时间戳

首页 > 解决方案 > 如何确保每个事件只能通过 codeigniter 中的 role_id 查看(只有超级管理员可以查看所有列表)?

php - 如何确保每个事件只能通过 codeigniter 中的 role_id 查看(只有超级管理员可以查看所有列表)?

问题描述

我的数据可以在 CodeIgniter 的这张图片中看到活动列表

这是事件控制器

这是事件模型

我想确保每个事件只能通过角色 ID 查看。我试图改变控制器Event.php:

public function index($school_id = null, $id = null, $role_id=null) {
     
        check_permission(VIEW);

        

        $this->data['events'] = $this->event->get_event_list($school_id, $role_id);
        $this->data['roles'] = $this->event->get_list('roles', array('status' => 1), '', '', 'id','ASC');
        $this->data['filter_school_id'] = $school_id;
        $this->data['schools'] = $this->schools;
       
        $this->data['list'] = TRUE;
        $this->layout->title($this->lang->line('manage_event') . ' | ' . SMS);
        $this->layout->view('event/index', $this->data);
    }

我也尝试更改 event_model.php:

public function get_event_list($school_id = null, $role_id=null) {
        
        $this->db->select('E.*, S.school_name, R.name');
        $this->db->from('events AS E');
        $this->db->join('roles AS R', 'R.id = E.role_id', 'left');
        $this->db->join('schools AS S', 'S.id = E.school_id', 'left');
        
        if($this->session->userdata('role_id') != SUPER_ADMIN){
            $this->db->where('E.school_id', $this->session->userdata('school_id'));
            $this->db->where('R.role_id', $this->session->userdata('role_id'));
        }
        
        if($this->session->userdata('role_id') == SUPER_ADMIN && $school_id){
            $this->db->where('E.school_id', $school_id);
        }
        $this->db->where('S.status', 1);
        $this->db->order_by('E.id', 'DESC');
        
        return $this->db->get()->result();
        
    }

标签: phpcodeigniter

解决方案

我已经知道怎么做,所以我只是在事件模型上更改了一些编码:

 public function get_event_list($school_id = null, $role_id ){
  
    $this->db->select('E.*, S.school_name, R.name');
    $this->db->from('events AS E');
    $this->db->join('roles AS R', 'R.id = E.role_id', 'left');
    $this->db->join('schools AS S', 'S.id = E.school_id', 'left');
    
    if($this->session->userdata('role_id') != SUPER_ADMIN){
        $this->db->where('E.school_id', $this->session->userdata('school_id'));
        $this->db->where('E.role_id', $this->session->userdata('role_id'));
        
    }
    
    if($this->session->userdata('role_id') == SUPER_ADMIN && $school_id){
        $this->db->where('E.school_id', $school_id);
    }
    $this->db->where('S.status', 1);
    $this->db->order_by('E.id', 'DESC');
    
    return $this->db->get()->result();

这个是用于事件控制器的:

公共函数索引($school_id = null,$id = null,$role_id=null){

    check_permission(VIEW);

    $this->data['school'] = array();
    $school_id = $this->session->userdata('school_id');
    $class_id = $this->session->userdata('class_id');
    $role_id = $this->session->userdata('role_id');
    

    $this->data['events'] = $this->event->get_event_list($school_id, $role_id);
    $this->data['roles'] = $this->event->get_list('roles', array('status' => 1,), '', '', 'id', 'ASC');
    $this->data['filter_school_id'] = $school_id;
    $this->data['schools'] = $this->schools;
   
    $this->data['list'] = TRUE;
    $this->layout->title($this->lang->line('manage_event') . ' | ' . SMS);
    $this->layout->view('event/index', $this->data);
}

推荐阅读