hitsword
/
fastadmin
mirror of https://gitee.com/karson/fastadmin.git
1
0
Fork 0
Code Issues Releases Wiki Activity

修复管理员越权删除的BUG 

添加控制台安装系统接口
修复菜单错误
增加操作日志
其它BUG修复
pull/269678/MERGE
Karson 2017-04-15 00:27:16 +08:00
parent 8e4721d071
commit c225433a14
26 changed files with 581 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
application/admin/command/Crud.php
View File

@ -9,6 +9,7 @@ use think\console\Input;
use think\console\input\Option;
use think\console\Output;
use think\Db;
use think\Exception;
use think\Lang;
class Crud extends Command
@ -41,8 +42,7 @@ class Crud extends Command
$local = $input->getOption('local');
if (!$table)
{
$output->error('table name can\'t empty');
return;
throw new Exception('table name can\'t empty');
}
$dbname = Config::get('database.database');
$prefix = Config::get('database.prefix');
@ -50,8 +50,7 @@ class Crud extends Command
$tableInfo = Db::query("SHOW TABLE STATUS LIKE '{$tableName}'", [], TRUE);
if (!$tableInfo)
{
$output->error("table not found");
return;
throw new Exception("table not found");
}
$tableInfo = $tableInfo[0];
@ -69,8 +68,7 @@ class Crud extends Command
//非覆盖模式时如果存在控制器文件则报错
if (is_file($controllerFile) && !$force)
{
$output->error('controller already exists');
return;
throw new Exception('controller already exists');
}
//模型默认以表名进行处理,以下划线进行分隔,如果需要自定义则需要传入model,不支持目录层级
@ -91,8 +89,7 @@ class Crud extends Command
//非覆盖模式时如果存在模型文件则报错
if (is_file($modelFile) && !$force)
{
$output->error('model already exists');
return;
throw new Exception('model already exists');
}
//从数据库中获取表字段信息

49
application/admin/command/Install.php 100644
View File

@ -0,0 +1,49 @@
<?php
namespace app\admin\command;
use think\console\Command;
use think\console\Input;
use think\console\input\Option;
use think\console\Output;
use think\Db;
use think\Exception;
class Install extends Command
{
protected $model = null;
protected function configure()
{
$this
->setName('install')
->addOption('force', 'f', Option::VALUE_OPTIONAL, 'force override', FALSE)
->setDescription('New installation of FastAdmin');
}
protected function execute(Input $input, Output $output)
{
//覆盖安装
$force = $input->getOption('force');
$installLockFile = __DIR__ . "/Install/install.lock";
if (is_file($installLockFile) && !$force)
{
throw new Exception("\nFastAdmin already installed!\nIf you need to reinstall again, use the parameter --force=true ");
}
$sql = file_get_contents(__DIR__ . '/Install/fastadmin.sql');
// 查询一次SQL,判断连接是否正常
Db::execute("SELECT 1");
// 调用原生PDO对象进行批量查询
Db::getPdo()->exec($sql);
file_put_contents($installLockFile, 1);
$output->info("Install Successed!");
}
}

417
application/admin/command/Install/fastadmin.sql 100644
View File

File diff suppressed because one or more lines are too long

1
application/admin/command/Install/install.lock 100644
View File

@ -0,0 +1 @@
1

4
application/admin/command/Menu.php
View File

@ -11,6 +11,7 @@ use think\console\Command;
use think\console\Input;
use think\console\input\Option;
use think\console\Output;
use think\Exception;
class Menu extends Command
{
@ -33,8 +34,7 @@ class Menu extends Command
$controller = $input->getOption('controller') ? : '';
if (!$controller)
{
$output->error("please input controller name");
return;
throw new Exception("please input controller name");
}
if ($controller != 'all-controller')

3
application/admin/controller/Ajax.php
View File

@ -146,7 +146,8 @@ class Ajax extends Backend
$admin_rule_ids = $this->auth->getRuleIds();
$superadmin = $this->auth->isSuperAdmin();
$current_rule_ids = $id ? explode(',', $currentgroupmodel->rules) : [];
if (!$id || !array_key_exists($pid, Tree::instance()->init($model->all(['status' => 'normal']))->getChildrenIds($id, TRUE)))
if (!$id || !in_array($pid, Tree::instance()->init($model->all(['status' => 'normal']))->getChildrenIds($id, TRUE)))
{
//构造jstree所需的数据
$nodelist = [];

3
application/admin/controller/Dashboard.php
View File

@ -13,6 +13,9 @@ use app\common\controller\Backend;
class Dashboard extends Backend
{
/**
* 查看
*/
public function index()
{
$seventtime = \fast\Date::unixtime('day', -7);

39
application/admin/controller/auth/Admin.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\auth;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use fast\Random;
use fast\Tree;
@ -56,10 +57,11 @@ class Admin extends Backend
$params = $this->request->post("row/a");
if ($params)
{
$params['salt'] = Random::basic(4);
$params['salt'] = Random::alnum();
$params['password'] = md5(md5($params['password']) . $params['salt']);
$admin = $this->model->create($params);
AdminLog::record(__('Add'), $this->model->getLastInsID());
$group = $this->request->post("group/a");
//过滤不允许的组别,避免越权
@ -98,6 +100,7 @@ class Admin extends Backend
$params['password'] = md5(md5($params['password']) . $params['salt']);
}
$row->save($params);
AdminLog::record(__('Edit'), $ids);
// 先移除所有权限
model('AuthGroupAccess')->where('uid', $row->id)->delete();
@ -137,15 +140,41 @@ class Admin extends Backend
$this->code = -1;
if ($ids)
{
$count = $this->model->where('id', 'in', $ids)->delete();
if ($count)
// 避免越权删除管理员
$childrenGroupIds = $this->childrenIds;
$adminList = $this->model->where('id', 'in', $ids)->where('id', 'in', function($query) use($childrenGroupIds)
{
$query->name('auth_group_access')->where('group_id', 'in', $childrenGroupIds)->field('uid');
})->select();
if ($adminList)
{
model('AuthGroupAccess')->where('uid', 'in', $ids)->delete();
$this->code = 1;
$deleteIds = [];
foreach ($adminList as $k => $v)
{
$deleteIds[] = $v->id;
}
$deleteIds = array_diff($deleteIds, [$this->auth->id]);
if ($deleteIds)
{
AdminLog::record(__('Del'), $deleteIds);
$this->model->destroy($deleteIds);
model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete();
$this->code = 1;
}
}
}
return;
}
/**
* 批量更新
* @internal
*/
public function multi($ids = "")
{
// 管理员禁止批量操作
$this->code = -1;
}
}

5
application/admin/controller/auth/Group.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\auth;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use fast\Tree;
@ -104,6 +105,7 @@ class Group extends Backend
if ($params)
{
$this->model->create($params);
AdminLog::record(__('Add'), $this->model->getLastInsID());
$this->code = 1;
}
@ -151,6 +153,7 @@ class Group extends Backend
if ($params)
{
$row->save($params);
AdminLog::record(__('Edit'), $ids);
$this->code = 1;
}
@ -200,6 +203,7 @@ class Group extends Backend
$count = $this->model->where('id', 'in', $ids)->delete();
if ($count)
{
AdminLog::record(__('Del'), $ids);
$this->code = 1;
}
}
@ -208,6 +212,7 @@ class Group extends Backend
/**
* 批量更新
* @internal
*/
public function multi($ids = "")
{

20
application/admin/controller/auth/Rule.php
View File

@ -2,8 +2,10 @@
namespace app\admin\controller\auth;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use fast\Tree;
use think\Cache;
/**
* 规则管理
@ -24,7 +26,7 @@ class Rule extends Backend
// 必须将结果集转换为数组
Tree::instance()->init(collection($this->model->order('weigh', 'desc')->select())->toArray());
$this->rulelist = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0), 'title');
$ruledata = [];
$ruledata = [0 => __('None')];
foreach ($this->rulelist as $k => $v)
{
$ruledata[$v['id']] = $v['title'];
@ -61,6 +63,8 @@ class Rule extends Backend
if ($params)
{
$this->model->create($params);
AdminLog::record(__('Add'), $this->model->getLastInsID());
Cache::rm('__menu__');
$this->code = 1;
}
@ -84,6 +88,8 @@ class Rule extends Backend
if ($params)
{
$row->save($params);
AdminLog::record(__('Edit'), $ids);
Cache::rm('__menu__');
$this->code = 1;
}
@ -104,6 +110,8 @@ class Rule extends Backend
$count = $this->model->where('id', 'in', $ids)->delete();
if ($count)
{
AdminLog::record(__('Del'), $ids);
Cache::rm('__menu__');
$this->code = 1;
}
}
@ -111,4 +119,14 @@ class Rule extends Backend
return;
}
/**
* 批量更新
* @internal
*/
public function multi($ids = "")
{
// 节点禁止批量操作
$this->code = -1;
}
}

52
application/admin/controller/general/Configvalue.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\general;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
/**
@ -75,6 +76,7 @@ class Configvalue extends Backend
$params['content'] = array_combine($fieldarr, $valuearr);
}
$this->model->save($params);
AdminLog::record(__('Add'), $this->model->getLastInsID());
$this->code = 1;
}
@ -114,6 +116,7 @@ class Configvalue extends Backend
$params['content'] = array_combine($fieldarr, $valuearr);
}
$row->save($params);
AdminLog::record(__('Edit'), $ids);
$this->code = 1;
}
@ -123,53 +126,4 @@ class Configvalue extends Backend
return $this->view->fetch();
}
/**
* 删除
*/
public function del($ids = "")
{
$this->code = -1;
if ($ids)
{
$count = $this->model->where('id', 'in', $ids)->delete();
if ($count)
{
$this->code = 1;
}
}
return;
}
/**
* 批量更新
*/
public function multi($ids = "")
{
$this->code = -1;
$ids = $ids ? $ids : $this->request->param("ids");
if ($ids)
{
if ($this->request->has('params'))
{
parse_str($this->request->post("params"), $values);
$values = array_intersect_key($values, array_flip(array('status')));
if ($values)
{
$count = $this->model->where('id', 'in', $ids)->update($values);
if ($count)
{
$this->code = 1;
}
}
}
else
{
$this->code = 1;
}
}
return;
}
}

93
application/admin/controller/general/Crontab.php
View File

@ -51,97 +51,4 @@ class Crontab extends Backend
return $this->view->fetch();
}
/**
* 添加
*/
public function add()
{
if ($this->request->isPost())
{
$this->code = -1;
$params = $this->request->post("row/a");
if ($params)
{
$this->model->create($params);
$this->code = 1;
}
return;
}
return $this->view->fetch();
}
/**
* 编辑
*/
public function edit($ids = NULL)
{
$row = $this->model->get(['id' => $ids]);
if (!$row)
$this->error(__('No Results were found'));
if ($this->request->isPost())
{
$this->code = -1;
$params = $this->request->post("row/a");
if ($params)
{
$row->save($params);
$this->code = 1;
}
return;
}
$this->view->assign("row", $row);
return $this->view->fetch();
}
/**
* 删除
*/
public function del($ids = "")
{
$this->code = -1;
if ($ids)
{
$count = $this->model->where('id', 'in', $ids)->delete();
if ($count)
{
$this->code = 1;
}
}
return;
}
/**
* 批量更新
*/
public function multi($ids = "")
{
$this->code = -1;
$ids = $ids ? $ids : $this->request->param("ids");
if ($ids)
{
if ($this->request->has('params'))
{
parse_str($this->request->post("params"), $values);
$values = array_intersect_key($values, array_flip(array('status')));
if ($values)
{
$count = $this->model->where('id', 'in', $ids)->update($values);
if ($count)
{
$this->code = 1;
}
}
}
else
{
$this->code = 1;
}
}
return;
}
}

3
application/admin/controller/general/Database.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\general;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use think\Db;
use think\Debug;
@ -59,6 +60,7 @@ class Database extends Backend
if (in_array($do_action, array('doquery', 'optimizeall', 'repairall')))
{
AdminLog::record(__('query'), ['table' => $tablename, 'action' => $do_action, 'sql' => $this->request->post('sqlquery')]);
$this->$do_action();
}
else if (count($tablename) == 0)
@ -67,6 +69,7 @@ class Database extends Backend
}
else
{
AdminLog::record(__('query'), ['table' => $tablename, 'action' => $do_action]);
foreach ($tablename as $table)
{
$this->$do_action($table);

2
application/admin/controller/general/Profile.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\general;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use fast\Random;
@ -60,6 +61,7 @@ class Profile extends Backend
if ($params)
{
model('admin')->where('id', $this->auth->id)->update($params);
AdminLog::record(__('Update'), $params);
$this->code = 1;
}
}

4
application/admin/controller/wechat/Autoreply.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\wechat;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use app\common\model\WechatResponse;
use think\Db;
@ -37,9 +38,10 @@ class Autoreply extends Backend
if ($params)
{
$row->save($params);
AdminLog::record(__('Edit'), $ids);
$this->code = 1;
}
return FALSE;
return;
}
$response = WechatResponse::get(['eventkey' => $row['eventkey']]);
$this->view->assign("response", $response);

4
application/admin/controller/wechat/Config.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\wechat;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use app\common\model\Configvalue;
@ -54,6 +55,7 @@ class Config extends Backend
$this->obj['config'][] = $this->request->post('row/a');
$this->wechatcfg->content = $this->obj;
$this->wechatcfg->save();
AdminLog::record(__('Add'), $this->request->post('row/a'));
$this->code = 1;
return;
}
@ -84,6 +86,7 @@ class Config extends Backend
$this->wechatcfg->content = $this->obj;
$this->wechatcfg->save();
$this->code = 1;
AdminLog::record(__('Edit'), $ids);
return;
}
$this->view->assign("row", $row);
@ -108,6 +111,7 @@ class Config extends Backend
}
$this->wechatcfg->content = $this->obj;
$this->wechatcfg->save();
AdminLog::record(__('Del'), $ids);
$this->code = 1;
}

4
application/admin/controller/wechat/Menu.php
View File

@ -2,10 +2,12 @@
namespace app\admin\controller\wechat;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use app\common\model\Configvalue;
use app\common\model\WechatResponse;
use EasyWeChat\Foundation\Application;
use think\Config;
use think\Exception;
/**
@ -51,6 +53,7 @@ class Menu extends Backend
$content['menu'] = $menu;
$this->wechatcfg->content = $content;
$this->wechatcfg->save();
AdminLog::record(__('Edit'), $ids);
$this->code = 1;
return;
}
@ -68,6 +71,7 @@ class Menu extends Backend
$ret = $app->menu->add($this->wechatcfg->content['menu']);
if ($ret->errcode == 0)
{
AdminLog::record(__('Sync'), $this->wechatcfg->content['menu']);
$this->code = 1;
}
else

3
application/admin/controller/wechat/Response.php
View File

@ -2,6 +2,7 @@
namespace app\admin\controller\wechat;
use app\admin\model\AdminLog;
use app\common\controller\Backend;
use fast\service\Wechat;
@ -44,6 +45,7 @@ class Response extends Backend
if ($params)
{
$this->model->save($params);
AdminLog::record(__('Add'), $this->model->getLastInsID());
$this->code = 1;
$this->content = $params;
}
@ -72,6 +74,7 @@ class Response extends Backend
if ($params)
{
$row->save($params);
AdminLog::record(__('Edit'), $ids);
$this->code = 1;
}
return;

4
application/admin/lang/zh-cn/general/database.php
View File

@ -3,8 +3,8 @@
return [
'SQL Result' => '查询结果',
'Basic query' => '基础查询',
'View structure' => '基础查询',
'View data' => '基础查询',
'View structure' => '查看表结构',
'View data' => '查看表数据',
'Optimize' => '优化表',
'Repair' => '修复表',
'Optimize all' => '优化全部表',

6
application/admin/library/traits/Backend.php
View File

@ -2,6 +2,8 @@
namespace app\admin\library\traits;
use app\admin\model\AdminLog;
trait Backend
{
@ -42,6 +44,7 @@ trait Backend
if ($params)
{
$this->model->create($params);
AdminLog::record(__('Add'), $this->model->getLastInsID());
$this->code = 1;
}
@ -65,6 +68,7 @@ trait Backend
if ($params)
{
$row->save($params);
AdminLog::record(__('Edit'), $ids);
$this->code = 1;
}
@ -85,6 +89,7 @@ trait Backend
$count = $this->model->where('id', 'in', $ids)->delete();
if ($count)
{
AdminLog::record(__('Del'), $ids);
$this->code = 1;
}
}
@ -110,6 +115,7 @@ trait Backend
$count = $this->model->where('id', 'in', $ids)->update($values);
if ($count)
{
AdminLog::record(__('Multi'), $ids);
$this->code = 1;
}
}

1
application/admin/model/AdminLog.php
View File

@ -17,6 +17,7 @@ class AdminLog extends Model
{
$admin = \think\Session::get('admin');
$admin_id = $admin ? $admin->id : 0;
$content = !is_scalar($content) ? json_encode($content) : $content . '';
$username = $username ? $username : ($admin ? $admin->username : __(''));
self::create([
'title' => $title,

1
application/admin/view/general/configvalue/index.html
View File

@ -14,7 +14,6 @@
<li><a class="btn btn-link btn-multi btn-disabled disabled" href="javascript:;" data-params="status=hidden"><i class="fa fa-eye-slash"></i> 设为隐藏</a></li>
</ul>
</div>
<a class="btn btn-primary btn-danger btn-clear-cache"><i class="fa fa-times"></i> {:__('Clear cache')}</a>
</div>
<table id="table" class="table table-striped table-bordered table-hover" width="100%">
</table>

9
application/admin/view/index/login.html
View File

@ -49,6 +49,15 @@
}
</style>
<script>
var _hmt = _hmt || [];
(function () {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?58347d769d009bcf6074e9a0ab7ba05e";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script>
</head>
<body>
<div class="container">

1
application/command.php
View File

@ -13,4 +13,5 @@
return [
'app\admin\command\Crud',
'app\admin\command\Menu',
'app\admin\command\Install',
];

2
public/assets/js/backend/index.js
View File

@ -1,4 +1,4 @@
define(['jquery', 'bootstrap', 'backend', 'addtabs', 'adminlte'], function ($, undefined, Backend, undefined, AdminLTE) {
define(['jquery', 'bootstrap', 'backend', 'addtabs', 'adminlte', 'validator'], function ($, undefined, Backend, undefined, AdminLTE, undefined) {
var Controller = {
index: function () {

4
public/assets/js/backend/wechat/menu.js
View File

@ -132,7 +132,7 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'sortable'], function
//更新菜单数据
var menuUpdate = function () {
$.post("wechat/menu/edit", {menu: JSON.stringify(getMenuList())}, function (data) {
if (data['code'] == 0) {
if (data['code'] == 1) {
} else {
Backend.api.error();
}
@ -255,7 +255,7 @@ define(['jquery', 'bootstrap', 'backend', 'table', 'form', 'sortable'], function
});
$(document).on('click', "#menuSyn", function () {
$.post("wechat/menu/sync", {}, function (data) {
if (data['code'] == 0) {
if (data['code'] == 1) {
Backend.api.toastr.success('菜单同步更新成功,生效时间看微信官网说明,或者你重新关注微信号!');
} else {
Backend.api.toastr.error(data['content']);