lizhuoran/KnowledgeBase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(权限): 实现用户权限管理功能

Browse Source 
- 更新 UserResource 添加角色和权限管理
  - 添加角色选择字段(多选)
  - 添加直接权限配置(按模块分组的复选框列表)
  - 在用户列表中显示角色和权限数量
  - 添加角色筛选器
  - 防止删除超级管理员
- 创建 ViewUser 页面显示用户详细权限信息
  - 显示所有权限(角色权限 + 直接权限)
  - 按模块分组展示权限
  - 区分显示直接权限
- 创建 UserPolicy 控制用户管理权限
  - 基于 user.* 权限控制访问
  - 保护超级管理员不被编辑和删除
  - 防止用户删除自己
- 在 AppServiceProvider 中注册 UserPolicy
This commit is contained in:
李卓然
2026-03-11 10:03:21 +08:00
parent a17fe167b0
commit dfe0ff42bc
4 changed files with 388 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

179
app/Filament/Resources/UserResource.php
View File

@@ -31,32 +31,103 @@ class UserResource extends Resource
{
return $form
->schema([
Forms\Components\TextInput::make('name')
->label('用户名称')
->required()
->maxLength(255)
->placeholder('请输入用户名称'),
Forms\Components\TextInput::make('email')
->label('邮箱')
->email()
->required()
->maxLength(255)
->placeholder('请输入邮箱地址'),
Forms\Components\TextInput::make('password')
->label('密码')
->password()
->required(fn (string $context): bool => $context === 'create')
->dehydrated(fn ($state) => filled($state))
->minLength(8)
->placeholder('请输入密码至少8位')
->helperText('编辑时留空表示不修改密码'),
Forms\Components\Select::make('groups')
->label('所属分组')
->multiple()
->relationship('groups', 'name')
->preload()
->placeholder('请选择用户所属的分组')
->helperText('用户可以属于多个分组'),
Forms\Components\Section::make('基本信息')
->schema([
Forms\Components\TextInput::make('name')
->label('用户名称')
->required()
->maxLength(255)
->placeholder('请输入用户名称'),
Forms\Components\TextInput::make('email')
->label('邮箱')
->email()
->required()
->maxLength(255)
->placeholder('请输入邮箱地址'),
Forms\Components\TextInput::make('password')
->label('密码')
->password()
->required(fn (string $context): bool => $context === 'create')
->dehydrated(fn ($state) => filled($state))
->minLength(8)
->placeholder('请输入密码至少8位')
->helperText('编辑时留空表示不修改密码'),
])
->columns(2),
Forms\Components\Section::make('分组与角色')
->schema([
Forms\Components\Select::make('groups')
->label('所属分组')
->multiple()
->relationship('groups', 'name')
->preload()
->placeholder('请选择用户所属的分组')
->helperText('用户可以属于多个分组'),
Forms\Components\Select::make('roles')
->label('角色')
->multiple()
->relationship('roles', 'name')
->preload()
->placeholder('请选择用户角色')
->helperText('角色决定用户的基础权限')
->searchable(),
])
->columns(2),
Forms\Components\Section::make('直接权限')
->description('为用户分配额外的权限,这些权限会叠加到角色权限之上')
->schema([
Forms\Components\CheckboxList::make('permissions')
->label('权限列表')
->relationship('permissions', 'name')
->columns(3)
->gridDirection('row')
->options(function () {
return \Spatie\Permission\Models\Permission::all()
->groupBy(function ($permission) {
return explode('.', $permission->name)[0];
})
->map(function ($permissions, $module) {
$moduleNames = [
'document' => '文档管理',
'sop' => 'SOP模板',
'terminal' => '终端管理',
'user' => '用户管理',
'role' => '角色管理',
'group' => '分组管理',
'system' => '系统设置',
'activity' => '操作日志',
];
return $permissions->pluck('name', 'name')
->mapWithKeys(function ($name) use ($moduleNames) {
$parts = explode('.', $name);
$module = $parts[0];
$action = $parts[1] ?? '';
$actionNames = [
'view' => '查看',
'create' => '创建',
'update' => '编辑',
'delete' => '删除',
'export' => '导出',
'import' => '导入',
'publish' => '发布',
'archive' => '归档',
'download' => '下载',
'sync' => '同步',
];
$label = ($moduleNames[$module] ?? $module) . ' - ' . ($actionNames[$action] ?? $action);
return [$name => $label];
});
})
->flatten()
->toArray();
})
->searchable()
->bulkToggleable(),
])
->collapsible()
->collapsed(),
]);
}
@@ -75,11 +146,33 @@ class UserResource extends Resource
->label('邮箱')
->searchable()
->sortable(),
Tables\Columns\TextColumn::make('roles.name')
->label('角色')
->badge()
->color(fn (string $state): string => match ($state) {
'super-admin' => 'danger',
'admin' => 'warning',
'user' => 'success',
default => 'gray',
})
->formatStateUsing(fn (string $state): string => match ($state) {
'super-admin' => '超级管理员',
'admin' => '管理员',
'user' => '普通用户',
default => $state,
})
->searchable()
->toggleable(),
Tables\Columns\TextColumn::make('groups.name')
->label('所属分组')
->badge()
->searchable()
->toggleable(),
Tables\Columns\TextColumn::make('permissions_count')
->label('权限数量')
->counts('permissions')
->sortable()
->toggleable(),
Tables\Columns\TextColumn::make('created_at')
->label('创建时间')
->dateTime('Y-m-d H:i:s')
@@ -92,7 +185,11 @@ class UserResource extends Resource
->toggleable(isToggledHiddenByDefault: true),
])
->filters([
//
Tables\Filters\SelectFilter::make('roles')
->label('角色')
->relationship('roles', 'name')
->multiple()
->preload(),
])
->actions([
Tables\Actions\ViewAction::make()
@@ -100,12 +197,35 @@ class UserResource extends Resource
Tables\Actions\EditAction::make()
->label('编辑'),
Tables\Actions\DeleteAction::make()
->label('删除'),
->label('删除')
->before(function (Tables\Actions\DeleteAction $action, User $record) {
// 防止删除超级管理员
if ($record->isSuperAdmin()) {
\Filament\Notifications\Notification::make()
->danger()
->title('无法删除')
->body('不能删除超级管理员账户')
->send();
$action->cancel();
}
}),
])
->bulkActions([
Tables\Actions\BulkActionGroup::make([
Tables\Actions\DeleteBulkAction::make()
->label('批量删除'),
->label('批量删除')
->before(function (Tables\Actions\DeleteBulkAction $action, $records) {
// 检查是否包含超级管理员
$hasSuperAdmin = $records->contains(fn ($record) => $record->isSuperAdmin());
if ($hasSuperAdmin) {
\Filament\Notifications\Notification::make()
->danger()
->title('无法删除')
->body('选中的用户中包含超级管理员,无法批量删除')
->send();
$action->cancel();
}
}),
]),
])
->defaultSort('created_at', 'desc');
@@ -123,6 +243,7 @@ class UserResource extends Resource
return [
'index' => Pages\ListUsers::route('/'),
'create' => Pages\CreateUser::route('/create'),
'view' => Pages\ViewUser::route('/{record}'),
'edit' => Pages\EditUser::route('/{record}/edit'),
];
}