diff --git a/application/admin/controller/school/activity/Activity.php b/application/admin/controller/school/activity/Activity.php index 37e7ab5..86af1c3 100644 --- a/application/admin/controller/school/activity/Activity.php +++ b/application/admin/controller/school/activity/Activity.php @@ -280,13 +280,13 @@ class Activity extends Backend $this->update_classes($row["id"],$params); $row = $this->model->get($row[ "id" ]); - if($auth_success === 1){ + if($auth_success == "1"){ //审核通过 //调用事件 $data = ['activity' => $row,"user_id"=>$row["user_id"],"oper_type"=>"admin","oper_id"=>$this->auth->id]; \think\Hook::listen('new_activity_auth_success_after', $data); - }elseif($auth_success === 2){ + }elseif($auth_success == "2"){ //审核不通过 //审核通过 //调用事件 diff --git a/application/adminapi/controller/Group.php b/application/adminapi/controller/Group.php index 9cabb29..3d6196d 100644 --- a/application/adminapi/controller/Group.php +++ b/application/adminapi/controller/Group.php @@ -24,7 +24,7 @@ class Group extends AdminApi protected $model = null; //无需要权限判断的方法 - protected $noNeedRight = ['roletree']; +// protected $noNeedRight = ['roletree']; //当前登录管理员所有子组别 protected $childrenGroupIds = []; //当前组别列表数据 @@ -93,13 +93,132 @@ class Group extends AdminApi /** - * 添加 + * 查看详情 + * + * @ApiMethod (GET) + * @ApiParams (name="id", type="string", required=true, description="规则组ID") + */ + public function detail() + { + $admin_id = $this->auth->id; + $id = $this->request->get('id/d'); + + try{ + $menulist = $this->model->detail($id,$show_field=[],$except_field=[]); + } catch (\Exception $e) { + $this->error($e->getMessage()); + } + + + + $this->success('查询成功', $menulist); + } + + + + + /** + * 读取角色权限树 + * + * @ApiMethod (POST) + * @ApiParams (name="id", type="string", required=true, description="要查询的规则组ID") + * @ApiParams (name="pid", type="string", required=true, description="规则组父ID") + */ + public function roletree() + { + $this->loadlang('auth/group'); + + $model = (new AuthGroup); + $id = $this->request->post("id"); + $pid = $this->request->post("pid"); + $parentGroupModel = $model->get($pid); + $currentGroupModel = null; + if ($id) { + $currentGroupModel = $model->get($id); + } + if (($pid || $parentGroupModel) && (!$id || $currentGroupModel)) { + $id = $id ? $id : null; + $ruleList = collection((new AuthRule())->order('weigh', 'desc')->order('id', 'asc')->select())->toArray(); + //读取父类角色所有节点列表 + $parentRuleList = []; + if (in_array('*', explode(',', $parentGroupModel->rules))) { + $parentRuleList = $ruleList; + } else { + $parentRuleIds = explode(',', $parentGroupModel->rules); + foreach ($ruleList as $k => $v) { + if (in_array($v['id'], $parentRuleIds)) { + $parentRuleList[] = $v; + } + } + } + + $ruleTree = new Tree(); + $groupTree = new Tree(); + //当前所有正常规则列表 + $ruleTree->init($parentRuleList); + //角色组列表 + $groupTree->init(collection((new AuthGroup)->where('id', 'in', $this->childrenGroupIds)->select())->toArray()); + + //读取当前角色下规则ID集合 + $adminRuleIds = $this->auth->getRuleIds(); + //是否是超级管理员 + $superadmin = $this->auth->isSuperAdmin(); + //当前拥有的规则ID集合 + $currentRuleIds = $id ? explode(',', $currentGroupModel->rules) : []; + + if (!$id || !in_array($pid, $this->childrenGroupIds) || !in_array($pid, $groupTree->getChildrenIds($id, true))) { + $parentRuleList = $ruleTree->getTreeList($ruleTree->getTreeArray(0), 'name'); + $hasChildrens = []; + foreach ($parentRuleList as $k => $v) { + if ($v['haschild']) { + $hasChildrens[] = $v['id']; + } + } + $parentRuleIds = array_map(function ($item) { + return $item['id']; + }, $parentRuleList); + $nodeList = []; + foreach ($parentRuleList as $k => $v) { + if (!$superadmin && !in_array($v['id'], $adminRuleIds)) { + continue; + } + if ($v['pid'] && !in_array($v['pid'], $parentRuleIds)) { + continue; + } + $state = array('selected' => in_array($v['id'], $currentRuleIds) && !in_array($v['id'], $hasChildrens)); + $nodeList[] = array('id' => $v['id'], 'parent' => $v['pid'] ? $v['pid'] : '#', 'text' => __($v['title']), 'type' => 'menu', 'state' => $state); + } + $this->success('', $nodeList); + } else { + $this->error(__('Can not change the parent to child')); + } + } else { + $this->error(__('Group not found')); + } + } + + + + + /** + * 添加api权限组 + * + * @ApiMethod (POST) + * @ApiParams (name="rules", type="string", required=true, description="权限组ids") + * @ApiParams (name="pid", type="int", required=true, description="父权限组id") + * @ApiParams (name="name", type="string", required=true, description="权限组名") + * @ApiParams (name="status", type="string", required=true, description="权限组状态:normal=正常 ,hidden=隐藏") + * */ public function add() { if ($this->request->isPost()) { - $this->token(); - $params = $this->request->post(); +// $this->token(); + $params =[]; + $params["rules"] = $this->request->post("rules/s"); + $params["pid"] = $this->request->post("pid/d"); + $params["name"] = $this->request->post("name/s"); + $params["status"] = $this->request->post("status/s"); foreach ($params as $k => &$v){ $params[$k] = strip_tags($v); } @@ -131,4 +250,143 @@ class Group extends AdminApi } + + + + /** + * 编辑api权限组 + * + * @ApiMethod (POST) + * @ApiRoute (/adminapi/group/edit/ids/{ids}) + * @ApiParams (name="ids", type="string", required=true, description="需要编辑的ids") + * @ApiParams (name="rules", type="string", required=true, description="权限组ids") + * @ApiParams (name="pid", type="int", required=true, description="父权限组id") + * @ApiParams (name="name", type="string", required=true, description="权限组名") + * @ApiParams (name="status", type="string", required=true, description="权限组状态:normal=正常 ,hidden=隐藏") + * + */ + public function edit($ids = null) + { + if (!in_array($ids, $this->childrenGroupIds)) { + $this->error(__('You have no permission')); + } + $row = $this->model->get(['id' => $ids]); + if (!$row) { + $this->error(__('No Results were found')); + } + if ($this->request->isPost()) { +// $this->token(); +// $params = $this->request->post("row/a", [], 'strip_tags'); + + $params =[]; + $params["rules"] = $this->request->post("rules/s"); + $params["pid"] = $this->request->post("pid/d"); + $params["name"] = $this->request->post("name/s"); + $params["status"] = $this->request->post("status/s"); + + + //父节点不能是非权限内节点 + if (!in_array($params['pid'], $this->childrenGroupIds)) { + $this->error(__('The parent group exceeds permission limit')); + } + // 父节点不能是它自身的子节点或自己本身 + if (in_array($params['pid'], Tree::instance()->getChildrenIds($row->id, true))) { + $this->error(__('The parent group can not be its own child or itself')); + } + $params['rules'] = explode(',', $params['rules']); + + $parentmodel = (new AuthGroup)->get($params['pid']); + if (!$parentmodel) { + $this->error(__('The parent group can not found')); + } + // 父级别的规则节点 + $parentrules = explode(',', $parentmodel->rules); + // 当前组别的规则节点 + $currentrules = $this->auth->getRuleIds(); + $rules = $params['rules']; + // 如果父组不是超级管理员则需要过滤规则节点,不能超过父组别的权限 + $rules = in_array('*', $parentrules) ? $rules : array_intersect($parentrules, $rules); + // 如果当前组别不是超级管理员则需要过滤规则节点,不能超当前组别的权限 + $rules = in_array('*', $currentrules) ? $rules : array_intersect($currentrules, $rules); + $params['rules'] = implode(',', $rules); + if ($params) { + Db::startTrans(); + try { + $row->save($params); + $children_auth_groups = (new AuthGroup)->all(['id' => ['in', implode(',', (Tree::instance()->getChildrenIds($row->id)))]]); + $childparams = []; + foreach ($children_auth_groups as $key => $children_auth_group) { + $childparams[$key]['id'] = $children_auth_group->id; + $childparams[$key]['rules'] = implode(',', array_intersect(explode(',', $children_auth_group->rules), $rules)); + } + (new AuthGroup)->saveAll($childparams); + Db::commit(); + $this->success(); + } catch (Exception $e) { + Db::rollback(); + $this->error($e->getMessage()); + } + } + $this->error(); + return; + } + $this->view->assign("row", $row); + return $this->view->fetch(); + } + + + + + /** + * 删除api权限组 + * + * @ApiMethod (POST) + * @ApiRoute (/adminapi/group/del/ids/{ids}) + * @ApiParams (name="ids", type="string", required=true, description="需要删除的权限组ids") + * + */ + public function del($ids = "") + { + if (!$this->request->isPost()) { + $this->error(__("Invalid parameters")); + } + $ids = $ids ? $ids : $this->request->post("ids"); + if ($ids) { + $ids = explode(',', $ids); + $grouplist = $this->auth->getGroups(); + $group_ids = array_map(function ($group) { + return $group['id']; + }, $grouplist); + // 移除掉当前管理员所在组别 + $ids = array_diff($ids, $group_ids); + + // 循环判断每一个组别是否可删除 + $grouplist = $this->model->where('id', 'in', $ids)->select(); + $groupaccessmodel = new AuthGroupAccess(); + foreach ($grouplist as $k => $v) { + // 当前组别下有管理员 + $groupone = $groupaccessmodel->get(['group_id' => $v['id']]); + if ($groupone) { + $ids = array_diff($ids, [$v['id']]); + continue; + } + // 当前组别下有子组别 + $groupone = $this->model->get(['pid' => $v['id']]); + if ($groupone) { + $ids = array_diff($ids, [$v['id']]); + continue; + } + } + if (!$ids) { + $this->error(__('You can not delete group that contain child group and administrators')); + } + $count = $this->model->where('id', 'in', $ids)->delete(); + if ($count) { + $this->success(); + } + } + $this->error(); + } + + } \ No newline at end of file diff --git a/application/adminapi/library/Auth.php b/application/adminapi/library/Auth.php index eee4fd3..5fc7ff6 100644 --- a/application/adminapi/library/Auth.php +++ b/application/adminapi/library/Auth.php @@ -472,18 +472,15 @@ class Auth */ public function check($path = null, $module = null) { - if (!$this->_logined) { return false; } - $ruleList = $this->getRuleList(); - - $rules = []; foreach ($ruleList as $k => $v) { $rules[] = $v['name']; } +// var_dump($path,$rules,in_array($path, $rules)); // var_dump($rules); // $url = ($module ? $module : request()->module()) . '/' . (is_null($path) ? $this->getRequestUri() : $path); $url = (is_null($path) ? $this->getRequestUri() : $path); diff --git a/application/adminapi/model/AuthGroup.php b/application/adminapi/model/AuthGroup.php index 249d595..168193a 100644 --- a/application/adminapi/model/AuthGroup.php +++ b/application/adminapi/model/AuthGroup.php @@ -2,9 +2,10 @@ namespace app\adminapi\model; +use app\common\model\BaseModel; use think\Model; -class AuthGroup extends Model +class AuthGroup extends BaseModel { protected $name = 'api_auth_group'; @@ -19,4 +20,27 @@ class AuthGroup extends Model return __($value); } + + + /** 通用详情(后台api版本) + * @param $params + * @param $trans + * @return $this + * @throws \Exception + */ + public function detail($id,$show_field=[],$except_field=[]){ + $row = $this->get($id); + if (!$row) { + throw new \Exception(__('No Results were found')); + } + if($show_field){ + $row->visible($show_field); + } + if($except_field){ + $row->hidden($except_field); + } + return $row; + } + + } diff --git a/application/api/controller/User.php b/application/api/controller/User.php index e7d6f7b..9c24e87 100644 --- a/application/api/controller/User.php +++ b/application/api/controller/User.php @@ -189,8 +189,8 @@ class User extends Api 'user_info'=>$this->auth->getUserinfo() ]; //是否有核销按钮展示权 - $data['have_auth'] = \app\common\model\User::verificationAuth($this->auth->id); - $data['have_teacher'] = \app\common\model\User::teacherAuth($this->auth->id); +// $data['have_auth'] = \app\common\model\User::verificationAuth($this->auth->id); +// $data['have_teacher'] = \app\common\model\User::teacherAuth($this->auth->id); //机构认证信息 $data['shop_auth_info'] = ManystoreShop::getAuthInfo($this->auth->id); diff --git a/application/api/controller/school/newworker/activity/Order.php b/application/api/controller/school/newworker/activity/Order.php index 1cf7586..2acff21 100644 --- a/application/api/controller/school/newworker/activity/Order.php +++ b/application/api/controller/school/newworker/activity/Order.php @@ -151,11 +151,13 @@ class Order extends Base $user = $this->auth->getUser();//登录用户 if($user)$user_id = $user['id']; $code = $this->request->post('code/s', ''); //订单号 + +// var_dump($code); try{ //当前申请状态 $res = $this->model->verification($code,0,true,'user',$user_id,true); }catch (\Throwable $e){ - $this->error($e->getMessage()); + $this->error($code."11111".$e->getMessage()); } $this->success('预约课时核销成功', $res); } diff --git a/application/common/controller/AdminApi.php b/application/common/controller/AdminApi.php index 8295574..290d334 100644 --- a/application/common/controller/AdminApi.php +++ b/application/common/controller/AdminApi.php @@ -150,6 +150,8 @@ class AdminApi if (!$this->auth->match($this->noNeedRight)) { // 判断控制器和方法判断是否有对应权限 if (!$this->auth->check($path)) { +// var_dump($path); + $this->error(__('You have no permission'), null, 403); } } diff --git a/application/common/model/dyqc/ManystoreShop.php b/application/common/model/dyqc/ManystoreShop.php index c687ce4..6a47247 100644 --- a/application/common/model/dyqc/ManystoreShop.php +++ b/application/common/model/dyqc/ManystoreShop.php @@ -897,18 +897,18 @@ public static function getAuthInfo($user_id){ $verification_shop_id = 0; //可核销机构 $join_number = self::getJoinNumber(); try{ - $verification_shop_id = ClassesLib::checkOptionAuth(0,$user_id,"user"); + $verification_shop_id = Activity::checkOptionAuth(0,$user_id,"user"); }catch (\Exception $e){ } - $verification_classes_lib_ids = (new ClassesLib)->getClassesAuthIds($user_id); +// $verification_classes_lib_ids = (new ClassesLib)->getClassesAuthIds($user_id); $verification_classes_activity_ids = (new Activity())->getActivityAuthIds($user_id); //如果没有任何可管理的classes_lib_id 则返回错误 - if(!$verification_classes_lib_ids && !$verification_shop_id && !$verification_classes_activity_ids){ + if( !$verification_shop_id && !$verification_classes_activity_ids){ $verification = false; } - $verification_auth = compact("join_number","verification","verification_shop_id","verification_classes_lib_ids","verification_classes_activity_ids"); + $verification_auth = compact("join_number","verification","verification_shop_id","verification_classes_activity_ids"); diff --git a/application/common/model/school/activity/order/Order.php b/application/common/model/school/activity/order/Order.php index 2e8cb63..4ff1ea6 100644 --- a/application/common/model/school/activity/order/Order.php +++ b/application/common/model/school/activity/order/Order.php @@ -486,7 +486,12 @@ class Order extends BaseModel } $data['classes_cate'] = $classes_cate; - + //统计核销信息 + $verification = [ + 'have_number'=>OrderCode::where("activity_order_id",$data["id"])->where("status",'6')->count(), + 'total_number'=>$data["num"], + ]; + $data['verification'] = $verification; return $data; diff --git a/application/common/model/school/activity/order/OrderCode.php b/application/common/model/school/activity/order/OrderCode.php index b0165f2..9240f42 100644 --- a/application/common/model/school/activity/order/OrderCode.php +++ b/application/common/model/school/activity/order/OrderCode.php @@ -43,6 +43,21 @@ class OrderCode extends BaseModel } + public function getMiniurlAttr($value, $data) + { + $code = (isset($data['code']) ? $data['code'] : ''); + $activity_order_id = (isset($data['activity_order_id']) ? $data['activity_order_id'] : ''); + + + + if (!$activity_order_id || !$code){ + return $value; + }else{ + return $value . "?id={$activity_order_id}&code={$code}"; + } + } + + public function getStatusList() { @@ -186,9 +201,9 @@ class OrderCode extends BaseModel if($check){ //用户操作权限检测 Order::checkOptionAuth($order['id'],$user_id ?: $oper_id,$oper_type,false,true); - if($detail["user_id"] != $user_id){ - throw new \Exception("当前用户不是核销员!"); - } +// if($detail["user_id"] != $user_id){ +// throw new \Exception("当前用户不是核销员!"); +// } } //判断逻辑 diff --git a/public/assets/js/backend/school/activity/order/order.js b/public/assets/js/backend/school/activity/order/order.js index 98ae6d9..1cb5790 100644 --- a/public/assets/js/backend/school/activity/order/order.js +++ b/public/assets/js/backend/school/activity/order/order.js @@ -105,7 +105,7 @@ define(['jquery', 'bootstrap', 'backend', 'csmtable', 'form'], function ($, unde }, visible: function (row) { //只有付费订单有售后 - return (row.status == '2' || row.status == '3') && row.detail.feel == '0'; + return (row.status == '2' || row.status == '3'|| row.status == '9') && row.detail.feel == '0'; } },