feat(procurement): 統一採購單按鈕樣式與術語更名為「作廢」,並加強權限控管
This commit is contained in:
@@ -70,4 +70,50 @@ class PurchaseOrder extends Model
|
||||
{
|
||||
return $this->hasMany(PurchaseOrderItem::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* 檢查是否可以轉移至新狀態,並驗證權限。
|
||||
*/
|
||||
public function canTransitionTo(string $newStatus, $user = null): bool
|
||||
{
|
||||
$user = $user ?? auth()->user();
|
||||
if (!$user) return false;
|
||||
if ($user->hasRole('super-admin')) return true;
|
||||
|
||||
$currentStatus = $this->status;
|
||||
|
||||
// 定義合法的狀態轉移路徑與所需權限
|
||||
$transitions = [
|
||||
'draft' => [
|
||||
'pending' => 'purchase_orders.view', // 基本檢視者即可送審
|
||||
'cancelled' => 'purchase_orders.cancel',
|
||||
],
|
||||
'pending' => [
|
||||
'approved' => 'purchase_orders.approve',
|
||||
'draft' => 'purchase_orders.approve', // 退回草稿
|
||||
'cancelled' => 'purchase_orders.cancel',
|
||||
],
|
||||
'approved' => [
|
||||
'cancelled' => 'purchase_orders.cancel',
|
||||
'partial' => null, // 系統自動轉移,不需手動權限點
|
||||
],
|
||||
'partial' => [
|
||||
'completed' => null, // 系統自動轉移
|
||||
'closed' => 'purchase_orders.approve', // 手動結案通常需要核准權限
|
||||
'cancelled' => 'purchase_orders.cancel',
|
||||
],
|
||||
];
|
||||
|
||||
if (!isset($transitions[$currentStatus])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!array_key_exists($newStatus, $transitions[$currentStatus])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$requiredPermission = $transitions[$currentStatus][$newStatus];
|
||||
|
||||
return $requiredPermission ? $user->can($requiredPermission) : true;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user