mojiahui/dafuweng-saiadmin6.x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.所有接口需要根据agent_id绑定渠道

Browse Source 
2.移除所有记录页面的更新按钮,只能查看数据
3.将所有软删除修改为硬删除
This commit is contained in:
zhenhui
2026-05-19 12:04:34 +08:00
parent b089f302de
commit 1f25280dfd
30 changed files with 325 additions and 592 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/app/api/controller/v1/AuthTokenController.php
View File

@@ -6,6 +6,7 @@ namespace app\api\controller\v1;
use app\api\cache\AuthTokenCache;
use app\api\controller\BaseController;
use app\api\util\ReturnCode;
use plugin\saiadmin\app\model\system\SystemUser;
use support\Request;
use support\Response;
use Tinywan\Jwt\JwtToken;
@@ -54,6 +55,14 @@ class AuthTokenController extends BaseController
return $this->fail('Signature verification failed', ReturnCode::FORBIDDEN);
}
$agent = SystemUser::where('agent_id', $agentId)->find();
if (!$agent || (int) ($agent->status ?? 0) !== 1) {
return $this->fail('Invalid agent_id', ReturnCode::FORBIDDEN);
}
if (empty($agent->dept_id) || (int) $agent->dept_id <= 0) {
return $this->fail('Agent channel is not configured', ReturnCode::FORBIDDEN);
}
$exp = (int) config('api.auth_token_exp', 86400);
$tokenResult = JwtToken::generateToken([
'id' => 0,

86
server/app/api/controller/v1/GameController.php
View File

@@ -7,7 +7,6 @@ use app\api\logic\UserLogic;
use app\api\util\ReturnCode;
use app\dice\model\game\DiceGame;
use app\dice\model\player\DicePlayer;
use plugin\saiadmin\app\model\system\SystemUser;
use app\dice\model\play_record\DicePlayRecord;
use app\dice\model\player_wallet_record\DicePlayerWalletRecord;
use app\dice\model\player_ticket_record\DicePlayerTicketRecord;
@@ -60,7 +59,7 @@ class GameController extends BaseController
public function getGameList(Request $request): Response
{
$lang = $this->resolveLang($request->post('lang', 'zh'));
$games = $this->buildPublicGameList($lang);
$games = $this->buildPublicGameList($lang, $this->agentDeptId($request));
return $this->success([
'game_list' => $games,
]);
@@ -73,7 +72,7 @@ class GameController extends BaseController
public function getGameHall(Request $request): Response
{
$lang = $this->resolveLang($request->post('lang', 'zh'));
$games = $this->buildPublicGameList($lang);
$games = $this->buildPublicGameList($lang, $this->agentDeptId($request));
$hallUrl = '';
if (!empty($games)) {
$hallUrl = $games[0]['hall_url'] ?? '';
@@ -106,23 +105,16 @@ class GameController extends BaseController
$time = (string) time();
}
$adminId = null;
$adminIdsInTopDept = null;
$agentId = trim((string) ($request->agent_id ?? ''));
if ($agentId !== '') {
$systemUser = SystemUser::where('agent_id', $agentId)->find();
if ($systemUser) {
$adminId = (int) $systemUser->id;
$adminIdsInTopDept = UserLogic::getAdminIdsByAgentIdTopDept($agentId);
}
}
$deptId = $this->agentDeptId($request);
$adminId = $this->agentAdminId($request);
$adminIdsInTopDept = UserLogic::getAdminIdsByAgentIdTopDept(trim((string) ($request->agent_id ?? '')));
$lang = trim((string) ($request->post('lang', 'zh')));
$lang = in_array($lang, ['en', 'zh'], true) ? $lang : 'zh';
try {
$logic = new UserLogic();
$result = $logic->loginByUsername($username, $password, $lang, 0.0, $time, $adminId, $adminIdsInTopDept);
$result = $logic->loginByUsername($username, $password, $lang, 0.0, $time, $adminId, $adminIdsInTopDept, $deptId);
} catch (\plugin\saiadmin\exception\ApiException $e) {
return $this->fail($e->getMessage(), ReturnCode::PARAMS_ERROR);
}
@@ -145,24 +137,25 @@ class GameController extends BaseController
{
$usernameRaw = $request->input('username', '');
$username = is_string($usernameRaw) ? trim($usernameRaw) : '';
$deptId = $this->agentDeptId($request);
if ($username === '') {
return $this->fail('username is required', ReturnCode::PARAMS_ERROR);
}
$cached = UserCache::getPlayerInfoSnapshotByUsername($username);
$cached = UserCache::getPlayerInfoSnapshotByUsername($this->scopedUsername($deptId, $username));
if ($cached !== null) {
return $this->success($cached);
}
$player = DicePlayer::field(self::PLAYER_INFO_DB_FIELDS)->where('username', $username)->find();
$player = DicePlayer::field(self::PLAYER_INFO_DB_FIELDS)->where('username', $username)->where('dept_id', $deptId)->find();
if (!$player) {
return $this->fail('User not found', ReturnCode::NOT_FOUND);
return $this->fail('User not found', ReturnCode::PARAMS_ERROR);
}
$hidden = ['password', 'lottery_config_id', 't1_weight', 't2_weight', 't3_weight', 't4_weight', 't5_weight', 'delete_time'];
$info = $player->hidden($hidden)->toArray();
UserCache::setPlayerInfoSnapshotByUsername($username, $info);
UserCache::setPlayerInfoSnapshotByUsername($this->scopedUsername($deptId, $username), $info);
return $this->success($info);
}
@@ -276,6 +269,7 @@ class GameController extends BaseController
public function getPlayerGameRecord(Request $request): Response
{
$username = trim((string) ($request->post('username', '')));
$deptId = $this->agentDeptId($request);
$startCreateTime = trim((string) ($request->post('start_create_time', '')));
$endCreateTime = trim((string) ($request->post('end_create_time', '')));
$window = $this->resolvePullRecordTimeWindow($startCreateTime, $endCreateTime);
@@ -284,10 +278,10 @@ class GameController extends BaseController
}
$limit = $this->resolvePullRecordLimit($request);
$query = DicePlayRecord::order('id', 'desc');
$query = DicePlayRecord::where('dept_id', $deptId)->order('id', 'desc');
if ($username !== '') {
$player = DicePlayer::where('username', $username)->find();
$player = $this->findPlayerByUsername($username, $deptId);
if (!$player) {
return $this->success([]);
}
@@ -300,7 +294,7 @@ class GameController extends BaseController
$list = $query->limit($limit)->select()->toArray();
$playerIds = array_unique(array_column($list, 'player_id'));
if (!empty($playerIds)) {
$players = DicePlayer::whereIn('id', $playerIds)->field('id,username,phone')->select()->toArray();
$players = DicePlayer::whereIn('id', $playerIds)->where('dept_id', $deptId)->field('id,username,phone')->select()->toArray();
$playerMap = [];
foreach ($players as $p) {
$playerMap[(int) ($p['id'] ?? 0)] = $p;
@@ -321,6 +315,7 @@ class GameController extends BaseController
public function getPlayerWalletRecord(Request $request): Response
{
$username = trim((string) ($request->post('username', '')));
$deptId = $this->agentDeptId($request);
$startCreateTime = trim((string) ($request->post('start_create_time', '')));
$endCreateTime = trim((string) ($request->post('end_create_time', '')));
$window = $this->resolvePullRecordTimeWindow($startCreateTime, $endCreateTime);
@@ -329,10 +324,10 @@ class GameController extends BaseController
}
$limit = $this->resolvePullRecordLimit($request);
$query = DicePlayerWalletRecord::order('id', 'desc');
$query = DicePlayerWalletRecord::where('dept_id', $deptId)->order('id', 'desc');
if ($username !== '') {
$player = DicePlayer::where('username', $username)->find();
$player = $this->findPlayerByUsername($username, $deptId);
if (!$player) {
return $this->success([]);
}
@@ -357,6 +352,7 @@ class GameController extends BaseController
public function getPlayerTicketRecord(Request $request): Response
{
$username = trim((string) ($request->post('username', '')));
$deptId = $this->agentDeptId($request);
$startCreateTime = trim((string) ($request->post('start_create_time', '')));
$endCreateTime = trim((string) ($request->post('end_create_time', '')));
$window = $this->resolvePullRecordTimeWindow($startCreateTime, $endCreateTime);
@@ -365,10 +361,10 @@ class GameController extends BaseController
}
$limit = $this->resolvePullRecordLimit($request);
$query = DicePlayerTicketRecord::order('id', 'desc');
$query = DicePlayerTicketRecord::where('dept_id', $deptId)->order('id', 'desc');
if ($username !== '') {
$player = DicePlayer::where('username', $username)->find();
$player = $this->findPlayerByUsername($username, $deptId);
if (!$player) {
return $this->success([]);
}
@@ -394,6 +390,7 @@ class GameController extends BaseController
public function setPlayerWallet(Request $request): Response
{
$username = trim((string) ($request->post('username', '')));
$deptId = $this->agentDeptId($request);
$coin = $request->post('coin');
if ($username === '') {
@@ -408,9 +405,9 @@ class GameController extends BaseController
return $this->fail('coin cannot be 0', ReturnCode::PARAMS_ERROR);
}
$player = DicePlayer::where('username', $username)->find();
$player = $this->findPlayerByUsername($username, $deptId);
if (!$player) {
return $this->fail('User not found', ReturnCode::NOT_FOUND);
return $this->fail('User not found', ReturnCode::PARAMS_ERROR);
}
$walletBefore = (float) ($player->coin ?? 0);
@@ -430,6 +427,7 @@ class GameController extends BaseController
$adminId = ($player->admin_id ?? null) ? (int) $player->admin_id : null;
$record = DicePlayerWalletRecord::create([
'dept_id' => $deptId,
'player_id' => (int) $player->id,
'admin_id' => $adminId,
'coin' => $coinVal,
@@ -452,6 +450,7 @@ class GameController extends BaseController
UserCache::deleteUser($player->id);
if ($player->username !== '') {
UserCache::deletePlayerByUsername($player->username);
UserCache::deletePlayerByUsername($this->scopedUsername($deptId, (string) $player->username));
}
$recordArr = $record->toArray();
@@ -471,13 +470,14 @@ class GameController extends BaseController
return $langValue;
}
private function buildPublicGameList(string $lang): array
private function buildPublicGameList(string $lang, int $deptId): array
{
$rows = DiceGame::where('status', 1)
->orderBy('sort', 'asc')
->orderBy('id', 'asc')
->select(array_merge(self::GAME_PUBLIC_FIELDS, ['game_name', 'game_name_en']))
->get()
->where('dept_id', $deptId)
->order('sort', 'asc')
->order('id', 'asc')
->field(array_merge(self::GAME_PUBLIC_FIELDS, ['game_name', 'game_name_en']))
->select()
->toArray();
if (empty($rows)) {
return [];
@@ -495,4 +495,26 @@ class GameController extends BaseController
}
return $games;
}
private function agentDeptId(Request $request): int
{
return (int) ($request->agent_dept_id ?? 0);
}
private function agentAdminId(Request $request): ?int
{
$adminId = (int) ($request->agent_admin_id ?? 0);
return $adminId > 0 ? $adminId : null;
}
private function scopedUsername(int $deptId, string $username): string
{
return $deptId . ':' . $username;
}
private function findPlayerByUsername(string $username, int $deptId): ?DicePlayer
{
$player = DicePlayer::where('username', $username)->where('dept_id', $deptId)->find();
return $player ?: null;
}
}

11
server/app/api/logic/UserLogic.php
View File

@@ -76,7 +76,7 @@ class UserLogic
* @param int|null $adminId 创建新用户时关联的后台管理员IDsa_system_user.id可选
* @param int[]|null $adminIdsInTopDept 当前管理员顶级部门下的所有管理员ID用于按部门范围查找玩家为空时退化为仅按 username 查找
*/
public function loginByUsername(string $username, string $password, string $lang, float $coin, string $time, ?int $adminId = null, ?array $adminIdsInTopDept = null): array
public function loginByUsername(string $username, string $password, string $lang, float $coin, string $time, ?int $adminId = null, ?array $adminIdsInTopDept = null, ?int $deptId = null): array
{
$username = trim($username);
if ($username === '') {
@@ -84,6 +84,9 @@ class UserLogic
}
$query = DicePlayer::where('username', $username);
if ($deptId !== null && $deptId > 0) {
$query->where('dept_id', $deptId);
}
if ($adminIdsInTopDept !== null && !empty($adminIdsInTopDept)) {
$query->whereIn('admin_id', $adminIdsInTopDept);
}
@@ -106,10 +109,13 @@ class UserLogic
$player->password = $this->hashPassword($password);
$player->status = self::STATUS_NORMAL;
$player->coin = $coin;
if ($deptId !== null && $deptId > 0) {
$player->dept_id = $deptId;
}
if ($adminId !== null && $adminId > 0) {
$player->admin_id = $adminId;
$adminUser = SystemUser::find($adminId);
if ($adminUser && !empty($adminUser->dept_id)) {
if (($deptId === null || $deptId <= 0) && $adminUser && !empty($adminUser->dept_id)) {
$player->dept_id = $adminUser->dept_id;
}
}
@@ -125,6 +131,7 @@ class UserLogic
]);
$token = $tokenResult['access_token'];
UserCache::setSessionByUsername($username, $token);
UserCache::setCurrentUserToken((int) $player->id, $token);
$userArr = $player->hidden(['password', 'lottery_config_id', 't1_weight', 't2_weight', 't3_weight', 't4_weight', 't5_weight'])->toArray();
UserCache::setUser((int) $player->id, $userArr);

11
server/app/api/middleware/AuthTokenMiddleware.php
View File

@@ -5,6 +5,7 @@ namespace app\api\middleware;
use app\api\cache\AuthTokenCache;
use app\api\util\ReturnCode;
use plugin\saiadmin\app\model\system\SystemUser;
use plugin\saiadmin\exception\ApiException;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
@@ -53,7 +54,17 @@ class AuthTokenMiddleware implements MiddlewareInterface
throw new ApiException('auth-token invalid or expired', ReturnCode::TOKEN_INVALID);
}
$agent = SystemUser::where('agent_id', $agentId)->find();
if (!$agent || (int) ($agent->status ?? 0) !== 1) {
throw new ApiException('Invalid agent_id', ReturnCode::FORBIDDEN);
}
if (empty($agent->dept_id) || (int) $agent->dept_id <= 0) {
throw new ApiException('Agent channel is not configured', ReturnCode::FORBIDDEN);
}
$request->agent_id = $agentId;
$request->agent_admin_id = (int) $agent->id;
$request->agent_dept_id = (int) $agent->dept_id;
return $handler($request);
}
}

16
server/app/api/middleware/TokenMiddleware.php
View File

@@ -53,10 +53,14 @@ class TokenMiddleware implements MiddlewareInterface
if ($username === '') {
throw new ApiException('Invalid or expired token', ReturnCode::TOKEN_INVALID);
}
$userId = (int) ($extend['id'] ?? 0);
if ($userId <= 0) {
throw new ApiException('Invalid or expired token', ReturnCode::TOKEN_INVALID);
}
$currentToken = UserCache::getSessionTokenByUsername($username);
$currentToken = UserCache::getCurrentUserToken($userId);
if ($currentToken === null || $currentToken === '') {
$player = DicePlayer::where('username', $username)->find();
$player = DicePlayer::find($userId);
if (!$player) {
throw new ApiException('Please register', ReturnCode::TOKEN_INVALID);
}
@@ -68,17 +72,17 @@ class TokenMiddleware implements MiddlewareInterface
// 优先从 Redis 缓存取玩家,避免每次请求都查库
$player = null;
$cached = UserCache::getPlayerByUsername($username);
if ($cached !== null && isset($cached['id'])) {
$cached = UserCache::getUser($userId);
if (!empty($cached) && isset($cached['id']) && (int) $cached['id'] === $userId) {
$player = (new DicePlayer())->data($cached, true);
}
if ($player === null) {
$player = DicePlayer::where('username', $username)->find();
$player = DicePlayer::find($userId);
if (!$player) {
UserCache::deleteSessionByUsername($username);
throw new ApiException('Please login again', ReturnCode::TOKEN_INVALID);
}
UserCache::setPlayerByUsername($username, $player->hidden(['password'])->toArray());
UserCache::setUser($userId, $player->hidden(['password'])->toArray());
}
$request->player_id = (int) $player->id;
$request->player = $player;

25
server/app/dice/controller/play_record/DicePlayRecordController.php
View File

@@ -144,31 +144,6 @@ class DicePlayRecordController extends BaseController
}
}
/**
* 更新数据
* @param Request $request
* @return Response
*/
#[Permission('玩家抽奖记录修改', 'dice:play_record:index:update')]
public function update(Request $request): Response
{
$data = $request->post();
$this->validate('update', $data);
$model = $this->logic->read($data['id'] ?? 0);
if ($model) {
$recordDeptId = is_array($model) ? ($model['dept_id'] ?? null) : ($model->dept_id ?? null);
if (! AdminScopeHelper::canAccessDept($this->adminInfo ?? null, $recordDeptId, $request->input('dept_id'))) {
return $this->fail('no permission to update this record');
}
}
$result = $this->logic->edit($data['id'], $data);
if ($result) {
return $this->success('update success');
} else {
return $this->fail('update failed');
}
}
/**
* 删除数据
* @param Request $request

25
server/app/dice/controller/play_record_test/DicePlayRecordTestController.php
View File

@@ -103,31 +103,6 @@ class DicePlayRecordTestController extends BaseController
}
}
/**
* 更新数据
* @param Request $request
* @return Response
*/
#[Permission('玩家抽奖记录(测试数据)修改', 'dice:play_record_test:index:update')]
public function update(Request $request): Response
{
$data = $request->post();
$this->validate('update', $data);
$model = $this->logic->read($data['id'] ?? 0);
if ($model) {
$recordDeptId = is_array($model) ? ($model['dept_id'] ?? null) : ($model->dept_id ?? null);
if (! AdminScopeHelper::canAccessDept($this->adminInfo ?? null, $recordDeptId, $request->input('dept_id'))) {
return $this->fail('no permission to update this record');
}
}
$result = $this->logic->edit($data['id'], $data);
if ($result) {
return $this->success('update success');
} else {
return $this->fail('update failed');
}
}
/**
* 删除数据
* @param Request $request

25
server/app/dice/controller/player_ticket_record/DicePlayerTicketRecordController.php
View File

@@ -117,31 +117,6 @@ class DicePlayerTicketRecordController extends BaseController
}
}
/**
* 更新数据
* @param Request $request
* @return Response
*/
#[Permission('抽奖券获取记录修改', 'dice:player_ticket_record:index:update')]
public function update(Request $request): Response
{
$data = $request->post();
$this->validate('update', $data);
$model = $this->logic->read($data['id'] ?? 0);
if ($model) {
$recordDeptId = is_array($model) ? ($model['dept_id'] ?? null) : ($model->dept_id ?? null);
if (! AdminScopeHelper::canAccessDept($this->adminInfo ?? null, $recordDeptId, $request->input('dept_id'))) {
return $this->fail('no permission to update this record');
}
}
$result = $this->logic->edit($data['id'], $data);
if ($result) {
return $this->success('update success');
} else {
return $this->fail('update failed');
}
}
/**
* 删除数据
* @param Request $request

24
server/app/dice/controller/player_wallet_record/DicePlayerWalletRecordController.php
View File

@@ -200,28 +200,4 @@ class DicePlayerWalletRecordController extends BaseController
return $this->fail('add failed');
}
/**
* 更新数据
* @param Request $request
* @return Response
*/
#[Permission('玩家钱包流水修改', 'dice:player_wallet_record:index:update')]
public function update(Request $request): Response
{
$data = $request->post();
$this->validate('update', $data);
$model = $this->logic->read($data['id'] ?? 0);
if ($model) {
$recordDeptId = is_array($model) ? ($model['dept_id'] ?? null) : ($model->dept_id ?? null);
if (! AdminScopeHelper::canAccessDept($this->adminInfo ?? null, $recordDeptId, $request->input('dept_id'))) {
return $this->fail('no permission to update this record');
}
}
$result = $this->logic->edit($data['id'], $data);
if ($result) {
return $this->success('update success');
} else {
return $this->fail('update failed');
}
}
}

25
server/app/dice/controller/reward_config_record/DiceRewardConfigRecordController.php
View File

@@ -107,31 +107,6 @@ class DiceRewardConfigRecordController extends BaseController
}
}
/**
* 更新数据
* @param Request $request
* @return Response
*/
#[Permission('奖励配置权重测试记录修改', 'dice:reward_config_record:index:update')]
public function update(Request $request): Response
{
$data = $request->post();
$this->validate('update', $data);
$model = $this->logic->read($data['id'] ?? 0);
if ($model) {
$recordDeptId = is_array($model) ? ($model['dept_id'] ?? null) : ($model->dept_id ?? null);
if (! AdminScopeHelper::canAccessDept($this->adminInfo ?? null, $recordDeptId, $request->input('dept_id'))) {
return $this->fail('no permission to update this record');
}
}
$result = $this->logic->edit($data['id'], $data);
if ($result) {
return $this->success('update success');
} else {
return $this->fail('update failed');
}
}
/**
* 删除数据
* @param Request $request

12
server/app/dice/model/DiceModel.php
View File

@@ -7,6 +7,13 @@ use plugin\saiadmin\basic\think\BaseModel as SaiBaseModel;
/**
* 大富翁模块模型基类:删除均为硬删除(物理删除)
*
* 注意:
* - 不要在此重写实例方法 delete(),否则与 trait/父类的 delete() 相互覆盖,
* 在调用 $this->force()->delete() 时会无限递归force() 返回 $this
* 导致内存爆栈、HTTP 500。
* - 物理删除一律通过静态 destroy() 入口(强制 $force=true完成
* SoftDelete::destroy() 内部会按硬删除分支执行。
*/
abstract class DiceModel extends SaiBaseModel
{
@@ -17,9 +24,4 @@ abstract class DiceModel extends SaiBaseModel
{
return parent::destroy($data, true);
}
public function delete(): bool
{
return $this->force()->delete();
}
}

29
server/plugin/saiadmin/basic/think/BaseModel.php
View File

@@ -12,10 +12,18 @@ use plugin\saiadmin\basic\contracts\ModelInterface;
/**
* ThinkORM 模型基类
*
* 全局策略:所有删除一律为硬删除(物理删除)。
* - 保留 SoftDelete trait 仅是为了兼容历史字段(如 delete_time与查询作用域
* 实际删除方法delete/destroy均通过 trait 别名重写为强制 force=true。
* - 项目中不使用 withTrashed/onlyTrashed/restore() 等软删除恢复接口。
*/
class BaseModel extends Model implements ModelInterface
{
use SoftDelete;
use SoftDelete {
delete as protected softDeleteCascadeOriginal;
destroy as protected softDeleteDestroyOriginal;
}
/**
* 删除时间字段
@@ -99,6 +107,25 @@ class BaseModel extends Model implements ModelInterface
}
}
/**
* 删除记录(静态入口):一律强制硬删除(物理删除)。
* @param mixed $data 主键、闭包或条件
* @param bool $force 兼容签名,内部一律按 true 处理
*/
public static function destroy($data, bool $force = true): bool
{
return static::softDeleteDestroyOriginal($data, true);
}
/**
* 删除记录(实例方法):一律强制硬删除。
*/
public function delete(): bool
{
$this->force(true);
return $this->softDeleteCascadeOriginal();
}
/**
* 新增前事件:自动写入 create_time有后台登录信息时写入 created_by
* @param Model $model