api Employee::UserRole

app/Http/Middleware/CheckUserRole.php

@@ -5,6 +5,7 @@ namespace App\Http\Middleware;
 use Closure;
 use Illuminate\Http\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Illuminate\Support\Arr;
 
 class CheckUserRole
 {
@@ -17,8 +18,12 @@ class CheckUserRole
     {
         $user = auth('api')->user();
         $currentRole = $user->userRole();
-        if (!in_array($currentRole, $roles)) {
-            throw new \App\Exceptions\RuntimeException('没有权限');
+        // dd($currentRole, $roles);
+        foreach ($currentRole as $role) {
+            $roleValue = $role->value;
+            if (!in_array($roleValue, $roles)) {
+                throw new \App\Exceptions\RuntimeException('没有权限');
+            }
         }
         return $next($request);
     }

app/Models/Employee.php

@@ -99,14 +99,15 @@ class Employee extends Model implements AuthenticatableContract
     /**
      * 用户身份
      * user: 普通员工, store: 店长, admin: 管理员
+     * @return array
      */
     public function userRole()
     {
-        $role = UserRole::User;
+        $role = [
+            $this->store_id && $this->store->master_id == $this->id ? UserRole::Store : UserRole::User
+        ];
         if ($this->isAdministrator()) {
-            $role = UserRole::Admin;
-        } else if ($this->store_id && $this->store->master_id == $this->id) {
-            $role = UserRole::Store;
+            array_push($role, UserRole::Admin);
         }
         return $role;
     }

routes/api.php

@@ -30,5 +30,5 @@ Route::group([
     Route::post('feedback', [FeedbackController::class, 'store']);
 
     // 员工管理
-    Route::get('hr/employee', [\App\Http\Controllers\Api\Hr\EmployeeController::class, 'index'])->middleware(['user_role:store,admin']);
+    Route::get('hr/employee', [\App\Http\Controllers\Api\Hr\EmployeeController::class, 'index'])->middleware(['user_role:admin,store']);
 });