diff --git a/application/admin/controller/auth/Admin.php b/application/admin/controller/auth/Admin.php index 1d32fba..0fa48bf 100644 --- a/application/admin/controller/auth/Admin.php +++ b/application/admin/controller/auth/Admin.php @@ -347,6 +347,9 @@ class Admin extends Backend try { $this->model->destroy($deleteIds); model('AuthGroupAccess')->where('uid', 'in', $deleteIds)->delete(); + \app\adminapi\model\AuthGroupAccess::where('uid', 'in', $deleteIds)->delete(); + + Db::commit(); } catch (\Exception $e) { Db::rollback(); diff --git a/application/admin/controller/school/activity/Cate.php b/application/admin/controller/school/activity/Cate.php index b929d83..7790212 100644 --- a/application/admin/controller/school/activity/Cate.php +++ b/application/admin/controller/school/activity/Cate.php @@ -3,6 +3,8 @@ namespace app\admin\controller\school\activity; use app\common\controller\Backend; +use think\exception\DbException; +use think\response\Json; /** * 机构活动分类 @@ -35,4 +37,36 @@ class Cate extends Backend */ + /** + * 查看 + * + * @return string|Json + * @throws \think\Exception + * @throws DbException + */ + public function index() + { + + + $this->searchFields = ["id","name"]; + + //设置过滤方法 + $this->request->filter(['strip_tags', 'trim']); + if (false === $this->request->isAjax()) { + return $this->view->fetch(); + } + //如果发送的来源是 Selectpage,则转发到 Selectpage + if ($this->request->request('keyField')) { + return $this->selectpage(); + } + [$where, $sort, $order, $offset, $limit] = $this->buildparams(); + $list = $this->model + ->where($where) + ->order($sort, $order) + ->paginate($limit); + $result = ['total' => $list->total(), 'rows' => $list->items()]; + return json($result); + } + + } diff --git a/application/adminapi/controller/Admin.php b/application/adminapi/controller/Admin.php index e9ae706..1428648 100644 --- a/application/adminapi/controller/Admin.php +++ b/application/adminapi/controller/Admin.php @@ -6,18 +6,26 @@ namespace app\adminapi\controller; use app\adminapi\model\Admin as AdminModel; use app\adminapi\model\AuthRule; use app\common\controller\AdminApi; +use app\common\exception\UploadException; +use app\common\library\Upload; +use app\common\model\Area; +use app\common\model\Version; +use think\Config; use think\Cookie; use think\Hook; +/** + * 基础后台接口 + */ class Admin extends AdminApi { protected $model = null; - protected $noNeedLogin = ['login']; - protected $noNeedRight = '*'; + protected $noNeedLogin = ['login',"init"]; + protected $noNeedRight = ["logout","menu","check_auth","have_auth"]; /** @@ -146,4 +154,124 @@ class Admin extends AdminApi } + + /** + * 分离后台加载初始化 + * + * @ApiParams (name="lng", type="string", required=true, description="经度") + * @ApiParams (name="lat", type="string", required=true, description="纬度") + */ + public function init() + { + + $lng = $this->request->request('lng'); + $lat = $this->request->request('lat'); + + //配置信息 + $upload = Config::get('upload'); + //如果非服务端中转模式需要修改为中转 + if ($upload['storage'] != 'local' && isset($upload['uploadmode']) && $upload['uploadmode'] != 'server') { + //临时修改上传模式为服务端中转 + set_addon_config($upload['storage'], ["uploadmode" => "server"], false); + + $upload = \app\common\model\Config::upload(); + // 上传信息配置后 + Hook::listen("upload_config_init", $upload); + + $upload = Config::set('upload', array_merge(Config::get('upload'), $upload)); + } + + $upload['cdnurl'] = $upload['cdnurl'] ? $upload['cdnurl'] : cdnurl('', true); + $upload['uploadurl'] = preg_match("/^((?:[a-z]+:)?\/\/)(.*)/i", $upload['uploadurl']) ? $upload['uploadurl'] : url($upload['storage'] == 'local' ? '/adminapi/admin/upload' : $upload['uploadurl'], '', false, true); + + $content = [ + 'citydata' => Area::getCityFromLngLat($lng, $lat), +// 'versiondata' => Version::check($version), + 'uploaddata' => $upload, + 'coverdata' => Config::get("cover"), + ]; + $this->success('', $content); + } + + + + /** + * 上传文件 + * @ApiMethod (POST) + * @ApiParams (name="file", type="File", required=true, description="文件流") + * @ApiParams (name="category", type="string", required=true, description="分类标识:category1=非机密类1,category2=非机密类2,cert=证件机密类,code=二维码类,user=用户普通上传") + */ + public function upload() + { + Config::set('default_return_type', 'json'); + //必须设定cdnurl为空,否则cdnurl函数计算错误 + Config::set('upload.cdnurl', ''); + $category = $this->request->post("category",'user'); +// var_dump($category);die; + $chunkid = $this->request->post("chunkid"); + if ($chunkid) { + if (!Config::get('upload.chunking')) { + $this->error(__('Chunk file disabled')); + } + $action = $this->request->post("action"); + $chunkindex = $this->request->post("chunkindex/d"); + $chunkcount = $this->request->post("chunkcount/d"); + $filename = $this->request->post("filename"); + + $method = $this->request->method(true); + if ($action == 'merge') { + $attachment = null; + //合并分片文件 + try { + $upload = new Upload(); + $attachment = $upload->merge($chunkid, $chunkcount, $filename); + } catch (UploadException $e) { + $this->error($e->getMessage()); + } + $this->success(__('Uploaded successful'), ['url' => $attachment->url, 'fullurl' => cdnurl($attachment->url, true)]); + } elseif ($method == 'clean') { + //删除冗余的分片文件 + try { + $upload = new Upload(); + $upload->clean($chunkid); + } catch (UploadException $e) { + $this->error($e->getMessage()); + } + $this->success(); + } else { + //上传分片文件 + //默认普通上传文件 + $file = $this->request->file('file'); + try { + + $upload = new Upload($file); + $upload->chunk($chunkid, $chunkindex, $chunkcount); + + } catch (UploadException $e) { + $this->error($e->getMessage()); + } + $this->success(); + } + } else { + $attachment = null; + //默认普通上传文件 + $file = $this->request->file('file'); + try { + + $upload = new Upload($file,$category); + $attachment = $upload->upload(); + +// $attachment = $upload->upload(); + } catch (UploadException $e) { + $this->error($e->getMessage().$e->getFile().$e->getLine()); + } catch (\Exception $e) { + $this->error($e->getMessage().$e->getFile().$e->getLine()); + } + + $this->success(__('Uploaded successful'), ['url' => $attachment->url, 'fullurl' => cdnurl($attachment->url, true)]); + } + + } + + } \ No newline at end of file diff --git a/application/adminapi/controller/AdminManager.php b/application/adminapi/controller/AdminManager.php new file mode 100644 index 0000000..92fd6a6 --- /dev/null +++ b/application/adminapi/controller/AdminManager.php @@ -0,0 +1,415 @@ +model = new Admin; + + $this->childrenAdminIds = $this->auth->getChildrenAdminIds($this->auth->isSuperAdmin()); + $this->childrenGroupIds = $this->auth->getChildrenGroupIds($this->auth->isSuperAdmin()); +// var_dump($this->childrenGroupIds); + + + + $groupList = collection(AuthGroup::where('id', 'in', $this->childrenGroupIds)->select())->toArray(); + + Tree::instance()->init($groupList); + $groupdata = []; + if ($this->auth->isSuperAdmin()) { + $result = Tree::instance()->getTreeList(Tree::instance()->getTreeArray(0)); + foreach ($result as $k => $v) { + $groupdata[$v['id']] = $v['name']; + } + } else { + $result = []; + $groups = $this->auth->getGroups(); + foreach ($groups as $m => $n) { + $childlist = Tree::instance()->getTreeList(Tree::instance()->getTreeArray($n['id'])); + $temp = []; + foreach ($childlist as $k => $v) { + $temp[$v['id']] = $v['name']; + } + $result[__($n['name'])] = $temp; + } + $groupdata = $result; + } + $this->groupdata = $groupdata; + $this->addressCityList = $this->model->getAddressCityList(); + } + + + + /** + * 查看列表 + * + * @ApiMethod (GET) + * @ApiParams (name="limit", type="int", required=true, description="每页条数") + * @ApiParams (name="page", type="int", required=true, description="页数") + * @ApiParams (name="username", type="string", required=true, description="用户名") + * @ApiParams (name="nickname", type="string", required=true, description="昵称") + * @ApiParams (name="mobile", type="int", required=true, description="手机号码") + */ + public function index() + { + //设置过滤方法 + $this->request->filter(['strip_tags', 'trim']); + + $where = []; + $limit = $this->request->get("limit/d",10); + $username = $this->request->get("username/s",""); + if($username){ + $where['username'] = ['like',"%{$username}%"]; + } + + $nickname = $this->request->get("nickname/s",""); + if($nickname){ + $where['nickname'] = ['like',"%{$nickname}%"]; + } + + $mobile = $this->request->get("mobile/s",""); + if($mobile){ + $where['mobile'] = ['like',"%{$mobile}%"]; + } + +// if(!$where)$where = [[]]; + + + + $childrenGroupIds = $this->childrenGroupIds; + $groupName = AuthGroup::where('id', 'in', $childrenGroupIds) + ->column('id,name'); + $authGroupList = AuthGroupAccess::where('group_id', 'in', $childrenGroupIds) + ->field('uid,group_id') + ->select(); + + $adminGroupName = []; + foreach ($authGroupList as $k => $v) { + if (isset($groupName[$v['group_id']])) { + $adminGroupName[$v['uid']][$v['group_id']] = $groupName[$v['group_id']]; + } + } + $groups = $this->auth->getGroups(); + foreach ($groups as $m => $n) { + $adminGroupName[$this->auth->id][$n['id']] = $n['name']; + } + + $list = $this->model + ->where($where) + ->where('id', 'in', $this->childrenAdminIds) + ->field(['password', 'salt', 'token'], true) + ->order("id desc") + ->paginate($limit); + + foreach ($list as $k => &$v) { + $groups = isset($adminGroupName[$v['id']]) ? $adminGroupName[$v['id']] : []; + $v['groups'] = implode(',', array_keys($groups)); + $v['groups_text'] = implode(',', array_values($groups)); + } + unset($v); + $result = array("total" => $list->total(), "rows" => $list->items()); + + $this->success("查询成功!",$result); + + } + + + + /** + * 添加管理员(GET为查询可添加的权限组信息) + * + * @ApiMethod (POST|GET) + * @ApiParams (name="email", type="int", required=true, description="电子邮箱") + * @ApiParams (name="password", type="int", required=true, description="登录密码") + * @ApiParams (name="username", type="string", required=true, description="用户名") + * @ApiParams (name="nickname", type="string", required=true, description="昵称") + * @ApiParams (name="mobile", type="int", required=true, description="手机号码") + * @ApiParams (name="group", type="string", required=true, description="api权限组ids,多值逗号隔开") + */ + public function add() + { + if ($this->request->isPost()) { + $params = []; + + $params["email"] = $this->request->post("email/s"); + $params["password"] = $this->request->post("password/s"); + $params["username"] = $this->request->post("username/s"); + $params["nickname"] = $this->request->post("nickname/s"); + $params["mobile"] = $this->request->post("mobile/s"); + $group = $this->request->post("group/s",""); + $group = explode(',', $group); + + if ($params) { + Db::startTrans(); + try { + if (!Validate::is($params['password'], '\S{6,30}')) { + exception(__("Please input correct password")); + } + $params['salt'] = Random::alnum(); + $params['password'] = $this->auth->getEncryptPassword($params['password'], $params['salt']); + $params['avatar'] = '/assets/img/avatar.png'; //设置新管理员默认头像。 + $result = $this->model->validate('Admin.add')->save($params); + if ($result === false) { + exception($this->model->getError()); + } + +// $apigroup = $this->request->post("apigroup/a"); + + //过滤不允许的组别,避免越权 + $group = array_intersect($this->childrenGroupIds, $group); + if (!$group) { + exception(__('The parent group exceeds permission limit')); + } + + +// $apigroup = array_intersect($this->childrenApiGroupIds, $apigroup); +// if (!$apigroup) { +// exception(__('The parent group exceeds permission limit')); +// } + + + + $dataset = []; + foreach ($group as $value) { + $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; + } + (new AuthGroupAccess)->saveAll($dataset); + + +// $dataset = []; +// foreach ($apigroup as $value) { +// $dataset[] = ['uid' => $this->model->id, 'group_id' => $value]; +// } +// (new \app\admin\model\api\AuthGroupAccess())->saveAll($dataset); + + Db::commit(); + } catch (\Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); + } + $this->success(); + } + $this->error(__('Parameter %s can not be empty', '')); + }else{ + $this->success("获取权限组信息成功",[ + 'group'=>$this->groupdata + ]); + } + } + + + + + + /** + * 编辑管理员 + * + * @ApiMethod (POST) + * @ApiRoute (/adminapi/admin_manager/edit/ids/{ids}) + * @ApiParams (name="ids", type="string", required=true, description="需要编辑的ids") + * @ApiParams (name="email", type="int", required=true, description="电子邮箱") + * @ApiParams (name="password", type="int", required=true, description="登录密码") + * @ApiParams (name="username", type="string", required=true, description="用户名") + * @ApiParams (name="nickname", type="string", required=true, description="昵称") + * @ApiParams (name="mobile", type="int", required=true, description="手机号码") + * @ApiParams (name="group", type="string", required=true, description="api权限组ids,多值逗号隔开1") + */ + public function edit($ids = null) + { + $row = $this->model->get(['id' => $ids]); + if (!$row) { + $this->error(__('No Results were found')); + } + if (!in_array($row->id, $this->childrenAdminIds)) { + $this->error(__('You have no permission')); + } + if ($this->request->isPost()) { + + $params = []; + + $params["email"] = $this->request->post("email/s"); + $params["password"] = $this->request->post("password/s"); + $params["username"] = $this->request->post("username/s"); + $params["nickname"] = $this->request->post("nickname/s"); + $params["mobile"] = $this->request->post("mobile/s"); + $group = $this->request->post("group/s",""); + $group = explode(',', $group); + if ($params) { + Db::startTrans(); + try { + if ($params['password']) { + if (!Validate::is($params['password'], '\S{6,30}')) { + exception(__("Please input correct password")); + } + $params['salt'] = Random::alnum(); + $params['password'] = $this->auth->getEncryptPassword($params['password'], $params['salt']); + } else { + unset($params['password'], $params['salt']); + } + //这里需要针对username和email做唯一验证 + $adminValidate = \think\Loader::validate('Admin'); + $adminValidate->rule([ + 'username' => 'require|regex:\w{3,30}|unique:admin,username,' . $row->id, + 'email' => 'require|email|unique:admin,email,' . $row->id, + 'mobile' => 'regex:1[3-9]\d{9}|unique:admin,mobile,' . $row->id, + 'password' => 'regex:\S{32}', + ]); + $result = $row->validate('Admin.edit')->save($params); + if ($result === false) { + exception($row->getError()); + } + + // 先移除所有权限 +// model('AuthGroupAccess')->where('uid', $row->id)->delete(); + \app\adminapi\model\AuthGroupAccess::where('uid', $row->id)->delete(); + +// $group = $this->request->post("group/a"); +// $apigroup = $this->request->post("apigroup/a"); + + // 过滤不允许的组别,避免越权 + $group = array_intersect($this->childrenGroupIds, $group); + if (!$group) { + exception(__('The parent group exceeds permission limit')); + } + +// $apigroup = array_intersect($this->childrenApiGroupIds, $apigroup); +// if (!$apigroup) { +// exception(__('The parent group exceeds permission limit')); +// } + + + $dataset = []; + foreach ($group as $value) { + $dataset[] = ['uid' => $row->id, 'group_id' => $value]; + } + (new AuthGroupAccess)->saveAll($dataset); + + +// $dataset = []; +// foreach ($apigroup as $value) { +// $dataset[] = ['uid' => $row->id, 'group_id' => $value]; +// } +// (new \app\admin\model\api\AuthGroupAccess())->saveAll($dataset); + + Db::commit(); + } catch (\Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); + } + $this->success(); + } + $this->error(__('Parameter %s can not be empty', '')); + } + + } + + + /** + * 查看详情 + * + * @ApiMethod (GET) + * @ApiParams (name="id", type="string", required=true, description="管理员ID") + */ + public function detail() + { + $admin_id = $this->auth->id; + $id = $this->request->get('id/d'); + + try{ + $row = $this->model->detail($id,$show_field=[],["token","salt","password","logintime","loginip"]); + } catch (\Exception $e) { + $this->error($e->getMessage()); + } + + $grouplist = $this->auth->getGroups($row['id']); + $groupids = []; + foreach ($grouplist as $k => $v) { + $groupids[] = $v['id']; + } + + + $this->success('查询成功', [ + 'row' => $row, + 'groupids' => $groupids, + ]); + } + + + + + /** + * 删除 + * @ApiRoute (/adminapi/admin_manager/del/ids/{ids}) + * @ApiParams (name="ids", type="string", required=true, description="需要删除的ids") + */ + public function del($ids = "") + { + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $ids = $ids ? $ids : $this->request->post("ids"); + if ($ids) { + $ids = array_intersect($this->childrenAdminIds, array_filter(explode(',', $ids))); + // 避免越权删除管理员 + $childrenGroupIds = $this->childrenGroupIds; + $adminList = $this->model->where('id', 'in', $ids)->where('id', 'in', function ($query) use ($childrenGroupIds) { + $query->name('api_auth_group_access')->where('group_id', 'in', $childrenGroupIds)->field('uid'); + })->select(); + if ($adminList) { + $deleteIds = []; + foreach ($adminList as $k => $v) { + $deleteIds[] = $v->id; + } + $deleteIds = array_values(array_diff($deleteIds, [$this->auth->id])); + if ($deleteIds) { + Db::startTrans(); + try { + $this->model->destroy($deleteIds); + AuthGroupAccess::where('uid', 'in', $deleteIds)->delete(); + \app\admin\model\AuthGroupAccess::where('uid', 'in', $deleteIds)->delete(); + Db::commit(); + } catch (\Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); + } + $this->success(); + } + $this->error(__('No rows were deleted')); + } + } + $this->error(__('You have no permission')); + } + + + +} \ No newline at end of file diff --git a/application/adminapi/controller/Adminlog.php b/application/adminapi/controller/Adminlog.php new file mode 100644 index 0000000..aec5587 --- /dev/null +++ b/application/adminapi/controller/Adminlog.php @@ -0,0 +1,135 @@ +model = new AdminLogModel; + + $this->childrenAdminIds = $this->auth->getChildrenAdminIds(true); + $this->childrenGroupIds = $this->auth->getChildrenGroupIds(true); + + $groupName = AuthGroup::where('id', 'in', $this->childrenGroupIds) + ->column('id,name'); + + $this->groupdata = $groupName; + + } + + + + /** + * 管理员操作日志列表 + * + * @ApiMethod (GET) + * @ApiParams (name="limit", type="int", required=true, description="每页条数") + * @ApiParams (name="page", type="int", required=true, description="页数") + * @ApiParams (name="username", type="string", required=false, description="管理员名字") + * @ApiParams (name="url", type="string", required=false, description="url") + * @ApiParams (name="title", type="string", required=false, description="日志标题") + * @ApiParams (name="content", type="string", required=false, description="日志内容") + * @ApiParams (name="ip", type="string", required=false, description="IP") + */ + public function index() + { + //设置过滤方法 + $this->request->filter(['strip_tags', 'trim']); + if ($this->request->isAjax()) { + + $isSuperAdmin = $this->auth->isSuperAdmin(); + $childrenAdminIds = $this->childrenAdminIds; + + $where = []; + $limit = $this->request->get("limit/d",10); + $username = $this->request->get("username/s",""); + if($username){ + $where['username'] = ['like',"%{$username}%"]; + } + + $url = $this->request->get("url/s",""); + if($url){ + $where['url'] = ['like',"%{$url}%"]; + } + + $title = $this->request->get("title/s",""); + if($title){ + $where['title'] = ['like',"%{$title}%"]; + } + + $content = $this->request->get("content/s",""); + if($content){ + $where['content'] = ['like',"%{$content}%"]; + } + + $ip = $this->request->get("ip/s",""); + if($ip){ + $where['ip'] = ['like',"%{$ip}%"]; + } + + + + $list = $this->model + ->where($where) + ->where(function ($query) use ($isSuperAdmin, $childrenAdminIds) { + if (!$isSuperAdmin) { + $query->where('admin_id', 'in', $childrenAdminIds); + } + }) + ->field('content,useragent', true) + ->order("id desc") + ->paginate($limit); + + $result = array("total" => $list->total(), "rows" => $list->items()); + + $this->success("查询成功!",$result); + } + } + + + + /** + * 日志详情 + * + * @ApiMethod (GET) + * @ApiRoute (/adminapi/adminlog/detail/ids/{ids}) + * @ApiParams (name="ids", type="string", required=true, description="需要查看的ids") + */ + public function detail($ids) + { + $row = $this->model->get(['id' => $ids]); + if (!$row) { + $this->error(__('No Results were found')); + } + if (!$this->auth->isSuperAdmin()) { + if (!$row['admin_id'] || !in_array($row['admin_id'], $this->childrenAdminIds)) { + $this->error(__('You have no permission')); + } + } + $this->success("查询成功!",$row); + } + + + +} \ No newline at end of file diff --git a/application/adminapi/controller/Attachment.php b/application/adminapi/controller/Attachment.php new file mode 100644 index 0000000..8587ac7 --- /dev/null +++ b/application/adminapi/controller/Attachment.php @@ -0,0 +1,210 @@ +model = new AttachmentModel; +// $this->view->assign("mimetypeList", \app\common\model\Attachment::getMimetypeList()); +// $this->view->assign("categoryList", \app\common\model\Attachment::getCategoryList()); + } + + + /** + * 查看附件分类和类型 + */ + public function config() + { + $mimetypeList = \app\common\model\Attachment::getMimetypeList(); + $categoryList = \app\common\model\Attachment::getCategoryList(); + $this->success('查看数据', [ + 'mimetypeList' => $mimetypeList, + 'categoryList' => $categoryList, + ]); + } + + + + /** + * 查看附件列表 + * + * @ApiMethod (GET) + * @ApiParams (name="limit", type="int", required=true, description="每页条数") + * @ApiParams (name="page", type="int", required=true, description="页数") + * @ApiParams (name="category", type="string", required=true, description="图片分类") + * @ApiParams (name="mimetype", type="string", required=true, description="图片类型") + * @ApiParams (name="admin_id", type="int", required=true, description="管理员ID") + * @ApiParams (name="user_id", type="int", required=true, description="会员ID") + * @ApiParams (name="filename", type="int", required=true, description="文件名称") + */ + public function index() + { + //设置过滤方法 + $this->request->filter(['strip_tags', 'trim']); + + $mimetypeQuery = []; + $where = []; + + $category = $this->request->request('category',null); + $mimetype = $this->request->request('mimetype',null); + $limit = $this->request->request('limit/d', 10); + + + if (isset($category) && $category == 'unclassed') { + $category = ''; + } + + + + if($category !==null){ + $where['category'] = ['=',"{$category}"]; + } + + $admin_id = $this->request->get("admin_id/s",""); + if($admin_id){ + $where['admin_id'] = ['=',"{$admin_id}"]; + } + $user_id = $this->request->get("user_id/s",""); + if($user_id){ + $where['user_id'] = ['=',"{$user_id}"]; + } + + + + $filename = $this->request->get("filename/s",""); + if($filename){ + $where['filename'] = ['like',"%{$filename}%"]; + } + + + + if (isset($mimetype) && preg_match("/(\/|\,|\*)/", $mimetype)) { + + $mimetypeQuery = function ($query) use ($mimetype) { + $mimetypeArr = array_filter(explode(',', $mimetype)); + foreach ($mimetypeArr as $index => $item) { + $query->whereOr('mimetype', 'like', '%' . str_replace("/*", "/", $item) . '%'); + } + }; + } + + + $list = $this->model->with(["user"]) + ->where($mimetypeQuery) + ->where($where) + ->whereRaw("`filename` NOT REGEXP '^[0-9A-Fa-f]{32}'") + ->order("id desc") + ->paginate($limit); +// var_dump($this->model->getLastSql()); + + foreach ($list as $row) { + $row->getRelation('user')->visible(['nickname', 'realname', 'mobile', 'avatar']); + + } + $rows = $list->items(); + + + $cdnurl = preg_replace("/\/(\w+)\.php$/i", '', $this->request->root()); + //得到当前域名 + $doman = $this->request->domain(); + foreach ($rows as $k => &$v) { +// $v['fullurl'] = ($v['storage'] == 'local' ? $cdnurl : config('upload.cdnurl')). $v['url']; +// $v['fullurl'] = cdnurl($v['url'],true); + $v['fullurl'] = ($v['storage'] == 'local' ? $doman.$v['url'] : config('upload.cdnurl').$v['url']); + + } + unset($v); + $result = array("total" => $list->total(), "rows" => $rows); + + $this->success("查询成功!",$result); + + } + + + + + /** + * 删除附件 + * + * @ApiMethod (POST) + * @ApiRoute (/adminapi/attachment/del/ids/{ids}) + * @ApiParams (name="ids", type="string", required=true, description="需要删除的附件ids") + * + */ + public function del($ids = "") + { + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $ids = $ids ? $ids : $this->request->post("ids"); + if ($ids) { + \think\Hook::add('upload_delete', function ($params) { + if ($params['storage'] == 'local') { + $attachmentFile = ROOT_PATH . '/public' . $params['url']; + if (is_file($attachmentFile)) { + @unlink($attachmentFile); + } + } + }); + $attachmentlist = $this->model->where('id', 'in', $ids)->select(); + foreach ($attachmentlist as $attachment) { + \think\Hook::listen("upload_delete", $attachment); + $attachment->delete(); + } + $this->success("删除成功!"); + } + $this->error(__('Parameter %s can not be empty', 'ids')); + } + + + + + /** + * 附件归类 + * @ApiMethod (POST) + * @ApiParams (name="category", type="string", required=true, description="分类标识") + * @ApiParams (name="ids", type="string", required=true, description="要归类的附件ids") + */ + public function classify() + { + + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $category = $this->request->post('category', ''); + $ids = $this->request->post('ids'); + if (!$ids) { + $this->error(__('Parameter %s can not be empty', 'ids')); + } + $categoryList = \app\common\model\Attachment::getCategoryList(); + if ($category && !isset($categoryList[$category])) { + $this->error(__('Category not found')); + } + $category = $category == 'unclassed' ? '' : $category; + \app\common\model\Attachment::where('id', 'in', $ids)->update(['category' => $category]); + $this->success("归档成功!"); + } + + + + +} \ No newline at end of file diff --git a/application/adminapi/controller/Profile.php b/application/adminapi/controller/Profile.php new file mode 100644 index 0000000..b4b4fc1 --- /dev/null +++ b/application/adminapi/controller/Profile.php @@ -0,0 +1,137 @@ +model = new AdminModel; + parent::_initialize(); + + + } + + /** + * 我的操作日志列表 + * + * @ApiMethod (GET) + * @ApiParams (name="limit", type="int", required=true, description="每页条数") + * @ApiParams (name="page", type="int", required=true, description="页数") + * @ApiParams (name="url", type="string", required=false, description="url") + * @ApiParams (name="title", type="string", required=false, description="日志标题") + * @ApiParams (name="content", type="string", required=false, description="日志内容") + * @ApiParams (name="ip", type="string", required=false, description="IP") + */ + public function index() + { + //设置过滤方法 + $this->request->filter(['strip_tags', 'trim']); + $this->model = new \app\adminapi\model\AdminLog(); + + $where = []; + $limit = $this->request->get("limit/d",10); + + $url = $this->request->get("url/s",""); + if($url){ + $where['url'] = ['like',"%{$url}%"]; + } + + $title = $this->request->get("title/s",""); + if($title){ + $where['title'] = ['like',"%{$title}%"]; + } + + $content = $this->request->get("content/s",""); + if($content){ + $where['content'] = ['like',"%{$content}%"]; + } + + $ip = $this->request->get("ip/s",""); + if($ip){ + $where['ip'] = ['like',"%{$ip}%"]; + } + + + $list = $this->model + ->where($where) + ->where('admin_id', $this->auth->id) + ->order("id desc") + ->paginate($limit); + + $result = array("total" => $list->total(), "rows" => $list->items()); + + $this->success("查询成功!",$result); + + } + + + + /** + * 更新管理员个人信息 + * + * @ApiMethod (POST) + * @ApiParams (name="email", type="int", required=true, description="电子邮箱") + * @ApiParams (name="password", type="int", required=true, description="登录密码") + * @ApiParams (name="nickname", type="string", required=true, description="昵称") + * @ApiParams (name="mobile", type="int", required=true, description="手机号码") + * @ApiParams (name="avatar", type="string", required=true, description="头像") + */ + public function update() + { + if ($this->request->isPost()) { + $params = $this->request->post(); + $params = array_filter(array_intersect_key( + $params, + array_flip(array('email', 'nickname', 'password', 'avatar',"mobile")) + )); + unset($v); + if (!Validate::is($params['email'], "email")) { + $this->error(__("Please input correct email")); + } + if (isset($params['password'])) { + if (!Validate::is($params['password'], "/^[\S]{6,30}$/")) { + $this->error(__("Please input correct password")); + } + $params['salt'] = Random::alnum(); + $params['password'] = md5(md5($params['password']) . $params['salt']); + } + $exist = Admin::where('email', $params['email'])->where('id', '<>', $this->auth->id)->find(); + if ($exist) { + $this->error(__("Email already exists")); + } + if ($params) { + $admin = Admin::get($this->auth->id); + $admin->save($params); + + $this->success("更新成功!"); + } + $this->error("更新失败!"); + } + return; + } + +} \ No newline at end of file diff --git a/application/adminapi/model/Admin.php b/application/adminapi/model/Admin.php index 81f336f..ffe5fd4 100644 --- a/application/adminapi/model/Admin.php +++ b/application/adminapi/model/Admin.php @@ -22,6 +22,28 @@ class Admin extends Model + + /** 通用详情(后台api版本) + * @param $params + * @param $trans + * @return $this + * @throws \Exception + */ + public function detail($id,$show_field=[],$except_field=[]){ + $row = $this->get($id); + if (!$row) { + throw new \Exception(__('No Results were found')); + } + if($show_field){ + $row->visible($show_field); + } + if($except_field){ + $row->hidden($except_field); + } + return $row; + } + + /** * 获取会员的组别 */ diff --git a/application/api/controller/school/newactivity/Order.php b/application/api/controller/school/newactivity/Order.php index c3c9c49..ff199b7 100644 --- a/application/api/controller/school/newactivity/Order.php +++ b/application/api/controller/school/newactivity/Order.php @@ -170,7 +170,7 @@ class Order extends Base $res = $this->model->confirm($user_id, $activity_id,$num,$order_no,$param, $is_compute); }catch (\Exception $e){ // Log::log($e->getMessage()); - $this->error($e->getMessage().$e->getFile().$e->getLine(),['errcode'=>$e->getCode()]); + $this->error($e->getMessage(),['errcode'=>$e->getCode()]); } $this->success('执行成功,可用缓存key下单', $res); } diff --git a/application/api/controller/school/newworker/activity/Order.php b/application/api/controller/school/newworker/activity/Order.php index 2acff21..0ded45e 100644 --- a/application/api/controller/school/newworker/activity/Order.php +++ b/application/api/controller/school/newworker/activity/Order.php @@ -157,7 +157,7 @@ class Order extends Base //当前申请状态 $res = $this->model->verification($code,0,true,'user',$user_id,true); }catch (\Throwable $e){ - $this->error($code."11111".$e->getMessage()); + $this->error($e->getMessage()); } $this->success('预约课时核销成功', $res); } diff --git a/application/common/controller/AdminApi.php b/application/common/controller/AdminApi.php index 290d334..5a2b0ac 100644 --- a/application/common/controller/AdminApi.php +++ b/application/common/controller/AdminApi.php @@ -4,6 +4,7 @@ namespace app\common\controller; use app\adminapi\library\Auth; +use app\adminapi\model\Admin; use app\common\library\Virtual; use think\Config; use think\exception\HttpResponseException; @@ -85,6 +86,18 @@ class AdminApi } + protected function getAuthMsg(){ + $check_auth_msg = Admin::checkAuthMsg($this->auth->id); + $check_auth_data = Admin::getHaveCity($this->auth->id); + return [ + 'check_auth_msg'=>$check_auth_msg, + 'check_auth_data'=>$check_auth_data + ]; + } + + + + protected $needUrlLock = []; protected function setUrlLock($url_key="",$url_suffix="",$model=null){ diff --git a/application/common/library/Upload.php b/application/common/library/Upload.php index 506bfe1..e08663c 100644 --- a/application/common/library/Upload.php +++ b/application/common/library/Upload.php @@ -406,8 +406,9 @@ class Upload $this->category_name = array_key_exists($this->category_name, config('site.attachmentcategory') ?? []) ? $this->category_name : ''; $auth = Auth::instance(); + $adminauth = \app\adminapi\library\Auth::instance(); $params = array( - 'admin_id' => (int)session('admin.id'), + 'admin_id' => (int)session('admin.id') ?: ((int)$adminauth->id ?: 0), 'user_id' => (int)$auth->id, 'filename' => mb_substr(htmlspecialchars(strip_tags($this->fileInfo['name'])), 0, 100), 'category' => $this->category_name, diff --git a/application/common/model/school/activity/Activity.php b/application/common/model/school/activity/Activity.php index e89e65d..d871bda 100644 --- a/application/common/model/school/activity/Activity.php +++ b/application/common/model/school/activity/Activity.php @@ -338,89 +338,113 @@ class Activity extends BaseModel //开始和结束时间不能为空 - $time = $params["time"]; + if(!empty($params["time"]) && !empty($params["sign_time"])){ - if(empty($time))throw new \Exception("{$params["title"]}请选择开始和结束时间".$time); - $split_line = " - "; - $time_arr = explode($split_line,$time); - $params["start_time"] = $time_arr[0] ; - $params["end_time"] = $time_arr[1]; - unset($params["time"]); + $time = $params["time"]; - $start_time = $params["start_time"]; - $end_time = $params["end_time"]; - if(empty($start_time) || empty($end_time)){ - throw new \Exception("{$params["title"]}请选择开始和结束时间".$time); - } - //转化时间戳 - $start_time = $params["start_time"] && !is_numeric($params["start_time"]) ? strtotime($params["start_time"]) : $params["start_time"]; - $end_time = $params["end_time"] && !is_numeric($params["end_time"]) ? strtotime($params["end_time"]) : $params["end_time"]; - //结束时间不能小于开始时间 - if($end_time<=$start_time){ - throw new \Exception("{$params["title"]}结束时间不能小于开始时间"); + $split_line = " - "; + $time_arr = explode($split_line,$time); + $params["start_time"] = $time_arr[0] ; + $params["end_time"] = $time_arr[1]; + unset($params["time"]); + + $start_time = $params["start_time"]; + $end_time = $params["end_time"]; + + if(empty($start_time) || empty($end_time)){ + throw new \Exception("{$params["title"]}请选择开始和结束时间".$time); + } + //转化时间戳 + $start_time = $params["start_time"] && !is_numeric($params["start_time"]) ? strtotime($params["start_time"]) : $params["start_time"]; + $end_time = $params["end_time"] && !is_numeric($params["end_time"]) ? strtotime($params["end_time"]) : $params["end_time"]; + //结束时间不能小于开始时间 + if($end_time<=$start_time){ + throw new \Exception("{$params["title"]}结束时间不能小于开始时间"); + } + + + + + + + //开始和结束时间不能为空 + $time = $params["sign_time"]; + + $split_line = " - "; + $time_arr = explode($split_line,$time); + $params["sign_start_time"] = $time_arr[0] ; + $params["sign_end_time"] = $time_arr[1]; + unset($params["sign_time"]); + + $sign_start_time = $params["sign_start_time"]; + $sign_end_time = $params["sign_end_time"]; + + if(empty($sign_start_time) || empty($sign_end_time)){ + throw new \Exception("{$params["title"]}请选择报名开始和结束时间".$time); + } + //转化时间戳 + $sign_start_time = $params["sign_start_time"] && !is_numeric($params["sign_start_time"]) ? strtotime($params["sign_start_time"]) : $params["sign_start_time"]; + $sign_end_time = $params["sign_end_time"] && !is_numeric($params["sign_end_time"]) ? strtotime($params["sign_end_time"]) : $params["sign_end_time"]; + //结束时间不能小于开始时间 + if($sign_end_time<=$sign_start_time){ + throw new \Exception("{$params["title"]}报名结束时间不能小于开始时间"); + } + + + //两个时间区间段之间不能有任何交集 $start_time $end_time ,$sign_start_time $sign_end_time + //直接判断两个时间段之间是否有交集:分几种情况:1.两个时间段有交集 2.两个时间段没有交集 3.第一个时间段在第二个时间段内 4.第二个时间段在第一个时间段内 只有情况2合理 + if(($start_time<=$sign_start_time && $sign_start_time<=$end_time) || + ($start_time<=$sign_end_time && $sign_end_time<=$end_time) || + ($sign_start_time<=$start_time && $end_time<=$sign_end_time) || + ($sign_start_time>=$start_time && $sign_end_time<=$end_time)){ + throw new \Exception("{$params["title"]}报名时间段和开始时间段有交叉请修改"); + } + + //报名时间必须早于开始时间 + if($sign_start_time>$start_time){ + throw new \Exception("{$params["title"]}报名时间必须早于开始时间"); + } + //新增时,报名时间需晚于当前时间 + $now_time = time(); + if(!$row && $now_time>$sign_start_time){ + throw new \Exception("{$params["title"]}报名时间必须是未来时间!"); + } + + + //活动开始和结束时间不能跨天 + if(date('Y-m-d',$start_time)!=date('Y-m-d',$end_time)){ + throw new \Exception("{$params["title"]}活动开始和结束时间不能跨天"); + } + + //settlement_time 最后结算时间等于活动结束时间往后延长n秒,n取配置 + $activity_end_settle = config("site.activity_end_settle") ?:0; + $params["settlement_time"] = $end_time + $activity_end_settle; + + + }else{ + if(!$row && empty($params["time"])) throw new \Exception("{$params["title"]}请选择开始和结束时间"); + if(!$row && empty($params["sign_time"])) throw new \Exception("{$params["title"]}请选择报名开始和结束时间"); + if($row){ + if(empty($params["time"])){ + $params["start_time"] = $row["start_time"]; + $params["end_time"] = $row["end_time"]; + $start_time = $params["start_time"] && !is_numeric($params["start_time"]) ? strtotime($params["start_time"]) : $params["start_time"]; + $end_time = $params["end_time"] && !is_numeric($params["end_time"]) ? strtotime($params["end_time"]) : $params["end_time"]; + } + if(empty($params["sign_time"])){ + $params["sign_start_time"] = $row["sign_start_time"]; + $params["sign_end_time"] = $row["sign_end_time"]; + $sign_start_time = $params["sign_start_time"] && !is_numeric($params["sign_start_time"]) ? strtotime($params["sign_start_time"]) : $params["sign_start_time"]; + $sign_end_time = $params["sign_end_time"] && !is_numeric($params["sign_end_time"]) ? strtotime($params["sign_end_time"]) : $params["sign_end_time"]; + } + } } - - //开始和结束时间不能为空 - $time = $params["sign_time"]; - - if(empty($time))throw new \Exception("{$params["title"]}请选择报名开始和结束时间".$time); - $split_line = " - "; - $time_arr = explode($split_line,$time); - $params["sign_start_time"] = $time_arr[0] ; - $params["sign_end_time"] = $time_arr[1]; - unset($params["sign_time"]); - - $sign_start_time = $params["sign_start_time"]; - $sign_end_time = $params["sign_end_time"]; - - if(empty($sign_start_time) || empty($sign_end_time)){ - throw new \Exception("{$params["title"]}请选择报名开始和结束时间".$time); - } - //转化时间戳 - $sign_start_time = $params["sign_start_time"] && !is_numeric($params["sign_start_time"]) ? strtotime($params["sign_start_time"]) : $params["sign_start_time"]; - $sign_end_time = $params["sign_end_time"] && !is_numeric($params["sign_end_time"]) ? strtotime($params["sign_end_time"]) : $params["sign_end_time"]; - //结束时间不能小于开始时间 - if($sign_end_time<=$sign_start_time){ - throw new \Exception("{$params["title"]}报名结束时间不能小于开始时间"); - } - - - //两个时间区间段之间不能有任何交集 $start_time $end_time ,$sign_start_time $sign_end_time - //直接判断两个时间段之间是否有交集:分几种情况:1.两个时间段有交集 2.两个时间段没有交集 3.第一个时间段在第二个时间段内 4.第二个时间段在第一个时间段内 只有情况2合理 - if(($start_time<=$sign_start_time && $sign_start_time<=$end_time) || - ($start_time<=$sign_end_time && $sign_end_time<=$end_time) || - ($sign_start_time<=$start_time && $end_time<=$sign_end_time) || - ($sign_start_time>=$start_time && $sign_end_time<=$end_time)){ - throw new \Exception("{$params["title"]}报名时间段和开始时间段有交叉请修改"); - } - - //报名时间必须早于开始时间 - if($sign_start_time>$start_time){ - throw new \Exception("{$params["title"]}报名时间必须早于开始时间"); - } - //新增时,报名时间需晚于当前时间 - $now_time = time(); - if(!$row && $now_time>$sign_start_time){ - throw new \Exception("{$params["title"]}报名时间必须是未来时间!"); - } - - - //活动开始和结束时间不能跨天 - if(date('Y-m-d',$start_time)!=date('Y-m-d',$end_time)){ - throw new \Exception("{$params["title"]}活动开始和结束时间不能跨天"); - } - - - //settlement_time 最后结算时间等于活动结束时间往后延长n秒,n取配置 - $activity_end_settle = config("site.activity_end_settle") ?:0; - $params["settlement_time"] = $end_time + $activity_end_settle; - $rule = [ 'user_id'=>'require', 'title'=>'require', @@ -991,6 +1015,26 @@ class Activity extends BaseModel //退款政策 $self['refund_info'] = Refund::where("id",$self["refund_id"])->find(); + //只退百分之50的起始时间点 + $return_50 = 0; + if($self['refund_info']){ + switch ($self['refund_info']['status']){ + case "7" : //前12小时退 + $return_50 = $self["start_time"] - 12*3600; + break; + case "9" : //前24小时退 + $return_50 = $self["start_time"] - 24*3600; + break; + case "11" : //前48小时退 + $return_50 = $self["start_time"] - 48*3600; + break; + + } + + + } + $self["return_50"] = $return_50; + $self["last_time"] = $self["end_time"] + config("site.activity_end_sales"); return $self; } diff --git a/application/common/model/school/activity/order/Order.php b/application/common/model/school/activity/order/Order.php index 4ff1ea6..03ee36e 100644 --- a/application/common/model/school/activity/order/Order.php +++ b/application/common/model/school/activity/order/Order.php @@ -976,7 +976,7 @@ class Order extends BaseModel if ($trans) { self::rollbackTrans(); } - throw new \Exception($e->getMessage().$e->getFile() . $e->getLine()); + throw new \Exception($e->getMessage()); } return self::showInfo($order_no); } diff --git a/application/common/model/school/activity/order/OrderCode.php b/application/common/model/school/activity/order/OrderCode.php index 9240f42..8d4f253 100644 --- a/application/common/model/school/activity/order/OrderCode.php +++ b/application/common/model/school/activity/order/OrderCode.php @@ -139,7 +139,7 @@ class OrderCode extends BaseModel (new Activity)->update_classes($order["activity_id"]); $activity = $order->activity; if(!$activity)throw new \Exception("活动异常!"); - if($activity["status"] != "4")throw new \Exception("当前活动还不能核销!可能未到时间!"); + if(!in_array($activity["status"],["2","3","4"]))throw new \Exception("当前活动还不能核销!可能未到时间!"); return $ordercode; }