love_php/app/Http/Middleware/LimitWorkerAndMatcher.php

<?php

namespace App\Http\Middleware;

use Closure;
use App\Models\PaasActivity;
use App\Services\UserService;
use App\Models\Order;
class LimitWorkerAndMatcher
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $admin_type = $request->session()->get('admin_type');
        if ($admin_type == 'worker' || $admin_type == 'matcher') {
            return $this->failure('没有权限访问');
        }
        //当前路由
        $route_name = $request->route()->getName();
        //平台推荐路由
        $invite_users = ["user_invite_users", "platform_invite_users"];
        //用户推荐路由
        $referre_routes = [
            "add_referres","referres","referres_award_histories"
        ];
        $user_route = ['update_user', 'user_orders', 'user_score_histories', 'user_gift_histories'];
        //用户订单
        $order_routes = ['order'];
        //认证
        $approve_routes = ['approve_user'];
        //活动路由
        $activitt_routes = [
            'activity','update_activity', 'activity_order', 'activity_welcome'
        ];
        if ($admin_type == 'paas_admin') {//平台管理员
            $paas_obj = $request->session()->get('paas_obj');
            //用户推荐模块
            if (in_array($route_name, $referre_routes)) {
                return $this->failure('没有权限访问');
            }
            //用户
            if (in_array($route_name, $user_route)) {
                $user_id = $request->user_id;
                $userService = new UserService;
                $paas_user_ids = $userService->paasUserIds($paas_obj->name, 'MAIN')->toArray();
                if (!in_array($user_id, $paas_user_ids)) {
                    return $this->failure('没有权限访问');
                }
            }
            //订单
            if (in_array($route_name, $order_routes)) {
                $order_id = $request->order_id;
                $userService = new UserService;
                $paas_user_ids = $userService->paasUserIds($paas_obj->name, 'MAIN')->toArray();
                $paas_order_ids = Order::whereIn('user_id', $paas_user_ids)->pluck('id')->toArray();
                if (!in_array($order_id, $paas_order_ids)) {
                    return $this->failure('没有权限访问');
                }
            }
            //认证
            if (in_array($route_name, $approve_routes)) {
                $user_id = $request->user_id;
                $userService = new UserService;
                $paas_user_ids = $userService->paasUserIds($paas_obj->name, 'MAIN')->toArray();
                if (!in_array($user_id, $paas_user_ids)) {
                    return $this->failure('没有权限访问');
                }
            }
            if (in_array($route_name, $activitt_routes)) {
                $activity_id = $request->activity_id;
                $paas_activity_ids = PaasActivity::where('paas_id', $paas_obj->id)->pluck('activity_id')->toArray();
                if (!in_array($activity_id, $paas_activity_ids)) {
                    return $this->failure('没有权限访问');
                }
            }
        }

        return $next($request);
    }

    public function failure($msg)
    {
        $result = [
            'code'=> 1,
            'message'=> $msg,
        ];
        return Response()->json($result);
    }
}