refactor: kb & station & terminal
This commit is contained in:
@@ -49,39 +49,7 @@ class DocumentPolicy
|
||||
*/
|
||||
public function view(User $user, Document $document): bool
|
||||
{
|
||||
// 首先检查用户是否有查看文档的权限
|
||||
if (!$user->can('document.view')) {
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
|
||||
return false;
|
||||
}
|
||||
|
||||
// 如果是全局文档,所有用户都可以查看
|
||||
if ($document->type === 'global') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// 如果是专用文档,检查用户是否属于该文档的分组
|
||||
if ($document->type === 'dedicated') {
|
||||
// 如果文档没有关联分组,拒绝访问
|
||||
if (!$document->group_id) {
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
|
||||
return false;
|
||||
}
|
||||
|
||||
// 检查用户是否属于该文档的分组
|
||||
$hasAccess = $user->groups()->where('groups.id', $document->group_id)->exists();
|
||||
|
||||
// 如果没有权限,记录未授权访问尝试
|
||||
if (!$hasAccess) {
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
|
||||
}
|
||||
|
||||
return $hasAccess;
|
||||
}
|
||||
|
||||
// 其他情况拒绝访问
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'view');
|
||||
return false;
|
||||
return $user->can('document.view');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -169,36 +137,7 @@ class DocumentPolicy
|
||||
*/
|
||||
public function download(User $user, Document $document): bool
|
||||
{
|
||||
// 首先检查用户是否有下载文档的权限
|
||||
if (!$user->can('document.download')) {
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
|
||||
return false;
|
||||
}
|
||||
|
||||
// 下载权限与查看权限相同(但不需要 document.view 权限)
|
||||
// 如果是全局文档,所有用户都可以下载
|
||||
if ($document->type === 'global') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// 如果是专用文档,检查用户是否属于该文档的分组
|
||||
if ($document->type === 'dedicated') {
|
||||
if (!$document->group_id) {
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
|
||||
return false;
|
||||
}
|
||||
|
||||
$hasAccess = $user->groups()->where('groups.id', $document->group_id)->exists();
|
||||
|
||||
if (!$hasAccess) {
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
|
||||
}
|
||||
|
||||
return $hasAccess;
|
||||
}
|
||||
|
||||
$this->securityLogger->logUnauthorizedAccess($user, $document, 'download');
|
||||
return false;
|
||||
return $user->can('document.download');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user