fix: 内容列表接口设置表单请求白名单字段

app/Http/Controllers/Admin/ContentController.php

@@ -20,7 +20,7 @@ use Illuminate\View\View;
 
 class ContentController extends Controller
 {
-    protected $formNames = [];
+    protected $formNames = ['created_at', 'updated_at'];
 
     protected $entity = null;
 
@@ -64,6 +64,7 @@ class ContentController extends Controller
      * 内容列表数据接口
      *
      * @param Request $request
+     * @param integer $entity
      * @return array
      */
     public function list(Request $request, $entity)
@@ -74,6 +75,7 @@ class ContentController extends Controller
         }
 
         $perPage = (int) $request->get('limit', 50);
+        $this->formNames = array_merge($this->formNames, EntityFieldRepository::getFields($entity));
         $condition = $request->only($this->formNames);
 
         $data = ContentRepository::list($entity, $perPage, $condition);
@@ -116,7 +118,7 @@ class ContentController extends Controller
 
         try {
             ContentRepository::add($request->only(
-                EntityFieldRepository::getByEntityId($entity)->pluck('name')->toArray()
+                EntityFieldRepository::getFields($entity)
             ));
             return [
                 'code' => 0,

app/Repository/Admin/EntityFieldRepository.php

@@ -64,4 +64,10 @@ class EntityFieldRepository
         return  EntityField::query()->where('entity_id', $id)
             ->orderBy('order')->orderBy('is_show_inline')->get();
     }
+
+    public static function getFields($entityId)
+    {
+        return  EntityField::query()->select('name')->where('entity_id', $entityId)->get()
+            ->pluck('name')->toArray();
+    }
 }