blackteay/ApiAdmin
1
0
Fork 0
mirror of https://gitee.com/apiadmin/ApiAdmin.git synced 2025-10-13 19:12:12 +08:00
Code Issues Projects Releases Wiki Activity

修改:超级管理用户不能被其他权限用户随意拉黑、修改以及删除

Browse Source
This commit is contained in:
ccbox 2018-08-26 02:02:11 +08:00
parent c693810513
commit 34d7dbc81f
3 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
application/admin/controller/User.php
View File

@ -162,6 +162,18 @@ class User extends Base {
*/
public function changeStatus() {
$id = $this->request->get('id');
$isSupper = Tools::isAdministrator($id);
if ($isSupper && $this->userInfo['id']>1) {
$header = config('apiAdmin.CROSS_DOMAIN');
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,不能修改管理员状态!', 'data' => []];
return json($data, 200, $header);
}
if($id<2){
return $this->buildFailed(ReturnCode::DELETE_FAILED, '非常抱歉,不能修改超级管理员状态!');
}
$status = $this->request->get('status');
$res = AdminUser::update([
'id' => $id,
@ -192,6 +204,14 @@ class User extends Base {
if ($postData['groupId']) {
$groups = trim(implode(',', $postData['groupId']), ',');
}
$isSupper = Tools::isAdministrator($postData['id']);
if ($isSupper && $this->userInfo['id']>1) {
$header = config('apiAdmin.CROSS_DOMAIN');
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,只有超级管理员才能修改管理员信息!', 'data' => []];
return json($data, 200, $header);
}
$postData['updateTime'] = time();
unset($postData['groupId']);
$res = AdminUser::update($postData);
@ -259,6 +279,17 @@ class User extends Base {
*/
public function del() {
$id = $this->request->get('id');
$isSupper = Tools::isAdministrator($id);
if ($isSupper && $this->userInfo['id']>1) {
$header = config('apiAdmin.CROSS_DOMAIN');
$data = ['code' => ReturnCode::INVALID, 'msg' => '非常抱歉,只有超级管理员才能删除管理员!', 'data' => []];
return json($data, 200, $header);
}
if($id<2){
return $this->buildFailed(ReturnCode::DELETE_FAILED, '超级管理员不能被删除!');
}
if (!$id) {
return $this->buildFailed(ReturnCode::EMPTY_PARAMS, '缺少必要参数');
}

12
application/wiki/view/index/detail.html
View File

@ -12,6 +12,18 @@
<body>
<br />
<div class="ui container">
<div class="ui floating message">
<h1 class="ui header">{:config('apiAdmin.APP_NAME')} - 接口文档</h1>
<a href="{:url('/wiki/errorCode')}">
<button class="ui red button" style="margin-top: 15px">错误码说明</button>
</a>
<a href="{:url('/wiki/calculation')}">
<button class="ui orange button" style="margin-top: 15px">算法详解</button>
</a>
<a href="{:url('/wiki/index')}">
<button class="ui green button" style="margin-top: 15px">返回接口文档</button>
</a>
</div>
<div class="ui segment">
<div class="ui items">
<div class="item">

2
public/.htaccess
View File

@ -4,5 +4,5 @@
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [QSA,PT,L]
RewriteRule ^(.*)$ index.php?/$1 [QSA,PT,L]
</IfModule>