diff --git a/application/admin/controller/auth/Admin.php b/application/admin/controller/auth/Admin.php index 7e25dcb0..aee9c13a 100644 --- a/application/admin/controller/auth/Admin.php +++ b/application/admin/controller/auth/Admin.php @@ -123,32 +123,39 @@ class Admin extends Backend $this->token(); $params = $this->request->post("row/a"); if ($params) { - if (!Validate::is($params['password'], '\S{6,16}')) { - $this->error(__("Please input correct password")); - } - $params['salt'] = Random::alnum(); - $params['password'] = md5(md5($params['password']) . $params['salt']); - $params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。 - $result = $this->model->validate('Admin.add')->save($params); - if ($result === false) { - $this->error($this->model->getError()); - } - $group = $this->request->post("group/a"); + Db::startTrans(); + try { + if (!Validate::is($params['password'], '\S{6,16}')) { + exception(__("Please input correct password")); + } + $params['salt'] = Random::alnum(); + $params['password'] = md5(md5($params['password']) . $params['salt']); + $params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。 + $result = $this->model->validate('Admin.add')->save($params); + if ($result === false) { + exception($this->model->getError()); + } + $group = $this->request->post("group/a"); - //过滤不允许的组别,避免越权 - $group = array_intersect($this->childrenGroupIds, $group); - if (!$group) { - $this->error(__('The parent group exceeds permission limit')); - } + //过滤不允许的组别,避免越权 + $group = array_intersect($this->childrenGroupIds, $group); + if (!$group) { + exception(__('The parent group exceeds permission limit')); + } - $dataset = []; - foreach ($group as $value) { - $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; + $dataset = []; + foreach ($group as $value) { + $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; + } + model('AuthGroupAccess')->saveAll($dataset); + Db::commit(); + } catch (\Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); } - model('AuthGroupAccess')->saveAll($dataset); $this->success(); } - $this->error(); + $this->error(__('Parameter %s can not be empty', '')); } return $this->view->fetch(); } @@ -169,46 +176,53 @@ class Admin extends Backend $this->token(); $params = $this->request->post("row/a"); if ($params) { - if ($params['password']) { - if (!Validate::is($params['password'], '\S{6,16}')) { - $this->error(__("Please input correct password")); + Db::startTrans(); + try { + if ($params['password']) { + if (!Validate::is($params['password'], '\S{6,16}')) { + exception(__("Please input correct password")); + } + $params['salt'] = Random::alnum(); + $params['password'] = md5(md5($params['password']) . $params['salt']); + } else { + unset($params['password'], $params['salt']); + } + //这里需要针对username和email做唯一验证 + $adminValidate = \think\Loader::validate('Admin'); + $adminValidate->rule([ + 'username' => 'require|regex:\w{3,12}|unique:admin,username,' . $row->id, + 'email' => 'require|email|unique:admin,email,' . $row->id, + 'password' => 'regex:\S{32}', + ]); + $result = $row->validate('Admin.edit')->save($params); + if ($result === false) { + exception($row->getError()); } - $params['salt'] = Random::alnum(); - $params['password'] = md5(md5($params['password']) . $params['salt']); - } else { - unset($params['password'], $params['salt']); - } - //这里需要针对username和email做唯一验证 - $adminValidate = \think\Loader::validate('Admin'); - $adminValidate->rule([ - 'username' => 'require|regex:\w{3,12}|unique:admin,username,' . $row->id, - 'email' => 'require|email|unique:admin,email,' . $row->id, - 'password' => 'regex:\S{32}', - ]); - $result = $row->validate('Admin.edit')->save($params); - if ($result === false) { - $this->error($row->getError()); - } - // 先移除所有权限 - model('AuthGroupAccess')->where('uid', $row->id)->delete(); + // 先移除所有权限 + model('AuthGroupAccess')->where('uid', $row->id)->delete(); - $group = $this->request->post("group/a"); + $group = $this->request->post("group/a"); - // 过滤不允许的组别,避免越权 - $group = array_intersect($this->childrenGroupIds, $group); - if (!$group) { - $this->error(__('The parent group exceeds permission limit')); + // 过滤不允许的组别,避免越权 + $group = array_intersect($this->childrenGroupIds, $group); + if (!$group) { + exception(__('The parent group exceeds permission limit')); + } + + $dataset = []; + foreach ($group as $value) { + $dataset[] = ['uid' => $row->id, 'group_id' => $value]; + } + model('AuthGroupAccess')->saveAll($dataset); + Db::commit(); + } catch (\Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); } - - $dataset = []; - foreach ($group as $value) { - $dataset[] = ['uid' => $row->id, 'group_id' => $value]; - } - model('AuthGroupAccess')->saveAll($dataset); $this->success(); } - $this->error(); + $this->error(__('Parameter %s can not be empty', '')); } $grouplist = $this->auth->getGroups($row['id']); $groupids = []; @@ -243,10 +257,18 @@ class Admin extends Backend } $deleteIds = array_values(array_diff($deleteIds, [$this->auth->id])); if ($deleteIds) { - $this->model->destroy($deleteIds); - model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete(); + Db::startTrans(); + try { + $this->model->destroy($deleteIds); + model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete(); + Db::commit(); + } catch (\Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); + } $this->success(); } + $this->error(__('No rows were deleted')); } } $this->error(__('You have no permission'));