource extends JsonResource
             'role' => new RoleResource($this->role),
             'status' =>$this->status,
             'menus' => $this->menus ?: [],
+            'super_admin'=>Auth::user()->super_admin,
         ];
     }
 }

app/Models/CustomField.php

@@ -3,9 +3,12 @@
 namespace App\Models;
 
 use EloquentFilter\Filterable;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 
+use Illuminate\Support\Facades\Auth;
+
 class CustomField extends Model
 {
     use HasFactory, Filterable;
@@ -13,7 +16,7 @@ class CustomField extends Model
     public $timestamps = false;
 
     protected $fillable = [
-        'group', 'key', 'options', 'type', 'required', 'label','remark','inputs'
+        'group', 'key', 'options', 'type', 'required', 'label','remark','inputs','company_id','global'
     ];
 
     protected $casts = [
@@ -21,4 +24,13 @@ class CustomField extends Model
         'options' => 'array',
         'inputs'=>'array',
     ];
+
+    public function scopeAllowed(Builder $query): void
+    {
+        $query->where(function (Builder $query) {
+            return $query->where('global', 1);
+        })->orWhere(function (Builder $query) {
+            return $query->where('company_id', Auth::user()->company_id)->where('global', 0);
+        });
+    }
 }

database/migrations/2024_08_05_172443_add_company_id_and_global_custom_fields.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('custom_fields', function (Blueprint $table) {
+            //
+            $table->integer("company_id")->after("id")->nullable();
+            $table->tinyInteger('global')->after("id")->default(0)->comment("0:no;1-yes");
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('custom_fields', function (Blueprint $table) {
+            //
+            $table->dropColumn(['company_id','global']);
+        });
+    }
+};