Food/food_server
3
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Food:master
Branches Tags
Food:master
Food:Branch_9f129428
..
compare: Food:Branch_9f129428
Branches Tags
Food:Branch_9f129428
Food:master

1 Commits
master ... Branch_9f1

Author SHA1 Message Date
air
f202f1b312 【类 型】:fix 
【原  因】: 追溯 “权限监测” 修改前的代码
【过  程】:
【影  响】:

# 类型 包含:
# feat:新功能(feature)
# fix:修补bug
# docs:文档(documentation)
# style: 格式(不影响代码运行的变动)
# refactor:重构(即不是新增功能,也不是修改bug的代码变动)
# test:增加测试
# chore:构建过程或辅助工具的变动
 2025-09-24 15:47:18 +08:00
5 changed files with 107 additions and 102 deletions
Show Stats Expand all files Collapse all files

1
FlyCube/Common/Conf/config.php
View File

@ -25,6 +25,7 @@ return array(
'payLogger_path' => 'C:/phpstudy_pro/cert/logs/wechat.log', //微信支付日志路径文件 'payLogger_path' => 'C:/phpstudy_pro/cert/logs/wechat.log', //微信支付日志路径文件
), ),
'LimitApi' => "*", //限制可以访问api的域名 通配符* 开放所有域名 'LimitApi' => "*", //限制可以访问api的域名 通配符* 开放所有域名
'powerId' => '2dc23dcfecc05fb1', //主管理员的shop_id 用于权限判断
'jwtKey' => 'T!o@k_en', //签发 解析token的key 'jwtKey' => 'T!o@k_en', //签发 解析token的key
//mqtt //mqtt
'mqtt' => array( 'mqtt' => array(

98
FlyCube/MpApi/Controller/AdminController.class.php
View File

@ -13,9 +13,8 @@ class AdminController extends PublicController
*/ */
public function getShopList() public function getShopList()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
$shopDb = D('shop'); $shopDb = D('shop');
@ -31,7 +30,7 @@ class AdminController extends PublicController
public function addShop() public function addShop()
{ {
// 非总管理员,拒绝操作 // 非总管理员,拒绝操作
if ($this->tokenPower != 'master') { if ($this->tokenShop_id != C('powerId')) {
echo json_encode(array('status' => 0, 'msg' => '没有权限')); echo json_encode(array('status' => 0, 'msg' => '没有权限'));
exit; exit;
} }
@ -84,6 +83,7 @@ class AdminController extends PublicController
$shopDb = D('shop'); $shopDb = D('shop');
$adminuserDb = D('adminuser'); $adminuserDb = D('adminuser');
// 开启事务 // 开启事务
$shopDb->startTrans(); $shopDb->startTrans();
@ -129,7 +129,8 @@ class AdminController extends PublicController
*/ */
public function saveShop() public function saveShop()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['price_min'] && $_REQUEST['weight_max'] && $_REQUEST['default_transport_price'] && $_REQUEST['default_pack_price']) { if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['price_min'] && $_REQUEST['weight_max'] && $_REQUEST['default_transport_price'] && $_REQUEST['default_pack_price']) {
//data数据 //data数据
@ -180,9 +181,8 @@ class AdminController extends PublicController
*/ */
public function getAdminList() public function getAdminList()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
$where['del'] = '0'; $where['del'] = '0';
$adminuserDb = D('adminuser'); $adminuserDb = D('adminuser');
@ -197,7 +197,8 @@ class AdminController extends PublicController
*/ */
public function addAdmin() public function addAdmin()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['name'] && $_REQUEST['uname'] && $_REQUEST['pwd']) { if ($_REQUEST['name'] && $_REQUEST['uname'] && $_REQUEST['pwd']) {
//如果有上传图片得操作 执行如下 //如果有上传图片得操作 执行如下
@ -239,7 +240,8 @@ class AdminController extends PublicController
*/ */
public function saveAdmin() public function saveAdmin()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 // 总管理员 可接收任何shop_id非总管理员只能调用自身shop_id否则会中断
$this->isPower();
if ($_REQUEST['id'] && $_REQUEST['uname'] && $_REQUEST['shop_id']) { if ($_REQUEST['id'] && $_REQUEST['uname'] && $_REQUEST['shop_id']) {
$adminDb = D('adminuser'); $adminDb = D('adminuser');
@ -320,9 +322,8 @@ class AdminController extends PublicController
*/ */
public function deleteAdmin() public function deleteAdmin()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员
$where['shop_id'] = $this->tokenShop_id;
} }
if ($_REQUEST['idArr']) { if ($_REQUEST['idArr']) {
@ -332,7 +333,7 @@ class AdminController extends PublicController
: explode(',', strval($_REQUEST['idArr'])); : explode(',', strval($_REQUEST['idArr']));
// 判断是否包含自身 ID // 判断是否包含自身 ID
if (in_array($this->tokenAdmin_id, $idArr)) { if (in_array($this->admin_id, $idArr)) {
echo json_encode(['status' => 0, 'msg' => '不能删除自身']); echo json_encode(['status' => 0, 'msg' => '不能删除自身']);
exit; exit;
} }
@ -371,9 +372,12 @@ class AdminController extends PublicController
*/ */
public function pubMessage() public function pubMessage()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($this->tokenShop_id != C('powerId')) {
$shop_id = $this->tokenShop_id; //非总管理员
} else {
$shop_id = $_REQUEST['shop_id'];
}
$shop_id = $_REQUEST['shop_id'];
// 参数校验 // 参数校验
if (!isset($_REQUEST['idArr']) || !isset($_REQUEST['tit']) || !isset($_REQUEST['message']) || !isset($_REQUEST['endTime']) || !isset($_REQUEST['message']) || !isset($_REQUEST['shop_id'])) { if (!isset($_REQUEST['idArr']) || !isset($_REQUEST['tit']) || !isset($_REQUEST['message']) || !isset($_REQUEST['endTime']) || !isset($_REQUEST['message']) || !isset($_REQUEST['shop_id'])) {
echo json_encode(array('status' => 0, 'msg' => '参数不完整')); echo json_encode(array('status' => 0, 'msg' => '参数不完整'));
@ -391,7 +395,7 @@ class AdminController extends PublicController
foreach ($idArr as $admin_id) { foreach ($idArr as $admin_id) {
$dataList[] = array( $dataList[] = array(
'shop_id' => $shop_id, 'shop_id' => $shop_id,
'by_admin_id' => $this->tokenAdmin_id, 'by_admin_id' => $this->admin_id,
'admin_id' => intval($admin_id), 'admin_id' => intval($admin_id),
'message' => $message, 'message' => $message,
'tit' => $tit, 'tit' => $tit,
@ -415,11 +419,11 @@ class AdminController extends PublicController
public function getMessageList() public function getMessageList()
{ {
// 权限判断 // 权限判断
if (!$this->isPower()) { if ($this->tokenShop_id != C('powerId')) {
$where['m.shop_id'] = $this->tokenShop_id; // 非总管理员 只返回自己的账户信息 $where['m.shop_id'] = $this->tokenShop_id; // 非总管理员 只返回自己的账户信息
} }
$adminId = $this->tokenAdmin_id; //当前管理员 $adminId = $this->admin_id; //当前管理员
$now = time(); $now = time();
// 构造查询条件 // 构造查询条件
@ -471,7 +475,7 @@ class AdminController extends PublicController
public function getAllMessageList() public function getAllMessageList()
{ {
// 权限判断 // 权限判断
if (!$this->isPower()) { //非管理员 只返回自己的店铺 if ($this->tokenShop_id != C('powerId')) {
$where['m.shop_id'] = $this->tokenShop_id; $where['m.shop_id'] = $this->tokenShop_id;
} }
@ -543,7 +547,7 @@ class AdminController extends PublicController
public function deleteMessage() public function deleteMessage()
{ {
// 权限判断(总管理员可操作所有单位) // 权限判断(总管理员可操作所有单位)
if (!$this->isPower()) { if ($this->tokenShop_id != C('powerId')) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
@ -578,9 +582,8 @@ class AdminController extends PublicController
*/ */
public function getCategoryList() public function getCategoryList()
{ {
// 权限判断(总管理员可操作所有单位) if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
$order['sort'] = 'desc'; $order['sort'] = 'desc';
@ -680,18 +683,14 @@ class AdminController extends PublicController
echo json_encode(array('status' => 0, 'msg' => '参数有误')); echo json_encode(array('status' => 0, 'msg' => '参数有误'));
} }
} }
/**
* @description: 删除分类
*/
public function deleteCategory() public function deleteCategory()
{ {
// 权限判断(总管理员可操作所有单位) //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
if (!$this->isPower()) { $this->isPower();
$where['shop_id'] = $this->tokenShop_id;
}
if ($_REQUEST['delIdArr'] && $_REQUEST['shop_id']) { if ($_REQUEST['delIdArr'] && $_REQUEST['shop_id']) {
//where条件 //where条件
$where['shop_id'] = $_REQUEST['shop_id'];
$where['id'] = array("in", $_REQUEST['delIdArr']); $where['id'] = array("in", $_REQUEST['delIdArr']);
$categoryDb = D('category'); $categoryDb = D('category');
if ($categoryDb->where($where)->delete()) { if ($categoryDb->where($where)->delete()) {
@ -708,9 +707,8 @@ class AdminController extends PublicController
*/ */
public function getSpuList() public function getSpuList()
{ {
// 权限判断(总管理员可操作所有单位) if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
$where['del'] = '0'; $where['del'] = '0';
$order['sort'] = 'desc'; $order['sort'] = 'desc';
@ -888,9 +886,8 @@ class AdminController extends PublicController
*/ */
public function deleteSpu() public function deleteSpu()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
if ($_REQUEST['idArr']) { if ($_REQUEST['idArr']) {
@ -914,9 +911,8 @@ class AdminController extends PublicController
*/ */
public function getSkuList() public function getSkuList()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
$where['del'] = '0'; $where['del'] = '0';
@ -1026,9 +1022,8 @@ class AdminController extends PublicController
*/ */
public function deleteSku() public function deleteSku()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
if ($_REQUEST['idArr']) { if ($_REQUEST['idArr']) {
@ -1052,8 +1047,7 @@ class AdminController extends PublicController
*/ */
public function getPaidOrderList() public function getPaidOrderList()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) {
$where['o.shop_id'] = $this->tokenShop_id; // 非总管理员只返回自己的订单 $where['o.shop_id'] = $this->tokenShop_id; // 非总管理员只返回自己的订单
} }
@ -1090,9 +1084,12 @@ class AdminController extends PublicController
*/ */
public function getOrderList() public function getOrderList()
{ {
// 权限判断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
if (!$this->isPower()) { $this->isPower();
$where['shop_id'] = $this->tokenShop_id;
// 添加 shop_id 条件
if ($_REQUEST['shop_id'] != '') {
$where['shop_id'] = $_REQUEST['shop_id'];
} }
// 添加 start_time 和 end_time 条件 // 添加 start_time 和 end_time 条件
@ -1156,9 +1153,8 @@ class AdminController extends PublicController
*/ */
public function getOrderDetails() public function getOrderDetails()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) { $where['shop_id'] = $this->tokenShop_id; //非总管理员 只返回自己的账户信息
$where['shop_id'] = $this->tokenShop_id;
} }
if ($_REQUEST['id']) { if ($_REQUEST['id']) {

2
FlyCube/MpApi/Controller/LoginController.class.php
View File

@ -54,7 +54,7 @@ class LoginController extends Controller
//删除多余信息 //删除多余信息
unset($adminInfo['pwd']); unset($adminInfo['pwd']);
//创建token //创建token
$token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id'], 'power' => $adminInfo['power'])); $token = $this->makeToken(array('shop_id' => $this->shop_id, 'admin_id' => $adminInfo['id']));
//登陆成功 返回token //登陆成功 返回token
echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE); echo json_encode(array('status' => 1, 'msg' => '登陆成功', 'adminInfo' => $adminInfo, 'token' => $token), JSON_UNESCAPED_UNICODE);
} else { } else {

98
FlyCube/MpApi/Controller/PlaneController.class.php
View File

@ -21,8 +21,7 @@ class PlaneController extends PublicController
*/ */
public function getPlaneClassList() public function getPlaneClassList()
{ {
// 权限判断(总管理员可操作所有单位) if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
$where['del'] = "0"; $where['del'] = "0";
@ -39,7 +38,8 @@ class PlaneController extends PublicController
*/ */
public function addPlaneClass() public function addPlaneClass()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['class_name']) { if ($_REQUEST['shop_id'] && $_REQUEST['class_name']) {
$data['shop_id'] = $_REQUEST['shop_id']; $data['shop_id'] = $_REQUEST['shop_id'];
@ -65,7 +65,8 @@ class PlaneController extends PublicController
*/ */
public function savePlaneClass() public function savePlaneClass()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['class_name'] && $_REQUEST['id']) { if ($_REQUEST['shop_id'] && $_REQUEST['class_name'] && $_REQUEST['id']) {
$data['class_name'] = $_REQUEST['class_name']; $data['class_name'] = $_REQUEST['class_name'];
@ -92,7 +93,9 @@ class PlaneController extends PublicController
*/ */
public function deletePlaneClass() public function deletePlaneClass()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 if ($this->tokenShop_id != C('powerId')) { // 非总管理员
$where['shop_id'] = $this->tokenShop_id;
}
if (isset($_REQUEST['idArr']) && !empty($_REQUEST['idArr'])) { if (isset($_REQUEST['idArr']) && !empty($_REQUEST['idArr'])) {
$idArr = explode(',', $_REQUEST['idArr']); $idArr = explode(',', $_REQUEST['idArr']);
@ -112,7 +115,9 @@ class PlaneController extends PublicController
'del' => '0' 'del' => '0'
]; ];
$bindWhere['shop_id'] = $_REQUEST['shop_id']; if ($this->tokenShop_id != C('powerId')) {
$bindWhere['shop_id'] = $this->tokenShop_id;
}
$linkedPlanes = $airDb->where($bindWhere)->field('id,name,bind_class_id')->select(); $linkedPlanes = $airDb->where($bindWhere)->field('id,name,bind_class_id')->select();
@ -130,7 +135,9 @@ class PlaneController extends PublicController
// 关联飞机为空,执行软删除 // 关联飞机为空,执行软删除
$classDb = D('airplane_class'); $classDb = D('airplane_class');
$delWhere = ['id' => ['in', $idArr]]; $delWhere = ['id' => ['in', $idArr]];
$delWhere['shop_id'] = $_REQUEST['shop_id']; if (isset($where['shop_id'])) {
$delWhere['shop_id'] = $where['shop_id'];
}
$data = ['del' => '1']; $data = ['del' => '1'];
if ($classDb->where($delWhere)->save($data) !== false) { if ($classDb->where($delWhere)->save($data) !== false) {
@ -149,14 +156,15 @@ class PlaneController extends PublicController
*/ */
public function getAirList() public function getAirList()
{ {
// 权限判断
if (!$this->isPower()) {
$where['a.shop_id'] = $this->tokenShop_id;
}
$airDb = D('airplane_register'); // 飞机表 $airDb = D('airplane_register'); // 飞机表
$prefix = C('DB_PREFIX'); // 获取表前缀 $prefix = C('DB_PREFIX'); // 获取表前缀
$where = [];
if ($this->tokenShop_id != C('powerId')) { // 非总管理员
$where['a.shop_id'] = $this->tokenShop_id;
}
$where['a.del'] = '0'; $where['a.del'] = '0';
// 需要的字段,带表别名 // 需要的字段,带表别名
@ -192,7 +200,7 @@ class PlaneController extends PublicController
*/ */
public function addAir() public function addAir()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 $this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['date']) { if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['date']) {
$data['shop_id'] = $_REQUEST['shop_id']; $data['shop_id'] = $_REQUEST['shop_id'];
@ -255,8 +263,7 @@ class PlaneController extends PublicController
*/ */
public function deleteAir() public function deleteAir()
{ {
// 权限判断(总管理员可操作所有单位) if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
if (isset($_REQUEST['idArr'])) { if (isset($_REQUEST['idArr'])) {
@ -283,8 +290,7 @@ class PlaneController extends PublicController
*/ */
public function crosFrequency() public function crosFrequency()
{ {
// 权限判断(总管理员可操作所有单位) if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
if ($_REQUEST['macAdd'] && $_REQUEST['id']) { if ($_REQUEST['macAdd'] && $_REQUEST['id']) {
@ -308,11 +314,9 @@ class PlaneController extends PublicController
*/ */
public function getSiteList() public function getSiteList()
{ {
// 权限判断(总管理员可操作所有单位) if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
$siteDb = D('receive_site'); $siteDb = D('receive_site');
$field = array('id', 'shop_id', 'sitename', 'qr', 'photo', 'bind_route', 'runing', 'describe'); $field = array('id', 'shop_id', 'sitename', 'qr', 'photo', 'bind_route', 'runing', 'describe');
if ($siteList = $siteDb->where($where)->field($field)->select()) { if ($siteList = $siteDb->where($where)->field($field)->select()) {
@ -326,7 +330,8 @@ class PlaneController extends PublicController
*/ */
public function addSite() public function addSite()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['sitename']) { if ($_REQUEST['shop_id'] && $_REQUEST['sitename']) {
$rsDb = D('receive_site'); $rsDb = D('receive_site');
@ -387,7 +392,8 @@ class PlaneController extends PublicController
*/ */
public function saveSite() public function saveSite()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['sitename']) { if ($_REQUEST['shop_id'] && $_REQUEST['sitename']) {
$rsDb = D('receive_site'); $rsDb = D('receive_site');
@ -463,8 +469,7 @@ class PlaneController extends PublicController
*/ */
public function deleteSite() public function deleteSite()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
$where['id'] = array("in", $_REQUEST['idArr']); $where['id'] = array("in", $_REQUEST['idArr']);
@ -537,8 +542,7 @@ class PlaneController extends PublicController
*/ */
public function getRouteList() public function getRouteList()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
$where['del'] = "0"; $where['del'] = "0";
@ -585,7 +589,8 @@ class PlaneController extends PublicController
*/ */
public function addRoute() public function addRoute()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['upFile']) { if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['upFile']) {
$routeDb = D('route'); $routeDb = D('route');
@ -617,7 +622,8 @@ class PlaneController extends PublicController
*/ */
public function saveRoute() public function saveRoute()
{ {
$this->isPower(); //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断 //总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
$this->isPower();
if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['id']) { if ($_REQUEST['shop_id'] && $_REQUEST['name'] && $_REQUEST['id']) {
$where['id'] = $_REQUEST['id']; $where['id'] = $_REQUEST['id'];
@ -653,11 +659,9 @@ class PlaneController extends PublicController
*/ */
public function deleteRoute() public function deleteRoute()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
// 获取要删除的航线ID数组 // 获取要删除的航线ID数组
$idArr = explode(',', strval($_REQUEST['idArr'])); $idArr = explode(',', strval($_REQUEST['idArr']));
@ -699,9 +703,10 @@ class PlaneController extends PublicController
public function setNoflyData() public function setNoflyData()
{ {
if ($_REQUEST['shop_id']) { if ($_REQUEST['shop_id']) {
// 权限判断 if ($this->tokenShop_id != C('powerId')) {
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} else {
$where['shop_id'] = $_REQUEST['shop_id'];
} }
$noflyDb = D('nofly'); $noflyDb = D('nofly');
@ -747,11 +752,19 @@ class PlaneController extends PublicController
*/ */
public function getNoflyData() public function getNoflyData()
{ {
// 权限判断 if (!isset($_REQUEST['shop_id'])) {
if (!$this->isPower()) { echo json_encode(['status' => 0, 'msg' => '缺少参数 shop_id']);
$where['shop_id'] = $this->tokenShop_id; exit;
} }
$shop_id = $_REQUEST['shop_id'];
if ($this->tokenShop_id != C('powerId')) {
$shop_id = $this->tokenShop_id;
}
$where['shop_id'] = $shop_id;
$noflyDb = D('nofly'); $noflyDb = D('nofly');
$field = ['id', 'shop_id', 'nofly_data', 'restrictfly_data', 'restrictfly_height']; $field = ['id', 'shop_id', 'nofly_data', 'restrictfly_data', 'restrictfly_height'];
$noflyData = $noflyDb->where($where)->field($field)->find(); $noflyData = $noflyDb->where($where)->field($field)->find();
@ -888,8 +901,7 @@ class PlaneController extends PublicController
*/ */
public function questAss() public function questAss()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }
//前端提交数据校验 //前端提交数据校验
@ -962,10 +974,6 @@ class PlaneController extends PublicController
*/ */
public function getFlyDataByIdArr() public function getFlyDataByIdArr()
{ {
// 权限判断
if (!$this->isPower()) {
$where['a.shop_id'] = $this->tokenShop_id;
}
$idArrStr = I('post.idArr'); $idArrStr = I('post.idArr');
$startTime = I('post.startTime', 0, 'intval'); $startTime = I('post.startTime', 0, 'intval');
$endTime = I('post.endTime', 0, 'intval'); $endTime = I('post.endTime', 0, 'intval');
@ -992,6 +1000,11 @@ class PlaneController extends PublicController
'f.start_time' => array('between', array($startTime, $endTime)), 'f.start_time' => array('between', array($startTime, $endTime)),
); );
// 非总管理员需加店铺限制
if ($this->tokenShop_id != C('powerId')) {
$where['a.shop_id'] = $this->tokenShop_id;
}
// 查询字段 // 查询字段
$fields = array( $fields = array(
'f.id', 'f.id',
@ -1025,8 +1038,7 @@ class PlaneController extends PublicController
*/ */
public function deleteFlyDataByIdArr() public function deleteFlyDataByIdArr()
{ {
// 权限判断 if ($this->tokenShop_id != C('powerId')) { //非总管理员
if (!$this->isPower()) {
$where['shop_id'] = $this->tokenShop_id; $where['shop_id'] = $this->tokenShop_id;
} }

10
FlyCube/MpApi/Controller/PublicController.class.php
View File

@ -14,8 +14,7 @@ use PhpMqtt\Client\ConnectionSettings;
class PublicController extends Controller class PublicController extends Controller
{ {
protected $tokenShop_id; protected $tokenShop_id;
protected $tokenAdmin_id; protected $admin_id;
protected $tokenPower;
//**************** //****************
//构造函数 //构造函数
//**************** //****************
@ -33,8 +32,7 @@ class PublicController extends Controller
$decoded = JWT::decode($token, new Key($jwtKey, 'HS256')); $decoded = JWT::decode($token, new Key($jwtKey, 'HS256'));
// Token 没有过期,继续处理 token验证通过 获取shop_id admin_id // Token 没有过期,继续处理 token验证通过 获取shop_id admin_id
$this->tokenShop_id = $decoded->shop_id; $this->tokenShop_id = $decoded->shop_id;
$this->tokenAdmin_id = $decoded->admin_id; $this->admin_id = $decoded->admin_id;
$this->tokenPower = $decoded->power;
} catch (\Firebase\JWT\ExpiredException $e) { } catch (\Firebase\JWT\ExpiredException $e) {
// Token 过期 // Token 过期
echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期')); echo json_encode(array('status' => 'noPermission', 'msg' => 'Token 已过期'));
@ -55,9 +53,7 @@ class PublicController extends Controller
*/ */
protected function isPower() protected function isPower()
{ {
if ($this->tokenPower == 'master') { //总管理员 if ($this->tokenShop_id != C('powerId')) { //非总管理员
return true;
} else {
if ($this->tokenShop_id != $_REQUEST['shop_id']) { // 提交的不是自己shopid退出 if ($this->tokenShop_id != $_REQUEST['shop_id']) { // 提交的不是自己shopid退出
echo json_encode(array('status' => 0, 'msg' => '没有权限')); echo json_encode(array('status' => 0, 'msg' => '没有权限'));
exit; exit;