Admin.php 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
  1. <?php
  2. namespace app\admin\controller\auth;
  3. use app\admin\model\AuthGroup;
  4. use app\admin\model\AuthGroupAccess;
  5. use app\common\controller\Backend;
  6. use fast\Random;
  7. use fast\Tree;
  8. use think\Validate;
  9. /**
  10. * 管理员管理
  11. *
  12. * @icon fa fa-users
  13. * @remark 一个管理员可以有多个角色组,左侧的菜单根据管理员所拥有的权限进行生成
  14. */
  15. class Admin extends Backend
  16. {
  17. /**
  18. * @var \app\admin\model\Admin
  19. */
  20. protected $model = null;
  21. protected $childrenGroupIds = [];
  22. protected $childrenAdminIds = [];
  23. public function _initialize()
  24. {
  25. parent::_initialize();
  26. $this->model = model('Admin');
  27. $this->childrenAdminIds = $this->auth->getChildrenAdminIds(true);
  28. $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true);
  29. $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray();
  30. Tree::instance()->init($groupList);
  31. $groupdata = [];
  32. if ($this->auth->isSuperAdmin()) {
  33. $result = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0));
  34. foreach ($result as $k => $v) {
  35. $groupdata[$v['id']] = $v['name'];
  36. }
  37. } else {
  38. $result = [];
  39. $groups = $this->auth->getGroups();
  40. foreach ($groups as $m => $n) {
  41. $childlist = Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['id']));
  42. $temp = [];
  43. foreach ($childlist as $k => $v) {
  44. $temp[$v['id']] = $v['name'];
  45. }
  46. $result[__($n['name'])] = $temp;
  47. }
  48. $groupdata = $result;
  49. }
  50. $this->view->assign('groupdata', $groupdata);
  51. $this->assignconfig("admin", ['id' => $this->auth->id]);
  52. }
  53. /**
  54. * 查看
  55. */
  56. public function index()
  57. {
  58. if ($this->request->isAjax()) {
  59. //如果发送的来源是Selectpage,则转发到Selectpage
  60. if ($this->request->request('keyField')) {
  61. return $this->selectpage();
  62. }
  63. $childrenGroupIds = $this->childrenGroupIds;
  64. $groupName = AuthGroup::where('id', 'in', $childrenGroupIds)
  65. ->column('id,name');
  66. $authGroupList = AuthGroupAccess::where('group_id', 'in', $childrenGroupIds)
  67. ->field('uid,group_id')
  68. ->select();
  69. $adminGroupName = [];
  70. foreach ($authGroupList as $k => $v) {
  71. if (isset($groupName[$v['group_id']])) {
  72. $adminGroupName[$v['uid']][$v['group_id']] = $groupName[$v['group_id']];
  73. }
  74. }
  75. $groups = $this->auth->getGroups();
  76. foreach ($groups as $m => $n) {
  77. $adminGroupName[$this->auth->id][$n['id']] = $n['name'];
  78. }
  79. list($where, $sort, $order, $offset, $limit) = $this->buildparams();
  80. $total = $this->model
  81. ->where($where)
  82. ->where('id', 'in', $this->childrenAdminIds)
  83. ->order($sort, $order)
  84. ->count();
  85. $list = $this->model
  86. ->where($where)
  87. ->where('id', 'in', $this->childrenAdminIds)
  88. ->field(['password', 'salt', 'token'], true)
  89. ->order($sort, $order)
  90. ->limit($offset, $limit)
  91. ->select();
  92. foreach ($list as $k => &$v) {
  93. $groups = isset($adminGroupName[$v['id']]) ? $adminGroupName[$v['id']] : [];
  94. $v['groups'] = implode(',', array_keys($groups));
  95. $v['groups_text'] = implode(',', array_values($groups));
  96. }
  97. unset($v);
  98. $result = array("total" => $total, "rows" => $list);
  99. return json($result);
  100. }
  101. return $this->view->fetch();
  102. }
  103. /**
  104. * 添加
  105. */
  106. public function add()
  107. {
  108. if ($this->request->isPost()) {
  109. $this->token();
  110. $params = $this->request->post("row/a");
  111. if ($params) {
  112. if (!Validate::is($params['password'], '\S{6,16}')) {
  113. $this->error(__("Please input correct password"));
  114. }
  115. $params['salt'] = Random::alnum();
  116. $params['password'] = md5(md5($params['password']) . $params['salt']);
  117. $params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。
  118. $result = $this->model->validate('Admin.add')->save($params);
  119. if ($result === false) {
  120. $this->error($this->model->getError());
  121. }
  122. $group = $this->request->post("group/a");
  123. //过滤不允许的组别,避免越权
  124. $group = array_intersect($this->childrenGroupIds, $group);
  125. $dataset = [];
  126. foreach ($group as $value) {
  127. $dataset[] = ['uid' => $this->model->id, 'group_id' => $value];
  128. }
  129. model('AuthGroupAccess')->saveAll($dataset);
  130. $this->success();
  131. }
  132. $this->error();
  133. }
  134. return $this->view->fetch();
  135. }
  136. /**
  137. * 编辑
  138. */
  139. public function edit($ids = null)
  140. {
  141. $row = $this->model->get(['id' => $ids]);
  142. if (!$row) {
  143. $this->error(__('No Results were found'));
  144. }
  145. if (!in_array($row->id, $this->childrenAdminIds)) {
  146. $this->error(__('You have no permission'));
  147. }
  148. if ($this->request->isPost()) {
  149. $this->token();
  150. $params = $this->request->post("row/a");
  151. if ($params) {
  152. if ($params['password']) {
  153. if (!Validate::is($params['password'], '\S{6,16}')) {
  154. $this->error(__("Please input correct password"));
  155. }
  156. $params['salt'] = Random::alnum();
  157. $params['password'] = md5(md5($params['password']) . $params['salt']);
  158. } else {
  159. unset($params['password'], $params['salt']);
  160. }
  161. //这里需要针对username和email做唯一验证
  162. $adminValidate = \think\Loader::validate('Admin');
  163. $adminValidate->rule([
  164. 'username' => 'require|regex:\w{3,12}|unique:admin,username,' . $row->id,
  165. 'email' => 'require|email|unique:admin,email,' . $row->id,
  166. 'password' => 'regex:\S{32}',
  167. ]);
  168. $result = $row->validate('Admin.edit')->save($params);
  169. if ($result === false) {
  170. $this->error($row->getError());
  171. }
  172. // 先移除所有权限
  173. model('AuthGroupAccess')->where('uid', $row->id)->delete();
  174. $group = $this->request->post("group/a");
  175. // 过滤不允许的组别,避免越权
  176. $group = array_intersect($this->childrenGroupIds, $group);
  177. $dataset = [];
  178. foreach ($group as $value) {
  179. $dataset[] = ['uid' => $row->id, 'group_id' => $value];
  180. }
  181. model('AuthGroupAccess')->saveAll($dataset);
  182. $this->success();
  183. }
  184. $this->error();
  185. }
  186. $grouplist = $this->auth->getGroups($row['id']);
  187. $groupids = [];
  188. foreach ($grouplist as $k => $v) {
  189. $groupids[] = $v['id'];
  190. }
  191. $this->view->assign("row", $row);
  192. $this->view->assign("groupids", $groupids);
  193. return $this->view->fetch();
  194. }
  195. /**
  196. * 删除
  197. */
  198. public function del($ids = "")
  199. {
  200. if ($ids) {
  201. $ids = array_intersect($this->childrenAdminIds, array_filter(explode(',', $ids)));
  202. // 避免越权删除管理员
  203. $childrenGroupIds = $this->childrenGroupIds;
  204. $adminList = $this->model->where('id', 'in', $ids)->where('id', 'in', function ($query) use ($childrenGroupIds) {
  205. $query->name('auth_group_access')->where('group_id', 'in', $childrenGroupIds)->field('uid');
  206. })->select();
  207. if ($adminList) {
  208. $deleteIds = [];
  209. foreach ($adminList as $k => $v) {
  210. $deleteIds[] = $v->id;
  211. }
  212. $deleteIds = array_values(array_diff($deleteIds, [$this->auth->id]));
  213. if ($deleteIds) {
  214. $this->model->destroy($deleteIds);
  215. model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete();
  216. $this->success();
  217. }
  218. }
  219. }
  220. $this->error(__('You have no permission'));
  221. }
  222. /**
  223. * 批量更新
  224. * @internal
  225. */
  226. public function multi($ids = "")
  227. {
  228. // 管理员禁止批量操作
  229. $this->error();
  230. }
  231. /**
  232. * 下拉搜索
  233. */
  234. public function selectpage()
  235. {
  236. $this->dataLimit = 'auth';
  237. $this->dataLimitField = 'id';
  238. return parent::selectpage();
  239. }
  240. }