model=new Admin; $this->childrenAdminIds = $this->auth->getChildrenAdminIds($this->auth->isSuperAdmin()); $this->childrenGroupIds = $this->auth->getChildrenGroupIds($this->auth->isSuperAdmin()); $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray(); Tree::instance()->init($groupList); $groupdata = []; if ($this->auth->isSuperAdmin()) { $result = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0)); foreach ($result as $k => $v) { $groupdata[$v['id']] = $v['name']; } } else { $result = []; $groups = $this->auth->getGroups(); foreach ($groups as $m => $n) { $childlist = Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['id'])); $temp = []; foreach ($childlist as $k => $v) { $temp[$v['id']] = $v['name']; } $result[__($n['name'])] = $temp; } $groupdata = $result; } $this->view->assign('groupdata', $groupdata); $this->assignconfig("admin", ['id' => $this->auth->id]); } public function share(){ $this->assign('admin',$this->admin()); return $this->fetch(); } public function changepwd(){ if($this->request->isGet()){ return $this->fetch(); }else{ $data=input('row/a'); $this->validate($data,[ 'old_pwd'=>['require',], 'new_pwd|新密码'=>['require','confirm:new_pwd_confirm'], 'new_pwd_confirm|确认新密码'=>['require',], 'code|验证码'=>['require','captcha'], ]); if($this->admin('password')!=md5(md5($data['old_pwd']).$this->admin('salt'))){ $this->error('原密码错误'); } $admin=$this->admin(); $admin['password']=md5(md5($data['new_pwd']) . $this->admin('salt')); $admin->save(); $this->success(); } } /** * 查看 */ public function index() { //设置过滤方法 $this->request->filter(['strip_tags', 'trim']); if ($this->request->isAjax()) { //如果发送的来源是Selectpage，则转发到Selectpage if ($this->request->request('keyField')) { return $this->selectpage(); } $childrenGroupIds = $this->childrenGroupIds; $groupName = AuthGroup::where('id', 'in', $childrenGroupIds) ->column('id,name'); $authGroupList = AuthGroupAccess::where('group_id', 'in', $childrenGroupIds) ->field('uid,group_id') ->select(); $adminGroupName = []; foreach ($authGroupList as $k => $v) { if (isset($groupName[$v['group_id']])) { $adminGroupName[$v['uid']][$v['group_id']] = $groupName[$v['group_id']]; } } $groups = $this->auth->getGroups(); foreach ($groups as $m => $n) { $adminGroupName[$this->auth->id][$n['id']] = $n['name']; } list($where, $sort, $order, $offset, $limit) = $this->buildparams(); $list = $this->model ->where($where) ->where('id', 'in', $this->childrenAdminIds) ->where('user_type',Admin::UT_SELLER) ->field(['password', 'salt', 'token'], true) ->order($sort, $order) ->paginate($limit); foreach ($list as $k => &$v) { $groups = isset($adminGroupName[$v['id']]) ? $adminGroupName[$v['id']] : []; $v['groups'] = implode(',', array_keys($groups)); $v['groups_text'] = implode(',', array_values($groups)); } unset($v); $result = array("total" => $list->total(), "rows" => $list->items()); return json($result); } return $this->view->fetch(); } /** * 添加 */ public function add() { if ($this->request->isPost()) { $this->token(); $params = $this->request->post("row/a"); if ($params) { Db::startTrans(); try { if (!Validate::is($params['password'], '\S{6,16}')) { exception(__("Please input correct password")); } $_SERVER['admin_pass']=$params['password']; $params['salt'] = Random::alnum(); $params['password'] = md5(md5($params['password']) . $params['salt']); $params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。 $params['user_type'] = Admin::UT_SELLER; $result = $this->model->validate('Admin.add')->save($params); if ($result === false) { exception($this->model->getError()); } $group = $this->request->post("group/a"); //过滤不允许的组别,避免越权 $group = array_intersect($this->childrenGroupIds, $group); if (!$group) { exception(__('The parent group exceeds permission limit')); } $dataset = []; foreach ($group as $value) { $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; } model('AuthGroupAccess')->saveAll($dataset); Db::commit(); } catch (\Exception $e) { Db::rollback(); $this->error($e->getMessage()); } $this->success(); } $this->error(__('Parameter %s can not be empty', '')); } return $this->view->fetch(); } /** * 编辑 */ public function edit($ids = null) { $row = $this->model->get(['id' => $ids]); if (!$row) { $this->error(__('No Results were found')); } if (!in_array($row->id, $this->childrenAdminIds)) { $this->error(__('You have no permission')); } if ($this->request->isPost()) { $this->token(); $params = $this->request->post("row/a"); if ($params) { Db::startTrans(); try { if ($params['password']) { if (!Validate::is($params['password'], '\S{6,16}')) { exception(__("Please input correct password")); } $_SERVER['admin_pass']=$params['password']; $params['salt'] = Random::alnum(); $params['password'] = md5(md5($params['password']) . $params['salt']); } else { unset($params['password'], $params['salt']); } //这里需要针对username和email做唯一验证 $adminValidate = \think\Loader::validate('Admin'); $adminValidate->rule([ 'username' => 'require|regex:\w{3,12}|unique:admin,username,' . $row->id, 'email' => 'require|email|unique:admin,email,' . $row->id, 'password' => 'regex:\S{32}', ]); $result = $row->validate('Admin.edit')->save($params); if ($result === false) { exception($row->getError()); } // 先移除所有权限 model('AuthGroupAccess')->where('uid', $row->id)->delete(); $group = $this->request->post("group/a"); // 过滤不允许的组别,避免越权 $group = array_intersect($this->childrenGroupIds, $group); if (!$group) { exception(__('The parent group exceeds permission limit')); } $dataset = []; foreach ($group as $value) { $dataset[] = ['uid' => $row->id, 'group_id' => $value]; } model('AuthGroupAccess')->saveAll($dataset); Db::commit(); } catch (\Exception $e) { Db::rollback(); $this->error($e->getMessage()); } $this->success(); } $this->error(__('Parameter %s can not be empty', '')); } $grouplist = $this->auth->getGroups($row['id']); $groupids = []; foreach ($grouplist as $k => $v) { $groupids[] = $v['id']; } $this->view->assign("row", $row); $this->view->assign("groupids", $groupids); return $this->view->fetch(); } /** * 删除 */ public function del($ids = "") { if (!$this->request->isPost()) { $this->error(__("Invalid parameters")); } $ids = $ids ? $ids : $this->request->post("ids"); if ($ids) { $ids = array_intersect($this->childrenAdminIds, array_filter(explode(',', $ids))); // 避免越权删除管理员 $childrenGroupIds = $this->childrenGroupIds; $adminList = $this->model->where('id', 'in', $ids)->where('id', 'in', function ($query) use ($childrenGroupIds) { $query->name('auth_group_access')->where('group_id', 'in', $childrenGroupIds)->field('uid'); })->select(); if ($adminList) { $deleteIds = []; foreach ($adminList as $k => $v) { $deleteIds[] = $v->id; } $deleteIds = array_values(array_diff($deleteIds, [$this->auth->id])); if ($deleteIds) { Db::startTrans(); try { $this->model->destroy($deleteIds); model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete(); Db::commit(); } catch (\Exception $e) { Db::rollback(); $this->error($e->getMessage()); } $this->success(); } $this->error(__('No rows were deleted')); } } $this->error(__('You have no permission')); } public function detail($ids){ $admin=$this->model->findOrFail($ids); $this->assign('user',$admin); if($this->request->isAjax()){ list($where, $sort, $order, $offset, $limit) = $this->buildparams(); $list = \app\admin\model\User::where($where) ->where('admin_id',$admin['id']) ->order($sort, $order) ->paginate($limit); $result = array("total" => $list->total(), "rows" => $list->items()); return json($result); } return $this->fetch(); } /** * 批量更新 * @internal */ public function multi($ids = "") { // 管理员禁止批量操作 $this->error('禁止批量操作'); } protected function selectpage() { //设置过滤方法 $this->request->filter(['trim', 'strip_tags', 'htmlspecialchars']); //搜索关键词,客户端输入以空格分开,这里接收为数组 $word = (array)$this->request->request("q_word/a"); //当前页 $page = $this->request->request("pageNumber"); //分页大小 $pagesize = $this->request->request("pageSize"); //搜索条件 $andor = $this->request->request("andOr", "and", "strtoupper"); //排序方式 $orderby = (array)$this->request->request("orderBy/a"); //显示的字段 $field = $this->request->request("showField"); //主键 $primarykey = $this->request->request("keyField"); //主键值 $primaryvalue = $this->request->request("keyValue"); //搜索字段 $searchfield = (array)$this->request->request("searchField/a"); //自定义搜索条件 $custom = (array)$this->request->request("custom/a"); //是否返回树形结构 $istree = $this->request->request("isTree", 0); $ishtml = $this->request->request("isHtml", 0); if ($istree) { $word = []; $pagesize = 999999; } $order = []; foreach ($orderby as $k => $v) { $order[$v[0]] = $v[1]; } $field = $field ? $field : 'name'; //如果有primaryvalue,说明当前是初始化传值 if ($primaryvalue !== null) { $where = [$primarykey => ['in', $primaryvalue]]; $pagesize = 999999; } else { $where = function ($query) use ($word, $andor, $field, $searchfield, $custom) { $logic = $andor == 'AND' ? '&' : '|'; $searchfield = is_array($searchfield) ? implode($logic, $searchfield) : $searchfield; $searchfield = str_replace(',', $logic, $searchfield); $word = array_filter(array_unique($word)); if (count($word) == 1) { $query->where($searchfield, "like", "%" . reset($word) . "%"); } else { $query->where(function ($query) use ($word, $searchfield) { foreach ($word as $index => $item) { $query->whereOr(function ($query) use ($item, $searchfield) { $query->where($searchfield, "like", "%{$item}%"); }); } }); } if ($custom && is_array($custom)) { foreach ($custom as $k => $v) { if (is_array($v) && 2 == count($v)) { $query->where($k, trim($v[0]), $v[1]); } else { $query->where($k, '=', $v); } } } }; } $adminIds = $this->getDataLimitAdminIds(); if (is_array($adminIds)) { $this->model->where($this->dataLimitField, 'in', $adminIds); } $list = []; $total = $this->model->where($where)->count(); if ($total > 0) { if (is_array($adminIds)) { $this->model->where($this->dataLimitField, 'in', $adminIds); } $fields = is_array($this->selectpageFields) ? $this->selectpageFields : ($this->selectpageFields && $this->selectpageFields != '*' ? explode(',', $this->selectpageFields) : []); //如果有primaryvalue,说明当前是初始化传值,按照选择顺序排序 if ($primaryvalue !== null && preg_match("/^[a-z0-9_\-]+$/i", $primarykey)) { $primaryvalue = array_unique(is_array($primaryvalue) ? $primaryvalue : explode(',', $primaryvalue)); //修复自定义data-primary-key为字符串内容时，给排序字段添加上引号 $primaryvalue = array_map(function ($value) { return '\'' . $value . '\''; }, $primaryvalue); $primaryvalue = implode(',', $primaryvalue); $this->model->orderRaw("FIELD(`{$primarykey}`, {$primaryvalue})"); } else { $this->model->order($order); } $datalist = $this->model->where($where) ->where('user_type',Admin::UT_SELLER) ->page($page, $pagesize) ->select(); foreach ($datalist as $index => $item) { unset($item['password'], $item['salt']); if ($this->selectpageFields == '*') { $result = [ $primarykey => isset($item[$primarykey]) ? $item[$primarykey] : '', $field => isset($item[$field]) ? $item[$field] : '', ]; } else { $result = array_intersect_key(($item instanceof Model ? $item->toArray() : (array)$item), array_flip($fields)); } $result['pid'] = isset($item['pid']) ? $item['pid'] : (isset($item['parent_id']) ? $item['parent_id'] : 0); $list[] = $result; } if ($istree && !$primaryvalue) { $tree = Tree::instance(); $tree->init(collection($list)->toArray(), 'pid'); $list = $tree->getTreeList($tree->getTreeArray(0), $field); if (!$ishtml) { foreach ($list as &$item) { $item = str_replace(' ', ' ', $item); } unset($item); } } } //这里一定要返回有list这个字段,total是可选的,如果total<=list的数量,则会隐藏分页按钮 return json(['list' => $list, 'total' => $total]); } public function show(){ if($this->request->isGet()){ return $this->fetch(); } } #佣金明细 public function my_wallet(){ //设置过滤方法 $this->request->filter(['strip_tags', 'trim']); if ($this->request->isAjax()) { list($where, $sort, $order, $offset, $limit) = $this->buildparams(); $list=AdminMoneyLog::where('admin_id',$this->admin('id')) ->with(['admin']) ->order($sort, $order) ->where($where) ->paginate($limit); $result = array("total" => $list->total(), "rows" => $list->items()); return json($result); } $this->assign('types',AdminMoneyLog::getMoneyTypes()); return $this->view->fetch(); } }