diff --git a/FlyCube/MpApi/Controller/AdminController.class.php b/FlyCube/MpApi/Controller/AdminController.class.php
index cbdb20a..8743978 100644
--- a/FlyCube/MpApi/Controller/AdminController.class.php
+++ b/FlyCube/MpApi/Controller/AdminController.class.php
@@ -193,53 +193,83 @@ class AdminController extends PublicController
 	 */
 	public function saveAdmin()
 	{
-		//总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
+		// 总管理员 可接收任何shop_id，非总管理员只能调用自身shop_id，否则会中断
 		$this->isPower();
 
 		if ($_REQUEST['id'] && $_REQUEST['uname'] && $_REQUEST['shop_id']) {
-			//data数据
+			$adminDb = D('adminuser');
+
+			// 查询当前管理员数据（用以比对 role 和判断 unique）
+			$currentAdmin = $adminDb->where([
+				'id' => $_REQUEST['id'],
+				'shop_id' => $_REQUEST['shop_id']
+			])->find();
+
+			if (!$currentAdmin) {
+				echo json_encode(['status' => 0, 'msg' => '用户不存在']);
+				exit;
+			}
+
 			$data['uname'] = $_REQUEST['uname'];
+
 			if ($_REQUEST['pwd']) {
 				$data['pwd'] = MD5(MD5($_REQUEST['pwd']));
 			}
-			//如果有上传图片得操作 执行如下
-			if ($_REQUEST['upFile']) { //有新图上传 则把图片从temp目录 复制到目标目录
-				if (!(copy("Data/UploadFiles/temp/" . $_REQUEST['upFile'], "Data/UploadFiles/photo/" . $_REQUEST['upFile']))) {
-					echo json_encode(array('status' => 0, 'msg' => '图片复制失败'));
+
+			// 上传头像处理
+			if ($_REQUEST['upFile']) {
+				$tempPath = "Data/UploadFiles/temp/" . $_REQUEST['upFile'];
+				$targetPath = "Data/UploadFiles/photo/" . $_REQUEST['upFile'];
+
+				if (!copy($tempPath, $targetPath)) {
+					echo json_encode(['status' => 0, 'msg' => '图片复制失败']);
 					exit;
 				}
-				if ($_REQUEST['oldFile']) { //存在老图 既删掉老图 没有成功的话 将刚才复制到此目录得新图也一并删除
-					if (!(unlink("Data/UploadFiles/photo/" . basename($_REQUEST['oldFile'])))) {
-						unlink("Data/UploadFiles/photo/" . $_REQUEST['upFile']);
-						echo json_encode(array('status' => 0, 'msg' => '原图删除失败'));
+
+				if ($_REQUEST['oldFile']) {
+					$oldFilePath = "Data/UploadFiles/photo/" . basename($_REQUEST['oldFile']);
+					if (!unlink($oldFilePath)) {
+						unlink($targetPath); // 删除新图
+						echo json_encode(['status' => 0, 'msg' => '原图删除失败']);
 						exit;
 					}
 				}
-				$data['photo'] = json_encode(array($_REQUEST['upFile'])); //序列化储存
+
+				$data['photo'] = json_encode([$_REQUEST['upFile']]);
 			}
-			//如果有角色变更
-			if (isset($_REQUEST['role'])) {
-				$validRoles = [5, 6]; //5:商家管理员 6:商家编辑
-				if (!in_array($_REQUEST['role'], $validRoles)) {
-					echo json_encode(array('status' => 0, 'msg' => '无效的角色'));
+
+			// 如果提交的 role 与数据库中的 role 不一致，视为试图变更角色
+			if (isset($_REQUEST['role']) && $_REQUEST['role'] != $currentAdmin['role']) {
+				if ($currentAdmin['unique'] == 1) {
+					echo json_encode(['status' => 0, 'msg' => '总管理员权限不允许更改角色']);
 					exit;
 				}
+
+				$validRoles = [5, 6]; // 商家管理员、商家编辑
+				if (!in_array($_REQUEST['role'], $validRoles)) {
+					echo json_encode(['status' => 0, 'msg' => '无效的角色']);
+					exit;
+				}
+
 				$data['role'] = $_REQUEST['role'];
 			}
-			//where条件
-			$where['id'] = $_REQUEST['id'];
-			$where['shop_id'] = $_REQUEST['shop_id'];
-			//录入数据库
-			$adminDb = D('adminuser');
+
+			// where 条件
+			$where = [
+				'id' => $_REQUEST['id'],
+				'shop_id' => $_REQUEST['shop_id']
+			];
+
 			if ($adminDb->where($where)->data($data)->save()) {
-				echo json_encode(array('status' => 1, 'msg' => '更新成功'));
+				echo json_encode(['status' => 1, 'msg' => '更新成功']);
 			} else {
-				echo json_encode(array('status' => 0, 'msg' => '更新失败'));
+				echo json_encode(['status' => 0, 'msg' => '更新失败']);
 			}
 		} else {
-			echo json_encode(array('status' => 0, 'msg' => '参数有误'));
+			echo json_encode(['status' => 0, 'msg' => '参数有误']);
 		}
 	}
+
 	/**
 	 * @description: 管理员账号删除 ps:只改 del字段标识 并非真正删除
 	 */
@@ -250,30 +280,46 @@ class AdminController extends PublicController
 		}
 
 		if ($_REQUEST['idArr']) {
-			// 解构id组
+			// 解构 id 组
 			$idArr = is_array($_REQUEST['idArr'])
 				? $_REQUEST['idArr']
 				: explode(',', strval($_REQUEST['idArr']));
+
 			// 判断是否包含自身 ID
 			if (in_array($this->admin_id, $idArr)) {
-				echo json_encode(array('status' => 0, 'msg' => '不能删除自身'));
+				echo json_encode(['status' => 0, 'msg' => '不能删除自身']);
 				exit;
 			}
-			/**删除业务逻辑 */
-			$where['id'] = array("in", $idArr);
-			//data数据
-			$data['del'] = '1';
-			//录入数据库
+
+			// 查询是否包含 unique = 1 的管理员（总管理员）
 			$adminDb = D('adminuser');
+			$checkMap['id'] = ['in', $idArr];
+			if ($this->tokenShop_id != C('powerId')) {
+				$checkMap['shop_id'] = $this->tokenShop_id;
+			}
+
+			$admins = $adminDb->where($checkMap)->select();
+			foreach ($admins as $admin) {
+				if ($admin['unique'] == 1) {
+					echo json_encode(['status' => 0, 'msg' => '不能删除总管理员']);
+					exit;
+				}
+			}
+
+			// 执行逻辑删除
+			$where['id'] = ['in', $idArr];
+			$data['del'] = '1';
+
 			if ($adminDb->where($where)->save($data)) {
-				echo json_encode(array('status' => 1, 'msg' => '删除成功'));
+				echo json_encode(['status' => 1, 'msg' => '删除成功']);
 			} else {
-				echo json_encode(array('status' => 0, 'msg' => '删除失败'));
+				echo json_encode(['status' => 0, 'msg' => '删除失败']);
 			}
 		} else {
-			echo json_encode(array('status' => 0, 'msg' => '参数有误'));
+			echo json_encode(['status' => 0, 'msg' => '参数有误']);
 		}
 	}
+
 	/**
 	 * @description: 向管理员用户发布公告
 	 */