From af915275f35b97cef2c701ddbcde34b6f319c635 Mon Sep 17 00:00:00 2001
From: air <30444667+sszdot@users.noreply.github.com>
Date: Wed, 25 Jun 2025 10:50:58 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=90=E7=B1=BB=20=20=E5=9E=8B=E3=80=91?=
 =?UTF-8?q?=EF=BC=9A=20=E3=80=90=E5=8E=9F=20=20=E5=9B=A0=E3=80=91=EF=BC=9A?=
 =?UTF-8?q?=20=E3=80=90=E8=BF=87=20=20=E7=A8=8B=E3=80=91=EF=BC=9A=20?=
 =?UTF-8?q?=E3=80=90=E5=BD=B1=20=20=E5=93=8D=E3=80=91=EF=BC=9A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controller/AdminController.class.php      | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/FlyCube/MpApi/Controller/AdminController.class.php b/FlyCube/MpApi/Controller/AdminController.class.php
index b211fa1..6910b97 100644
--- a/FlyCube/MpApi/Controller/AdminController.class.php
+++ b/FlyCube/MpApi/Controller/AdminController.class.php
@@ -162,14 +162,21 @@ class AdminController extends PublicController
 				}
 				$data['photo'] = json_encode(array($_REQUEST['upFile'])); //序列化储存
 			}
+
 			//data数据
 			$data['name'] = $_REQUEST['name'];
 			$data['uname'] = $_REQUEST['uname'];
 			$data['pwd'] = MD5(MD5($_REQUEST['pwd']));
 			$data['shop_id'] = $_REQUEST['shop_id'];
 			$data['addtime'] = time();
-			$data['role'] = $_REQUEST['role'];
-
+			if (isset($_REQUEST['role'])) {
+				$validRoles = [5, 6]; //5:商家管理员 6:商家编辑
+				if (!in_array($_REQUEST['role'], $validRoles)) {
+					echo json_encode(array('status' => 0, 'msg' => '无效的角色'));
+					exit;
+				}
+				$data['role'] = $_REQUEST['role'];
+			}
 			//录入数据库
 			$adminDb = D('adminuser');
 			if ($adminDb->data($data)->add()) {
@@ -210,6 +217,15 @@ class AdminController extends PublicController
 				}
 				$data['photo'] = json_encode(array($_REQUEST['upFile'])); //序列化储存
 			}
+			//如果有角色变更
+			if (isset($_REQUEST['role'])) {
+				$validRoles = [5, 6]; //5:商家管理员 6:商家编辑
+				if (!in_array($_REQUEST['role'], $validRoles)) {
+					echo json_encode(array('status' => 0, 'msg' => '无效的角色'));
+					exit;
+				}
+				$data['role'] = $_REQUEST['role'];
+			}
 			//where条件
 			$where['id'] = $_REQUEST['id'];
 			$where['shop_id'] = $_REQUEST['shop_id'];