需求通过关联资产acl控制

app/Http/Controllers/API/RequirementController.php

@@ -41,6 +41,7 @@ class RequirementController extends Controller
     {
         $pageSize=$request->get('page_size') ?? 10;
         $requirements = Requirement::filter($request->all())
+            ->allowed()
             ->where('company_id',Auth::user()->company_id)
             ->orderBy('created_at', $request->input('sort','desc'))
             ->with(['createdBy', 'plan','group','asset.parent','projects'])
@@ -55,6 +56,7 @@ class RequirementController extends Controller
     {
         $pageSize=$request->get('page_size') ?? 10;
         $requirements = Requirement::filter($request->all())
+            ->allowed()
             ->where('company_id',Auth::user()->company_id)
             ->orderByDesc('created_at')
             ->paginate($pageSize);
@@ -132,7 +134,7 @@ class RequirementController extends Controller
      */
     public function show(string $id)
     {
-        $requirement = Requirement::query()->with('projects')->findOrFail($id);
+        $requirement = Requirement::query()->allowed()->with('projects')->findOrFail($id);
 
         return new RequirementResource($requirement);
     }
@@ -142,7 +144,7 @@ class RequirementController extends Controller
      */
     public function update(CreateOrUpdateRequest $request, string $id)
     {
-        $requirement = Requirement::findOrFail($id);
+        $requirement = Requirement::allowed()->findOrFail($id);
 
         $requirement->fill([
             ...$request->all(),
@@ -178,7 +180,7 @@ class RequirementController extends Controller
      */
     public function destroy(string $id)
     {
-        $requirement = Requirement::query()->with(['projects','tasks'])->findOrFail($id);
+        $requirement = Requirement::query()->allowed()->with(['projects','tasks'])->findOrFail($id);
         $requirement->delete();
 
         Approval::query()->where('object_type','requirement')->where('object_id',$id)->delete();
@@ -190,7 +192,7 @@ class RequirementController extends Controller
     }
 
     public function close(Request $request,string $id){
-        $requirement = Requirement::findOrFail($id);
+        $requirement = Requirement::allowed()->findOrFail($id);
 
         $requirement->status = RequirementStatus::CLOSED->value;
         $changes = ModelChangeDetector::detector(ActionObjectType::REQUIREMENT, $requirement);
@@ -208,7 +210,7 @@ class RequirementController extends Controller
 
     public function start(Request $request, string $id)
     {
-        $requirement = Requirement::findOrFail($id);
+        $requirement = Requirement::allowed()->findOrFail($id);
 
         $requirement->status = RequirementStatus::ACTIVE->value;
         $changes = ModelChangeDetector::detector(ActionObjectType::REQUIREMENT, $requirement);
@@ -228,7 +230,7 @@ class RequirementController extends Controller
     {
         $plan = Plan::query()->findOrFail($planId);
 
-        Requirement::query()->where("asset_id", $plan->asset_id)
+        Requirement::query()->allowed()->where("asset_id", $plan->asset_id)
             ->whereIn('id', $request->get("requirement_ids"))
             ->update([
                 'plan_id' => $plan->id,
@@ -239,7 +241,7 @@ class RequirementController extends Controller
 
     public function unlinkPlan(LinkPlanRequest $request)
     {
-        Requirement::query()->whereIn('id', $request->get("requirement_ids"))
+        Requirement::query()->allowed()->whereIn('id', $request->get("requirement_ids"))
             ->update([
                 'plan_id' => null,
             ]);

app/ModelFilters/RequirementFilter.php

@@ -27,8 +27,8 @@ class RequirementFilter extends ModelFilter
     }
 
     public function assetId($assetId){
-        $assetId = Asset::query()->where('path','like',"%," .$assetId.",%")->pluck('id');
-        return $this->whereIn('asset_id',$assetId);
+        //$assetId = Asset::query()->where('id',$assetId)->pluck('id');
+        return $this->where('asset_id',$assetId);
     }
 
 

app/Models/Requirement.php

@@ -7,6 +7,9 @@ use EloquentFilter\Filterable;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\SoftDeletes;
+use Illuminate\Database\Eloquent\Builder;
+use App\Models\Enums\AssetACL;
+use Illuminate\Support\Facades\Auth;
 
 class Requirement extends Model
 {
@@ -40,6 +43,30 @@ class Requirement extends Model
 
         static::addGlobalScope(new CompanyScope);
     }
+    public function scopeAllowed(Builder $query) : void
+    {
+        $requirementsIds = Requirement::query()->withoutGlobalScope(CompanyScope::class)->leftJoin("assets", "requirements.asset_id", "=", "assets.id")
+            ->where(function ($query){
+                $query->where('assets.acl', AssetACL::PRIVATE->value)
+                    ->where('assets.owner', Auth::id());
+            })
+            ->orwhere(function ($query){
+                $query->where('assets.acl', AssetACL::CUSTOM->value)
+                 ->where('assets.whitelist', 'like', '%,' .Auth::id() . ',%');
+             })
+            ->orwhere(function ($query){
+                $query->where('assets.acl', AssetACL::PRIVATE->value)
+                    ->where('assets.created_by', Auth::id());
+            })
+            ->orwhere(function ($query){
+                $query->whereNull('requirements.asset_id');
+            })
+            ->pluck("requirements.id")->unique();
+
+
+        $query->whereIn("id", $requirementsIds->toArray())->where('company_id',Auth::user()->company_id);
+    }
+
 
     public function createdBy(): \Illuminate\Database\Eloquent\Relations\BelongsTo
     {