From c2460a3241d0657660026baaaeb6241bc7a5e493 Mon Sep 17 00:00:00 2001 From: Karson Date: Sun, 24 Jan 2021 22:10:53 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=9D=83=E9=99=90=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E5=91=98=E8=B6=8A=E6=9D=83=E4=B8=8A=E7=BA=A7=E6=9D=83?= =?UTF-8?q?=E9=99=90=E7=9A=84BUG=20=E4=BF=AE=E5=A4=8D=E7=AE=A1=E7=90=86?= =?UTF-8?q?=E5=91=98=E6=97=A5=E5=BF=97=E6=9F=A5=E7=9C=8B=E8=B6=85=E7=BA=A7?= =?UTF-8?q?=E6=9D=83=E9=99=90=E7=9A=84BUG=20=E4=BC=98=E5=8C=96=E6=9D=83?= =?UTF-8?q?=E9=99=90=E7=AE=A1=E7=90=86=E5=88=86=E7=BB=84=E5=88=97=E8=A1=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/admin/controller/auth/Admin.php | 13 ++++++-- .../admin/controller/auth/Adminlog.php | 10 +++--- application/admin/controller/auth/Group.php | 31 +++++++++---------- application/admin/controller/auth/Rule.php | 3 ++ application/admin/lang/zh-cn/auth/admin.php | 11 ++++--- application/admin/lang/zh-cn/auth/group.php | 2 +- application/admin/lang/zh-cn/auth/rule.php | 3 +- 7 files changed, 41 insertions(+), 32 deletions(-) diff --git a/application/admin/controller/auth/Admin.php b/application/admin/controller/auth/Admin.php index bd7f3b2f..e7153dde 100644 --- a/application/admin/controller/auth/Admin.php +++ b/application/admin/controller/auth/Admin.php @@ -12,7 +12,7 @@ use think\Validate; /** * 管理员管理 * - * @icon fa fa-users + * @icon fa fa-users * @remark 一个管理员可以有多个角色组,左侧的菜单根据管理员所拥有的权限进行生成 */ class Admin extends Backend @@ -32,8 +32,8 @@ class Admin extends Backend parent::_initialize(); $this->model = model('Admin'); - $this->childrenAdminIds = $this->auth->getChildrenAdminIds(true); - $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true); + $this->childrenAdminIds = $this->auth->getChildrenAdminIds($this->auth->isSuperAdmin()); + $this->childrenGroupIds = $this->auth->getChildrenGroupIds($this->auth->isSuperAdmin()); $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray(); @@ -136,6 +136,10 @@ class Admin extends Backend //过滤不允许的组别,避免越权 $group = array_intersect($this->childrenGroupIds, $group); + if (!$group) { + $this->error(__('The parent group exceeds permission limit')); + } + $dataset = []; foreach ($group as $value) { $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; @@ -192,6 +196,9 @@ class Admin extends Backend // 过滤不允许的组别,避免越权 $group = array_intersect($this->childrenGroupIds, $group); + if (!$group) { + $this->error(__('The parent group exceeds permission limit')); + } $dataset = []; foreach ($group as $value) { diff --git a/application/admin/controller/auth/Adminlog.php b/application/admin/controller/auth/Adminlog.php index 998fdc8a..c4895c11 100644 --- a/application/admin/controller/auth/Adminlog.php +++ b/application/admin/controller/auth/Adminlog.php @@ -27,7 +27,7 @@ class Adminlog extends Backend $this->model = model('AdminLog'); $this->childrenAdminIds = $this->auth->getChildrenAdminIds(true); - $this->childrenGroupIds = $this->auth->getChildrenGroupIds($this->auth->isSuperAdmin() ? true : false); + $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true); $groupName = AuthGroup::where('id', 'in', $this->childrenGroupIds) ->column('id,name'); @@ -66,6 +66,9 @@ class Adminlog extends Backend if (!$row) { $this->error(__('No Results were found')); } + if (!$row['admin_id'] || !in_array($row['admin_id'], $this->childrenAdminIds)) { + $this->error(__('You have no permission')); + } $this->view->assign("row", $row->toArray()); return $this->view->fetch(); } @@ -98,10 +101,7 @@ class Adminlog extends Backend } $ids = $ids ? $ids : $this->request->post("ids"); if ($ids) { - $childrenGroupIds = $this->childrenGroupIds; - $adminList = $this->model->where('id', 'in', $ids)->where('admin_id', 'in', function ($query) use ($childrenGroupIds) { - $query->name('auth_group_access')->field('uid'); - })->select(); + $adminList = $this->model->where('id', 'in', $ids)->where('admin_id', 'in', $this->childrenAdminIds)->select(); if ($adminList) { $deleteIds = []; foreach ($adminList as $k => $v) { diff --git a/application/admin/controller/auth/Group.php b/application/admin/controller/auth/Group.php index 218ae8dd..29ae01dd 100644 --- a/application/admin/controller/auth/Group.php +++ b/application/admin/controller/auth/Group.php @@ -24,6 +24,7 @@ class Group extends Backend //当前登录管理员所有子组别 protected $childrenGroupIds = []; //当前组别列表数据 + protected $grouplist = []; protected $groupdata = []; //无需要权限判断的方法 protected $noNeedRight = ['roletree']; @@ -38,20 +39,28 @@ class Group extends Backend $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray(); Tree::instance()->init($groupList); - $result = []; + $groupList = []; if ($this->auth->isSuperAdmin()) { - $result = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0)); + $groupList = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0)); } else { $groups = $this->auth->getGroups(); + $groupIds = []; foreach ($groups as $m => $n) { - $result = array_merge($result, Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['pid']))); + if (in_array($n['id'], $groupIds) || in_array($n['pid'], $groupIds)) { + continue; + } + $groupList = array_merge($groupList, Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['pid']))); + foreach ($groupList as $index => $item) { + $groupIds[] = $item['id']; + } } } $groupName = []; - foreach ($result as $k => $v) { + foreach ($groupList as $k => $v) { $groupName[$v['id']] = $v['name']; } + $this->grouplist = $groupList; $this->groupdata = $groupName; $this->assignconfig("admin", ['id' => $this->auth->id, 'group_ids' => $this->auth->getGroupIds()]); @@ -64,19 +73,7 @@ class Group extends Backend public function index() { if ($this->request->isAjax()) { - $list = AuthGroup::all(array_keys($this->groupdata)); - $list = collection($list)->toArray(); - $groupList = []; - foreach ($list as $k => $v) { - $groupList[$v['id']] = $v; - } - $list = []; - foreach ($this->groupdata as $k => $v) { - if (isset($groupList[$k])) { - $groupList[$k]['name'] = $v; - $list[] = $groupList[$k]; - } - } + $list = $this->grouplist; $total = count($list); $result = array("total" => $total, "rows" => $list); diff --git a/application/admin/controller/auth/Rule.php b/application/admin/controller/auth/Rule.php index 310d3830..80f23425 100644 --- a/application/admin/controller/auth/Rule.php +++ b/application/admin/controller/auth/Rule.php @@ -105,6 +105,9 @@ class Rule extends Backend if (!$params['ismenu'] && !$params['pid']) { $this->error(__('The non-menu rule must have parent')); } + if ($params['pid'] == $row['id']) { + $this->error(__('Can not change the parent to self')); + } if ($params['pid'] != $row['pid']) { $childrenIds = Tree::instance()->init(collection(AuthRule::select())->toArray())->getChildrenIds($row['id']); if (in_array($params['pid'], $childrenIds)) { diff --git a/application/admin/lang/zh-cn/auth/admin.php b/application/admin/lang/zh-cn/auth/admin.php index 20995b32..5ff102ee 100644 --- a/application/admin/lang/zh-cn/auth/admin.php +++ b/application/admin/lang/zh-cn/auth/admin.php @@ -1,9 +1,10 @@ '所属组别', - 'Loginfailure' => '登录失败次数', - 'Login time' => '最后登录', - 'Please input correct username' => '用户名只能由3-12位数字、字母、下划线组合', - 'Please input correct password' => '密码长度必须在6-16位之间,不能包含空格', + 'Group' => '所属组别', + 'Loginfailure' => '登录失败次数', + 'Login time' => '最后登录', + 'The parent group exceeds permission limit' => '父组别超出权限范围', + 'Please input correct username' => '用户名只能由3-12位数字、字母、下划线组合', + 'Please input correct password' => '密码长度必须在6-16位之间,不能包含空格', ]; diff --git a/application/admin/lang/zh-cn/auth/group.php b/application/admin/lang/zh-cn/auth/group.php index 3a63f586..9deec57f 100644 --- a/application/admin/lang/zh-cn/auth/group.php +++ b/application/admin/lang/zh-cn/auth/group.php @@ -5,7 +5,7 @@ return [ 'The parent group can not found' => '父组别未找到', 'Group not found' => '组别未找到', 'Can not change the parent to child' => '父组别不能是它的子组别', - 'Can not change the parent to self' => '父组别不能是它的子组别', + 'Can not change the parent to self' => '父组别不能是它自己', 'You can not delete group that contain child group and administrators' => '你不能删除含有子组和管理员的组', 'The parent group exceeds permission limit' => '父组别超出权限范围', 'The parent group can not be its own child or itself' => '父组别不能是它的子组别及本身', diff --git a/application/admin/lang/zh-cn/auth/rule.php b/application/admin/lang/zh-cn/auth/rule.php index 1c533fd5..765f3784 100644 --- a/application/admin/lang/zh-cn/auth/rule.php +++ b/application/admin/lang/zh-cn/auth/rule.php @@ -15,6 +15,7 @@ return [ 'Menu tips' => '父级菜单无需匹配控制器和方法,子级菜单请使用控制器名', 'Node tips' => '控制器/方法名,如果有目录请使用 目录名/控制器名/方法名', 'The non-menu rule must have parent' => '非菜单规则节点必须有父级', - 'Can not change the parent to child' => '父组别不能是它的子组别', + 'Can not change the parent to child' => '父级不能是它的子级', + 'Can not change the parent to self' => '父级不能是它自己', 'Name only supports letters, numbers, underscore and slash' => 'URL规则只能是小写字母、数字、下划线和/组成', ];