refactor: kb & station & terminal

2026-03-23 20:17:17 +08:00
parent 63ea2686e1
commit b74ba1a3f8
81 changed files with 1016 additions and 2492 deletions
--- a/app/Policies/DocumentPolicy.php
+++ b/app/Policies/DocumentPolicy.php
@@ -49,39 +49,7 @@ class DocumentPolicy
     */
    public function view(User $user, Document $document): bool
    {
-        // 首先检查用户是否有查看文档的权限
-        if (!$user->can('document.view')) {
-            $this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
-            return false;
-        }
-
-        // 如果是全局文档，所有用户都可以查看
-        if ($document->type === 'global') {
-            return true;
-        }
-
-        // 如果是专用文档，检查用户是否属于该文档的分组
-        if ($document->type === 'dedicated') {
-            // 如果文档没有关联分组，拒绝访问
-            if (!$document->group_id) {
-                $this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
-                return false;
-            }
-
-            // 检查用户是否属于该文档的分组
-            $hasAccess = $user->groups()->where('groups.id', $document->group_id)->exists();
-            
-            // 如果没有权限，记录未授权访问尝试
-            if (!$hasAccess) {
-                $this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
-            }
-            
-            return $hasAccess;
-        }
-
-        // 其他情况拒绝访问
-        $this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
-        return false;
+        return $user->can('document.view');
    }

    /**
@@ -169,36 +137,7 @@ class DocumentPolicy
     */
    public function download(User $user, Document $document): bool
    {
-        // 首先检查用户是否有下载文档的权限
-        if (!$user->can('document.download')) {
-            $this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
-            return false;
-        }
-
-        // 下载权限与查看权限相同（但不需要 document.view 权限）
-        // 如果是全局文档，所有用户都可以下载
-        if ($document->type === 'global') {
-            return true;
-        }
-
-        // 如果是专用文档，检查用户是否属于该文档的分组
-        if ($document->type === 'dedicated') {
-            if (!$document->group_id) {
-                $this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
-                return false;
-            }
-
-            $hasAccess = $user->groups()->where('groups.id', $document->group_id)->exists();
-            
-            if (!$hasAccess) {
-                $this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
-            }
-            
-            return $hasAccess;
-        }
-
-        $this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
-        return false;
+        return $user->can('document.download');
    }

    /**
--- a/app/Policies/GroupPolicy.php
+++ b/app/Policies/GroupPolicy.php
@@ -1,72 +0,0 @@
-<?php
-
-namespace App\Policies;
-
-use App\Models\Group;
-use App\Models\User;
-
-class GroupPolicy
-{
-    /**
-     * 查看分组列表
-     */
-    public function viewAny(User $user): bool
-    {
-        return $user->can('group.view');
-    }
-
-    /**
-     * 查看分组详情
-     */
-    public function view(User $user, Group $group): bool
-    {
-        return $user->can('group.view');
-    }
-
-    /**
-     * 创建分组
-     */
-    public function create(User $user): bool
-    {
-        return $user->can('group.create');
-    }
-
-    /**
-     * 更新分组
-     */
-    public function update(User $user, Group $group): bool
-    {
-        return $user->can('group.update');
-    }
-
-    /**
-     * 删除分组
-     */
-    public function delete(User $user, Group $group): bool
-    {
-        // 首先检查权限
-        if (!$user->can('group.delete')) {
-            return false;
-        }
-
-        // 检查是否有关联文档
-        if ($group->documents()->count() > 0) {
-            return false;
-        }
-
-        // 检查是否有关联用户
-        if ($group->users()->count() > 0) {
-            return false;
-        }
-
-        return true;
-    }
-
-    /**
-     * 批量删除分组
-     */
-    public function deleteAny(User $user): bool
-    {
-        return $user->can('group.delete');
-    }
-}
--- a/app/Policies/StationPolicy.php
+++ b/app/Policies/StationPolicy.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Policies;
+
+use App\Models\Station;
+use App\Models\User;
+
+class StationPolicy
+{
+    public function viewAny(User $user): bool
+    {
+        return $user->can('station.view');
+    }
+
+    public function view(User $user, Station $station): bool
+    {
+        return $user->can('station.view');
+    }
+
+    public function create(User $user): bool
+    {
+        return $user->can('station.create');
+    }
+
+    public function update(User $user, Station $station): bool
+    {
+        return $user->can('station.update');
+    }
+
+    public function delete(User $user, Station $station): bool
+    {
+        return $user->can('station.delete');
+    }
+
+    public function deleteAny(User $user): bool
+    {
+        return $user->can('station.delete');
+    }
+}