diff --git a/FlyCube/MpApi/Controller/AdminController.class.php b/FlyCube/MpApi/Controller/AdminController.class.php index 3ede0ca..f1cab5b 100644 --- a/FlyCube/MpApi/Controller/AdminController.class.php +++ b/FlyCube/MpApi/Controller/AdminController.class.php @@ -13,8 +13,9 @@ class AdminController extends PublicController */ public function getShopList() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } $shopDb = D('shop'); @@ -30,7 +31,7 @@ class AdminController extends PublicController public function addShop() { // 非总管理员,拒绝操作 - if ($this->tokenShop_id != C('powerId')) { + if ($this->tokenPower != 'master') { echo json_encode(array('status' => 0, 'msg' => '没有权限')); exit; } @@ -128,8 +129,7 @@ class AdminController extends PublicController */ public function saveShop() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['price_min'] && $_REQUEST['weight_max'] && $_REQUEST['default_transport_price'] && $_REQUEST['default_pack_price']) { //data数据 @@ -180,8 +180,9 @@ class AdminController extends PublicController */ public function getAdminList() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } $where['del'] = '0'; $adminuserDb = D('adminuser'); @@ -196,8 +197,7 @@ class AdminController extends PublicController */ public function addAdmin() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['name'] && $_REQUEST['uname'] && $_REQUEST['pwd']) { //如果有上传图片得操作 执行如下 @@ -239,8 +239,7 @@ class AdminController extends PublicController */ public function saveAdmin() { - // 总管理员 可接收任何shop_id,非总管理员只能调用自身shop_id,否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['id'] && $_REQUEST['uname'] && $_REQUEST['shop_id']) { $adminDb = D('adminuser'); @@ -321,8 +320,9 @@ class AdminController extends PublicController */ public function deleteAdmin() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } if ($_REQUEST['idArr']) { @@ -332,7 +332,7 @@ class AdminController extends PublicController : explode(',', strval($_REQUEST['idArr'])); // 判断是否包含自身 ID - if (in_array($this->admin_id, $idArr)) { + if (in_array($this->tokenAdmin_id, $idArr)) { echo json_encode(['status' => 0, 'msg' => '不能删除自身']); exit; } @@ -371,12 +371,9 @@ class AdminController extends PublicController */ public function pubMessage() { - if ($this->tokenShop_id != C('powerId')) { - $shop_id = $this->tokenShop_id; //非总管理员 - } else { - $shop_id = $_REQUEST['shop_id']; - } + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 + $shop_id = $_REQUEST['shop_id']; // 参数校验 if (!isset($_REQUEST['idArr']) || !isset($_REQUEST['tit']) || !isset($_REQUEST['message']) || !isset($_REQUEST['endTime']) || !isset($_REQUEST['message']) || !isset($_REQUEST['shop_id'])) { echo json_encode(array('status' => 0, 'msg' => '参数不完整')); @@ -394,7 +391,7 @@ class AdminController extends PublicController foreach ($idArr as $admin_id) { $dataList[] = array( 'shop_id' => $shop_id, - 'by_admin_id' => $this->admin_id, + 'by_admin_id' => $this->tokenAdmin_id, 'admin_id' => intval($admin_id), 'message' => $message, 'tit' => $tit, @@ -418,11 +415,11 @@ class AdminController extends PublicController public function getMessageList() { // 权限判断 - if ($this->tokenShop_id != C('powerId')) { + if (!$this->isPower()) { $where['m.shop_id'] = $this->tokenShop_id; // 非总管理员 只返回自己的账户信息 } - $adminId = $this->admin_id; //当前管理员 + $adminId = $this->tokenAdmin_id; //当前管理员 $now = time(); // 构造查询条件 @@ -474,7 +471,7 @@ class AdminController extends PublicController public function getAllMessageList() { // 权限判断 - if ($this->tokenShop_id != C('powerId')) { + if (!$this->isPower()) { //非管理员 只返回自己的店铺 $where['m.shop_id'] = $this->tokenShop_id; } @@ -546,7 +543,7 @@ class AdminController extends PublicController public function deleteMessage() { // 权限判断(总管理员可操作所有单位) - if ($this->tokenShop_id != C('powerId')) { + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } @@ -581,8 +578,9 @@ class AdminController extends PublicController */ public function getCategoryList() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } $order['sort'] = 'desc'; @@ -682,14 +680,18 @@ class AdminController extends PublicController echo json_encode(array('status' => 0, 'msg' => '参数有误')); } } + /** + * @description: 删除分类 + */ public function deleteCategory() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; + } if ($_REQUEST['delIdArr'] && $_REQUEST['shop_id']) { //where条件 - $where['shop_id'] = $_REQUEST['shop_id']; $where['id'] = array("in", $_REQUEST['delIdArr']); $categoryDb = D('category'); if ($categoryDb->where($where)->delete()) { @@ -706,8 +708,9 @@ class AdminController extends PublicController */ public function getSpuList() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } $where['del'] = '0'; $order['sort'] = 'desc'; @@ -885,8 +888,9 @@ class AdminController extends PublicController */ public function deleteSpu() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } if ($_REQUEST['idArr']) { @@ -910,8 +914,9 @@ class AdminController extends PublicController */ public function getSkuList() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } $where['del'] = '0'; @@ -1021,8 +1026,9 @@ class AdminController extends PublicController */ public function deleteSku() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } if ($_REQUEST['idArr']) { @@ -1046,7 +1052,8 @@ class AdminController extends PublicController */ public function getPaidOrderList() { - if ($this->tokenShop_id != C('powerId')) { + // 权限判断 + if (!$this->isPower()) { $where['o.shop_id'] = $this->tokenShop_id; // 非总管理员只返回自己的订单 } @@ -1083,12 +1090,9 @@ class AdminController extends PublicController */ public function getOrderList() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); - - // 添加 shop_id 条件 - if ($_REQUEST['shop_id'] != '') { - $where['shop_id'] = $_REQUEST['shop_id']; + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } // 添加 start_time 和 end_time 条件 @@ -1152,8 +1156,9 @@ class AdminController extends PublicController */ public function getOrderDetails() { - if ($this->tokenShop_id != C('powerId')) { - $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息 + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } if ($_REQUEST['id']) { diff --git a/FlyCube/MpApi/Controller/LoginController.class.php b/FlyCube/MpApi/Controller/LoginController.class.php index 28b5d42..02032fb 100644 --- a/FlyCube/MpApi/Controller/LoginController.class.php +++ b/FlyCube/MpApi/Controller/LoginController.class.php @@ -54,7 +54,7 @@ class LoginController extends Controller //删除多余信息 unset($adminInfo['pwd']); //创建token - $token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id'])); + $token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id'], 'power' => $adminInfo['power'])); //登陆成功 返回token echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE); } else { diff --git a/FlyCube/MpApi/Controller/PlaneController.class.php b/FlyCube/MpApi/Controller/PlaneController.class.php index caaba27..b12d836 100644 --- a/FlyCube/MpApi/Controller/PlaneController.class.php +++ b/FlyCube/MpApi/Controller/PlaneController.class.php @@ -21,7 +21,8 @@ class PlaneController extends PublicController */ public function getPlaneClassList() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } $where['del'] = "0"; @@ -38,8 +39,7 @@ class PlaneController extends PublicController */ public function addPlaneClass() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['class_name']) { $data['shop_id'] = $_REQUEST['shop_id']; @@ -65,8 +65,7 @@ class PlaneController extends PublicController */ public function savePlaneClass() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['class_name'] && $_REQUEST['id']) { $data['class_name'] = $_REQUEST['class_name']; @@ -93,9 +92,7 @@ class PlaneController extends PublicController */ public function deletePlaneClass() { - if ($this->tokenShop_id != C('powerId')) { // 非总管理员 - $where['shop_id'] = $this->tokenShop_id; - } + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if (isset($_REQUEST['idArr']) && !empty($_REQUEST['idArr'])) { $idArr = explode(',', $_REQUEST['idArr']); @@ -115,9 +112,7 @@ class PlaneController extends PublicController 'del' => '0' ]; - if ($this->tokenShop_id != C('powerId')) { - $bindWhere['shop_id'] = $this->tokenShop_id; - } + $bindWhere['shop_id'] = $_REQUEST['shop_id']; $linkedPlanes = $airDb->where($bindWhere)->field('id,name,bind_class_id')->select(); @@ -135,9 +130,7 @@ class PlaneController extends PublicController // 关联飞机为空,执行软删除 $classDb = D('airplane_class'); $delWhere = ['id' => ['in', $idArr]]; - if (isset($where['shop_id'])) { - $delWhere['shop_id'] = $where['shop_id']; - } + $delWhere['shop_id'] = $_REQUEST['shop_id']; $data = ['del' => '1']; if ($classDb->where($delWhere)->save($data) !== false) { @@ -156,15 +149,15 @@ class PlaneController extends PublicController */ public function getAirList() { + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 + $airDb = D('airplane_register'); // 飞机表 $prefix = C('DB_PREFIX'); // 获取表前缀 $where = []; - if ($this->tokenShop_id != C('powerId')) { // 非总管理员 - $where['a.shop_id'] = $this->tokenShop_id; - } + $where['a.shop_id'] = $_REQUEST['shop_id']; $where['a.del'] = '0'; // 需要的字段,带表别名 @@ -200,7 +193,7 @@ class PlaneController extends PublicController */ public function addAir() { - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['date']) { $data['shop_id'] = $_REQUEST['shop_id']; @@ -263,7 +256,8 @@ class PlaneController extends PublicController */ public function deleteAir() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } if (isset($_REQUEST['idArr'])) { @@ -290,7 +284,8 @@ class PlaneController extends PublicController */ public function crosFrequency() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } if ($_REQUEST['macAdd'] && $_REQUEST['id']) { @@ -314,9 +309,11 @@ class PlaneController extends PublicController */ public function getSiteList() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断(总管理员可操作所有单位) + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } + $siteDb = D('receive_site'); $field = array('id', 'shop_id', 'sitename', 'qr', 'photo', 'bind_route', 'runing', 'describe'); if ($siteList = $siteDb->where($where)->field($field)->select()) { @@ -330,8 +327,7 @@ class PlaneController extends PublicController */ public function addSite() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['sitename']) { $rsDb = D('receive_site'); @@ -392,8 +388,7 @@ class PlaneController extends PublicController */ public function saveSite() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['sitename']) { $rsDb = D('receive_site'); @@ -469,7 +464,8 @@ class PlaneController extends PublicController */ public function deleteSite() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断 + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } $where['id'] = array("in", $_REQUEST['idArr']); @@ -542,7 +538,8 @@ class PlaneController extends PublicController */ public function getRouteList() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断 + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } $where['del'] = "0"; @@ -589,8 +586,7 @@ class PlaneController extends PublicController */ public function addRoute() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['upFile']) { $routeDb = D('route'); @@ -622,8 +618,7 @@ class PlaneController extends PublicController */ public function saveRoute() { - //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 - $this->isPower(); + $this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['id']) { $where['id'] = $_REQUEST['id']; @@ -659,9 +654,11 @@ class PlaneController extends PublicController */ public function deleteRoute() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断 + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } + // 获取要删除的航线ID数组 $idArr = explode(',', strval($_REQUEST['idArr'])); @@ -703,10 +700,9 @@ class PlaneController extends PublicController public function setNoflyData() { if ($_REQUEST['shop_id']) { - if ($this->tokenShop_id != C('powerId')) { + // 权限判断 + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; - } else { - $where['shop_id'] = $_REQUEST['shop_id']; } $noflyDb = D('nofly'); @@ -752,19 +748,11 @@ class PlaneController extends PublicController */ public function getNoflyData() { - if (!isset($_REQUEST['shop_id'])) { - echo json_encode(['status' => 0, 'msg' => '缺少参数 shop_id']); - exit; + // 权限判断 + if (!$this->isPower()) { + $where['shop_id'] = $this->tokenShop_id; } - $shop_id = $_REQUEST['shop_id']; - - if ($this->tokenShop_id != C('powerId')) { - $shop_id = $this->tokenShop_id; - } - - $where['shop_id'] = $shop_id; - $noflyDb = D('nofly'); $field = ['id', 'shop_id', 'nofly_data', 'restrictfly_data', 'restrictfly_height']; $noflyData = $noflyDb->where($where)->field($field)->find(); @@ -901,7 +889,8 @@ class PlaneController extends PublicController */ public function questAss() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断 + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } //前端提交数据校验 @@ -974,6 +963,10 @@ class PlaneController extends PublicController */ public function getFlyDataByIdArr() { + // 权限判断 + if (!$this->isPower()) { + $where['a.shop_id'] = $this->tokenShop_id; + } $idArrStr = I('post.idArr'); $startTime = I('post.startTime', 0, 'intval'); $endTime = I('post.endTime', 0, 'intval'); @@ -1000,11 +993,6 @@ class PlaneController extends PublicController 'f.start_time' => array('between', array($startTime, $endTime)), ); - // 非总管理员需加店铺限制 - if ($this->tokenShop_id != C('powerId')) { - $where['a.shop_id'] = $this->tokenShop_id; - } - // 查询字段 $fields = array( 'f.id', @@ -1038,7 +1026,8 @@ class PlaneController extends PublicController */ public function deleteFlyDataByIdArr() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + // 权限判断 + if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; } diff --git a/FlyCube/MpApi/Controller/PublicController.class.php b/FlyCube/MpApi/Controller/PublicController.class.php index f5e1dae..f6324e8 100644 --- a/FlyCube/MpApi/Controller/PublicController.class.php +++ b/FlyCube/MpApi/Controller/PublicController.class.php @@ -14,7 +14,8 @@ use PhpMqtt\Client\ConnectionSettings; class PublicController extends Controller { protected $tokenShop_id; - protected $admin_id; + protected $tokenAdmin_id; + protected $tokenPower; //**************** //构造函数 //**************** @@ -32,7 +33,8 @@ class PublicController extends Controller $decoded = JWT::decode($token, new Key($jwtKey, 'HS256')); // Token 没有过期,继续处理 token验证通过 获取shop_id admin_id $this->tokenShop_id = $decoded->shop_id; - $this->admin_id = $decoded->admin_id; + $this->tokenAdmin_id = $decoded->admin_id; + $this->tokenPower = $decoded->power; } catch (\Firebase\JWT\ExpiredException $e) { // Token 过期 echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期')); @@ -53,7 +55,9 @@ class PublicController extends Controller */ protected function isPower() { - if ($this->tokenShop_id != C('powerId')) { //非总管理员 + if ($this->tokenPower == 'master') { //总管理员 + return true; + } else { if ($this->tokenShop_id != $_REQUEST['shop_id']) { // 提交的不是自己shopid退出 echo json_encode(array('status' => 0, 'msg' => '没有权限')); exit;