From 5bf54093f9dd2dd98cc5176065b56de224b84037 Mon Sep 17 00:00:00 2001 From: oldHome Date: Fri, 27 Jun 2025 19:17:03 +0800 Subject: [PATCH] =?UTF-8?q?facotr=20=E7=AE=A1=E7=90=86=E5=91=98=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=20=E4=BF=AE=E6=94=B9=20=E8=A1=A8=E6=B7=BB=E5=8A=A0=20?= =?UTF-8?q?unique=E5=AD=97=E6=AE=B5=E7=94=A8=E6=9D=A5=E6=A0=87=E8=AF=86=20?= =?UTF-8?q?=E6=80=BB=E7=AE=A1=E7=90=86=E5=91=98=20=20=E6=9C=89=E6=AD=A4?= =?UTF-8?q?=E6=A0=87=E8=AF=86=E7=9A=84=E4=B8=8D=E8=83=BD=E5=81=9A=E5=88=A0?= =?UTF-8?q?=E9=99=A4=20=E5=92=8C=20=E6=9B=B4=E6=96=B0=E7=BB=99=E5=A4=84?= =?UTF-8?q?=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Controller/AdminController.class.php | 114 ++++++++++++------ 1 file changed, 80 insertions(+), 34 deletions(-) diff --git a/FlyCube/MpApi/Controller/AdminController.class.php b/FlyCube/MpApi/Controller/AdminController.class.php index cbdb20a..8743978 100644 --- a/FlyCube/MpApi/Controller/AdminController.class.php +++ b/FlyCube/MpApi/Controller/AdminController.class.php @@ -193,53 +193,83 @@ class AdminController extends PublicController */ public function saveAdmin() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 + // 总管理员 可接收任何shop_id,非总管理员只能调用自身shop_id,否则会中断 $this->isPower(); if ($_REQUEST['id'] && $_REQUEST['uname'] && $_REQUEST['shop_id']) { - //data数据 + $adminDb = D('adminuser'); + + // 查询当前管理员数据(用以比对 role 和判断 unique) + $currentAdmin = $adminDb->where([ + 'id' => $_REQUEST['id'], + 'shop_id' => $_REQUEST['shop_id'] + ])->find(); + + if (!$currentAdmin) { + echo json_encode(['status' => 0, 'msg' => '用户不存在']); + exit; + } + $data['uname'] = $_REQUEST['uname']; + if ($_REQUEST['pwd']) { $data['pwd'] = MD5(MD5($_REQUEST['pwd'])); } - //如果有上传图片得操作 执行如下 - if ($_REQUEST['upFile']) { //有新图上传 则把图片从temp目录 复制到目标目录 - if (!(copy("Data/UploadFiles/temp/" . $_REQUEST['upFile'], "Data/UploadFiles/photo/" . $_REQUEST['upFile']))) { - echo json_encode(array('status' => 0, 'msg' => '图片复制失败')); + + // 上传头像处理 + if ($_REQUEST['upFile']) { + $tempPath = "Data/UploadFiles/temp/" . $_REQUEST['upFile']; + $targetPath = "Data/UploadFiles/photo/" . $_REQUEST['upFile']; + + if (!copy($tempPath, $targetPath)) { + echo json_encode(['status' => 0, 'msg' => '图片复制失败']); exit; } - if ($_REQUEST['oldFile']) { //存在老图 既删掉老图 没有成功的话 将刚才复制到此目录得新图也一并删除 - if (!(unlink("Data/UploadFiles/photo/" . basename($_REQUEST['oldFile'])))) { - unlink("Data/UploadFiles/photo/" . $_REQUEST['upFile']); - echo json_encode(array('status' => 0, 'msg' => '原图删除失败')); + + if ($_REQUEST['oldFile']) { + $oldFilePath = "Data/UploadFiles/photo/" . basename($_REQUEST['oldFile']); + if (!unlink($oldFilePath)) { + unlink($targetPath); // 删除新图 + echo json_encode(['status' => 0, 'msg' => '原图删除失败']); exit; } } - $data['photo'] = json_encode(array($_REQUEST['upFile'])); //序列化储存 + + $data['photo'] = json_encode([$_REQUEST['upFile']]); } - //如果有角色变更 - if (isset($_REQUEST['role'])) { - $validRoles = [5, 6]; //5:商家管理员 6:商家编辑 - if (!in_array($_REQUEST['role'], $validRoles)) { - echo json_encode(array('status' => 0, 'msg' => '无效的角色')); + + // 如果提交的 role 与数据库中的 role 不一致,视为试图变更角色 + if (isset($_REQUEST['role']) && $_REQUEST['role'] != $currentAdmin['role']) { + if ($currentAdmin['unique'] == 1) { + echo json_encode(['status' => 0, 'msg' => '总管理员权限不允许更改角色']); exit; } + + $validRoles = [5, 6]; // 商家管理员、商家编辑 + if (!in_array($_REQUEST['role'], $validRoles)) { + echo json_encode(['status' => 0, 'msg' => '无效的角色']); + exit; + } + $data['role'] = $_REQUEST['role']; } - //where条件 - $where['id'] = $_REQUEST['id']; - $where['shop_id'] = $_REQUEST['shop_id']; - //录入数据库 - $adminDb = D('adminuser'); + + // where 条件 + $where = [ + 'id' => $_REQUEST['id'], + 'shop_id' => $_REQUEST['shop_id'] + ]; + if ($adminDb->where($where)->data($data)->save()) { - echo json_encode(array('status' => 1, 'msg' => '更新成功')); + echo json_encode(['status' => 1, 'msg' => '更新成功']); } else { - echo json_encode(array('status' => 0, 'msg' => '更新失败')); + echo json_encode(['status' => 0, 'msg' => '更新失败']); } } else { - echo json_encode(array('status' => 0, 'msg' => '参数有误')); + echo json_encode(['status' => 0, 'msg' => '参数有误']); } } + /** * @description: 管理员账号删除 ps:只改 del字段标识 并非真正删除 */ @@ -250,30 +280,46 @@ class AdminController extends PublicController } if ($_REQUEST['idArr']) { - // 解构id组 + // 解构 id 组 $idArr = is_array($_REQUEST['idArr']) ? $_REQUEST['idArr'] : explode(',', strval($_REQUEST['idArr'])); + // 判断是否包含自身 ID if (in_array($this->admin_id, $idArr)) { - echo json_encode(array('status' => 0, 'msg' => '不能删除自身')); + echo json_encode(['status' => 0, 'msg' => '不能删除自身']); exit; } - /**删除业务逻辑 */ - $where['id'] = array("in", $idArr); - //data数据 - $data['del'] = '1'; - //录入数据库 + + // 查询是否包含 unique = 1 的管理员(总管理员) $adminDb = D('adminuser'); + $checkMap['id'] = ['in', $idArr]; + if ($this->tokenShop_id != C('powerId')) { + $checkMap['shop_id'] = $this->tokenShop_id; + } + + $admins = $adminDb->where($checkMap)->select(); + foreach ($admins as $admin) { + if ($admin['unique'] == 1) { + echo json_encode(['status' => 0, 'msg' => '不能删除总管理员']); + exit; + } + } + + // 执行逻辑删除 + $where['id'] = ['in', $idArr]; + $data['del'] = '1'; + if ($adminDb->where($where)->save($data)) { - echo json_encode(array('status' => 1, 'msg' => '删除成功')); + echo json_encode(['status' => 1, 'msg' => '删除成功']); } else { - echo json_encode(array('status' => 0, 'msg' => '删除失败')); + echo json_encode(['status' => 0, 'msg' => '删除失败']); } } else { - echo json_encode(array('status' => 0, 'msg' => '参数有误')); + echo json_encode(['status' => 0, 'msg' => '参数有误']); } } + /** * @description: 向管理员用户发布公告 */