【类型】：fix

【原因】：删除用户时是可以删除自己的【过程】：token里面记录用户id 删除用户时判断有没有自身id 【影响】： # 类型包含: # feat：新功能（feature） # fix：修补bug # docs：文档（documentation） # style：格式（不影响代码运行的变动） # refactor：重构（即不是新增功能，也不是修改bug的代码变动） # test：增加测试 # chore：构建过程或辅助工具的变动
2025-06-12 15:25:04 +08:00 · 2025-06-12 15:25:04 +08:00 · d233215cdb
commit d233215cdb
parent 5e7a9ed0cb
3 changed files with 11 additions and 5 deletions
--- a/FlyCube/MpApi/Controller/AdminController.class.php
+++ b/FlyCube/MpApi/Controller/AdminController.class.php
@ -235,9 +235,13 @@ class AdminController extends PublicController
 			exit;
 		}

-		if ($_REQUEST['idArr']) {
+		if (!empty($_REQUEST['idArr']) && is_array($_REQUEST['idArr'])) {
+			// 判断是否包含自身 ID
+			if (in_array($this->admin_id, $_REQUEST['idArr'])) {
+				echo json_encode(array('status' => 0, 'msg' => '不能删除自身'));
+				exit;
+			}
 			// 获取要删除的航线ID数组
-			$idArr = explode(',', strval($_REQUEST['idArr']));
 			$where['id'] = array("in", $_REQUEST['idArr']);
 			//data数据
 			$data['del'] = '1';
--- a/FlyCube/MpApi/Controller/LoginController.class.php
+++ b/FlyCube/MpApi/Controller/LoginController.class.php
@ -31,7 +31,7 @@ class LoginController extends Controller
 		$adminuserDb = D('adminuser');
 		$where['name'] = $_POST['username'];
 		$where['del'] = '0';
-		$adminInfo = $adminuserDb->where($where)->field('name,uname,pwd,qx,shop_id,photo,lasttime')->find();
+		$adminInfo = $adminuserDb->where($where)->field('id,name,uname,pwd,qx,shop_id,photo,lasttime')->find();
 		if ($adminInfo) {
 			if (MD5(MD5($_POST['password'])) == $adminInfo['pwd']) {
 				//登陆成功
@ -51,7 +51,7 @@ class LoginController extends Controller
 				//删除多余信息
 				unset($adminInfo['pwd']);
 				//创建token
-				$token = $this->makeToken(array('shop_id' => $this->shop_id));
+				$token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id']));
 				//登陆成功 返回token
 				echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE);
 			} else {
--- a/FlyCube/MpApi/Controller/PublicController.class.php
+++ b/FlyCube/MpApi/Controller/PublicController.class.php
@ -14,6 +14,7 @@ use PhpMqtt\Client\ConnectionSettings;
 class PublicController extends Controller
 {
 	protected $tokenShop_id;
+	protected $admin_id;
 	//****************
 	//构造函数
 	//****************
@ -29,8 +30,9 @@ class PublicController extends Controller
 		try {
 			// 解码 JWT Token
 			$decoded = JWT::decode($token, new Key($jwtKey, 'HS256'));
-			// Token 没有过期，继续处理 token验证通过 获取shop_id
+			// Token 没有过期，继续处理 token验证通过 获取shop_id admin_id
 			$this->tokenShop_id = $decoded->shop_id;
+			$this->admin_id = $decoded->admin_id;
 		} catch (\Firebase\JWT\ExpiredException $e) {
 			// Token 过期
 			echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期'));