mirror of https://gitee.com/karson/fastadmin.git
优化管理员增删改事务处理
parent
d610fe6141
commit
e4b2066e0f
|
|
@ -123,32 +123,39 @@ class Admin extends Backend
|
||||||
$this->token();
|
$this->token();
|
||||||
$params = $this->request->post("row/a");
|
$params = $this->request->post("row/a");
|
||||||
if ($params) {
|
if ($params) {
|
||||||
if (!Validate::is($params['password'], '\S{6,16}')) {
|
Db::startTrans();
|
||||||
$this->error(__("Please input correct password"));
|
try {
|
||||||
}
|
if (!Validate::is($params['password'], '\S{6,16}')) {
|
||||||
$params['salt'] = Random::alnum();
|
exception(__("Please input correct password"));
|
||||||
$params['password'] = md5(md5($params['password']) . $params['salt']);
|
}
|
||||||
$params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。
|
$params['salt'] = Random::alnum();
|
||||||
$result = $this->model->validate('Admin.add')->save($params);
|
$params['password'] = md5(md5($params['password']) . $params['salt']);
|
||||||
if ($result === false) {
|
$params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。
|
||||||
$this->error($this->model->getError());
|
$result = $this->model->validate('Admin.add')->save($params);
|
||||||
}
|
if ($result === false) {
|
||||||
$group = $this->request->post("group/a");
|
exception($this->model->getError());
|
||||||
|
}
|
||||||
|
$group = $this->request->post("group/a");
|
||||||
|
|
||||||
//过滤不允许的组别,避免越权
|
//过滤不允许的组别,避免越权
|
||||||
$group = array_intersect($this->childrenGroupIds, $group);
|
$group = array_intersect($this->childrenGroupIds, $group);
|
||||||
if (!$group) {
|
if (!$group) {
|
||||||
$this->error(__('The parent group exceeds permission limit'));
|
exception(__('The parent group exceeds permission limit'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$dataset = [];
|
$dataset = [];
|
||||||
foreach ($group as $value) {
|
foreach ($group as $value) {
|
||||||
$dataset[] = ['uid' => $this->model->id, 'group_id' => $value];
|
$dataset[] = ['uid' => $this->model->id, 'group_id' => $value];
|
||||||
|
}
|
||||||
|
model('AuthGroupAccess')->saveAll($dataset);
|
||||||
|
Db::commit();
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
Db::rollback();
|
||||||
|
$this->error($e->getMessage());
|
||||||
}
|
}
|
||||||
model('AuthGroupAccess')->saveAll($dataset);
|
|
||||||
$this->success();
|
$this->success();
|
||||||
}
|
}
|
||||||
$this->error();
|
$this->error(__('Parameter %s can not be empty', ''));
|
||||||
}
|
}
|
||||||
return $this->view->fetch();
|
return $this->view->fetch();
|
||||||
}
|
}
|
||||||
|
|
@ -169,46 +176,53 @@ class Admin extends Backend
|
||||||
$this->token();
|
$this->token();
|
||||||
$params = $this->request->post("row/a");
|
$params = $this->request->post("row/a");
|
||||||
if ($params) {
|
if ($params) {
|
||||||
if ($params['password']) {
|
Db::startTrans();
|
||||||
if (!Validate::is($params['password'], '\S{6,16}')) {
|
try {
|
||||||
$this->error(__("Please input correct password"));
|
if ($params['password']) {
|
||||||
|
if (!Validate::is($params['password'], '\S{6,16}')) {
|
||||||
|
exception(__("Please input correct password"));
|
||||||
|
}
|
||||||
|
$params['salt'] = Random::alnum();
|
||||||
|
$params['password'] = md5(md5($params['password']) . $params['salt']);
|
||||||
|
} else {
|
||||||
|
unset($params['password'], $params['salt']);
|
||||||
|
}
|
||||||
|
//这里需要针对username和email做唯一验证
|
||||||
|
$adminValidate = \think\Loader::validate('Admin');
|
||||||
|
$adminValidate->rule([
|
||||||
|
'username' => 'require|regex:\w{3,12}|unique:admin,username,' . $row->id,
|
||||||
|
'email' => 'require|email|unique:admin,email,' . $row->id,
|
||||||
|
'password' => 'regex:\S{32}',
|
||||||
|
]);
|
||||||
|
$result = $row->validate('Admin.edit')->save($params);
|
||||||
|
if ($result === false) {
|
||||||
|
exception($row->getError());
|
||||||
}
|
}
|
||||||
$params['salt'] = Random::alnum();
|
|
||||||
$params['password'] = md5(md5($params['password']) . $params['salt']);
|
|
||||||
} else {
|
|
||||||
unset($params['password'], $params['salt']);
|
|
||||||
}
|
|
||||||
//这里需要针对username和email做唯一验证
|
|
||||||
$adminValidate = \think\Loader::validate('Admin');
|
|
||||||
$adminValidate->rule([
|
|
||||||
'username' => 'require|regex:\w{3,12}|unique:admin,username,' . $row->id,
|
|
||||||
'email' => 'require|email|unique:admin,email,' . $row->id,
|
|
||||||
'password' => 'regex:\S{32}',
|
|
||||||
]);
|
|
||||||
$result = $row->validate('Admin.edit')->save($params);
|
|
||||||
if ($result === false) {
|
|
||||||
$this->error($row->getError());
|
|
||||||
}
|
|
||||||
|
|
||||||
// 先移除所有权限
|
// 先移除所有权限
|
||||||
model('AuthGroupAccess')->where('uid', $row->id)->delete();
|
model('AuthGroupAccess')->where('uid', $row->id)->delete();
|
||||||
|
|
||||||
$group = $this->request->post("group/a");
|
$group = $this->request->post("group/a");
|
||||||
|
|
||||||
// 过滤不允许的组别,避免越权
|
// 过滤不允许的组别,避免越权
|
||||||
$group = array_intersect($this->childrenGroupIds, $group);
|
$group = array_intersect($this->childrenGroupIds, $group);
|
||||||
if (!$group) {
|
if (!$group) {
|
||||||
$this->error(__('The parent group exceeds permission limit'));
|
exception(__('The parent group exceeds permission limit'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$dataset = [];
|
||||||
|
foreach ($group as $value) {
|
||||||
|
$dataset[] = ['uid' => $row->id, 'group_id' => $value];
|
||||||
|
}
|
||||||
|
model('AuthGroupAccess')->saveAll($dataset);
|
||||||
|
Db::commit();
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
Db::rollback();
|
||||||
|
$this->error($e->getMessage());
|
||||||
}
|
}
|
||||||
|
|
||||||
$dataset = [];
|
|
||||||
foreach ($group as $value) {
|
|
||||||
$dataset[] = ['uid' => $row->id, 'group_id' => $value];
|
|
||||||
}
|
|
||||||
model('AuthGroupAccess')->saveAll($dataset);
|
|
||||||
$this->success();
|
$this->success();
|
||||||
}
|
}
|
||||||
$this->error();
|
$this->error(__('Parameter %s can not be empty', ''));
|
||||||
}
|
}
|
||||||
$grouplist = $this->auth->getGroups($row['id']);
|
$grouplist = $this->auth->getGroups($row['id']);
|
||||||
$groupids = [];
|
$groupids = [];
|
||||||
|
|
@ -243,10 +257,18 @@ class Admin extends Backend
|
||||||
}
|
}
|
||||||
$deleteIds = array_values(array_diff($deleteIds, [$this->auth->id]));
|
$deleteIds = array_values(array_diff($deleteIds, [$this->auth->id]));
|
||||||
if ($deleteIds) {
|
if ($deleteIds) {
|
||||||
$this->model->destroy($deleteIds);
|
Db::startTrans();
|
||||||
model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete();
|
try {
|
||||||
|
$this->model->destroy($deleteIds);
|
||||||
|
model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete();
|
||||||
|
Db::commit();
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
Db::rollback();
|
||||||
|
$this->error($e->getMessage());
|
||||||
|
}
|
||||||
$this->success();
|
$this->success();
|
||||||
}
|
}
|
||||||
|
$this->error(__('No rows were deleted'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->error(__('You have no permission'));
|
$this->error(__('You have no permission'));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue