mojiahui/webman-buildadmin
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化数据归属问题

Browse Source
This commit is contained in:
zhenhui
2026-04-23 15:08:37 +08:00
parent 378be9909d
commit 0373234750
29 changed files with 1993 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

268
app/admin/controller/order/AdminWithdrawOrder.php Normal file
View File

@@ -0,0 +1,268 @@
<?php
namespace app\admin\controller\order;
use app\common\controller\Backend;
use app\common\service\AdminWalletService;
use support\think\Db;
use support\Response;
use Throwable;
use Webman\Http\Request as WebmanRequest;
/**
* 管理员提现记录(审核)
*/
class AdminWithdrawOrder extends Backend
{
protected array $noNeedPermission = ['stats'];
protected ?object $model = null;
protected bool $modelValidate = false;
protected string|array $quickSearchField = ['id', 'order_no', 'receive_account', 'remark'];
protected string|array $defaultSortField = ['id' => 'desc'];
protected string|array $orderGuarantee = ['id' => 'desc'];
protected array $withJoinTable = ['admin', 'channel', 'reviewAdmin'];
protected function initController(WebmanRequest $request): ?Response
{
$this->model = new \app\common\model\AdminWithdrawOrder();
return null;
}
protected function _index(): Response
{
if ($this->request && $this->request->get('select')) {
return $this->select($this->request);
}
list($where, $alias, $limit, $order) = $this->queryBuilder();
$table = strtolower($this->model->getTable());
$mainShort = $alias[$table] ?? '';
if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
$where[] = [$mainShort . '.channel_id', 'in', $this->getCurrentAdminTopChannelIds()];
}
$res = $this->model
->withJoin($this->withJoinTable, $this->withJoinType)
->with($this->withJoinTable)
->visible([
'admin' => ['username'],
'channel' => ['name'],
'reviewAdmin' => ['username'],
])
->alias($alias)
->where($where)
->order($order)
->paginate($limit);
return $this->success('', [
'list' => $res->items(),
'total' => $res->total(),
'remark' => get_route_remark(),
]);
}
protected function _edit(): Response
{
$pk = $this->model->getPk();
$id = $this->request ? ($this->request->post($pk) ?? $this->request->get($pk)) : null;
if ($id === null || $id === '') {
return $this->error(__('Parameter error'));
}
if ($this->request && $this->request->method() === 'POST') {
return $this->error('请使用通过/拒绝按钮审核');
}
$row = $this->loadWithRelations(intval(strval($id)));
if (!$row) {
return $this->error(__('Record not found'));
}
if (!$this->canReviewOrder($row)) {
return $this->error(__('You have no permission'));
}
return $this->success('', ['row' => $row]);
}
public function approve(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
if ($request->method() !== 'POST') {
return $this->error(__('Parameter error'));
}
$id = intval(strval($request->post('id', 0)));
if ($id <= 0) {
return $this->error(__('Parameter error'));
}
$order = Db::name('admin_withdraw_order')->where('id', $id)->find();
if (!is_array($order)) {
return $this->error(__('Record not found'));
}
if (!$this->canReviewOrder($order)) {
return $this->error(__('You have no permission'));
}
if (intval($order['status'] ?? 0) !== 0) {
return $this->error('该提现订单已审核');
}
$remark = trim((string) $request->post('remark', ''));
Db::startTrans();
try {
AdminWalletService::approveWithdraw($order, intval($this->auth->id), $remark);
Db::commit();
} catch (Throwable $e) {
Db::rollback();
return $this->error($e->getMessage());
}
return $this->success('审核通过');
}
public function reject(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
if ($request->method() !== 'POST') {
return $this->error(__('Parameter error'));
}
$id = intval(strval($request->post('id', 0)));
if ($id <= 0) {
return $this->error(__('Parameter error'));
}
$remark = trim((string) $request->post('remark', ''));
if ($remark === '') {
return $this->error('请填写拒绝原因');
}
$order = Db::name('admin_withdraw_order')->where('id', $id)->find();
if (!is_array($order)) {
return $this->error(__('Record not found'));
}
if (!$this->canReviewOrder($order)) {
return $this->error(__('You have no permission'));
}
if (intval($order['status'] ?? 0) !== 0) {
return $this->error('该提现订单已审核');
}
Db::startTrans();
try {
AdminWalletService::rejectWithdraw($order, intval($this->auth->id), $remark);
Db::commit();
} catch (Throwable $e) {
Db::rollback();
return $this->error($e->getMessage());
}
return $this->success('审核拒绝完成');
}
public function stats(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
$query = Db::name('admin_withdraw_order');
if ($this->auth && !$this->auth->isSuperAdmin()) {
$query->where('channel_id', 'in', $this->getCurrentAdminTopChannelIds());
}
$rows = $query->field(['status', 'amount', 'actual_amount'])->select()->toArray();
$total = count($rows);
$pending = 0;
$approved = 0;
$rejected = 0;
$totalAmount = '0.00';
$pendingAmount = '0.00';
$approvedAmount = '0.00';
foreach ($rows as $row) {
$status = intval($row['status'] ?? 0);
$amount = bcadd(strval($row['amount'] ?? '0'), '0', 2);
$actual = bcadd(strval($row['actual_amount'] ?? '0'), '0', 2);
$totalAmount = bcadd($totalAmount, $amount, 2);
if ($status === 0) {
$pending++;
$pendingAmount = bcadd($pendingAmount, $amount, 2);
} elseif ($status === 1) {
$approved++;
$approvedAmount = bcadd($approvedAmount, $actual, 2);
} elseif ($status === 2) {
$rejected++;
}
}
return $this->success('', [
'total_count' => $total,
'pending_count' => $pending,
'approved_count' => $approved,
'rejected_count' => $rejected,
'total_amount' => $totalAmount,
'pending_amount' => $pendingAmount,
'approved_amount' => $approvedAmount,
]);
}
private function loadWithRelations(int $id): ?array
{
$row = $this->model
->withJoin($this->withJoinTable, $this->withJoinType)
->with($this->withJoinTable)
->visible([
'admin' => ['username'],
'channel' => ['name'],
'reviewAdmin' => ['username'],
])
->where($this->model->getTable() . '.id', $id)
->find();
return $row ? $row->toArray() : null;
}
private function canReviewOrder(array $order): bool
{
if (!$this->auth) {
return false;
}
if ($this->auth->isSuperAdmin()) {
return true;
}
$channelId = intval($order['channel_id'] ?? 0);
if ($channelId <= 0) {
return false;
}
$allowed = $this->getCurrentAdminTopChannelIds();
return in_array($channelId, $allowed, true);
}
/**
* 当前管理员可审核的“顶级角色组(pid=0)”所属渠道
*
* @return int[]
*/
private function getCurrentAdminTopChannelIds(): array
{
$uid = intval($this->auth->id ?? 0);
if ($uid <= 0) {
return [0];
}
$groupIds = Db::name('admin_group_access')->where('uid', $uid)->column('group_id');
if ($groupIds === []) {
return [0];
}
$rows = Db::name('admin_group')
->field(['id', 'pid', 'channel_id'])
->where('id', 'in', $groupIds)
->where('pid', 0)
->whereNotNull('channel_id')
->select()
->toArray();
$channelIds = [];
foreach ($rows as $row) {
$cid = intval($row['channel_id'] ?? 0);
if ($cid > 0) {
$channelIds[] = $cid;
}
}
return $channelIds === [] ? [0] : array_values(array_unique($channelIds));
}
}

23
app/admin/controller/order/BetOrder.php
View File

@@ -78,7 +78,7 @@ class BetOrder extends Backend
$table = strtolower($this->model->getTable());
$mainShort = $alias[$table] ?? '';
if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
$where[] = ['user.admin_id', '=', intval(strval($this->auth->id))];
$where[] = ['user.admin_id', 'in', $this->scopedAdminIds()];
}
$res = $this->model
@@ -101,4 +101,25 @@ class BetOrder extends Backend
]);
}
/**
* 当前管理员可见的管理员ID集合本人 + 下级角色组内管理员)
*
* @return int[]
*/
private function scopedAdminIds(): array
{
if (!$this->auth) {
return [0];
}
if ($this->auth->isSuperAdmin()) {
return [];
}
$groupIds = $this->auth->getAdminChildGroups();
$adminIds = $groupIds ? $this->auth->getGroupAdmins($groupIds) : [];
$adminIds[] = $this->auth->id;
$adminIds = array_map(static fn($id) => intval(strval($id)), $adminIds);
$adminIds = array_values(array_unique(array_filter($adminIds, static fn($id) => $id > 0)));
return $adminIds === [] ? [0] : $adminIds;
}
}

25
app/admin/controller/order/DepositOrder.php
View File

@@ -48,7 +48,7 @@ class DepositOrder extends Backend
$table = strtolower($this->model->getTable());
$mainShort = $alias[$table] ?? '';
if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
$where[] = ['user.admin_id', '=', intval(strval($this->auth->id))];
$where[] = ['user.admin_id', 'in', $this->scopedAdminIds()];
}
$this->appendDepositOrderIndexWhere($where, $mainShort);
@@ -140,7 +140,28 @@ class DepositOrder extends Backend
if (!is_numeric(strval($adminIdRaw))) {
return false;
}
return intval(strval($adminIdRaw)) === intval(strval($this->auth->id));
return in_array(intval(strval($adminIdRaw)), $this->scopedAdminIds(), true);
}
/**
* 当前管理员可见的管理员ID集合本人 + 下级角色组内管理员)
*
* @return int[]
*/
private function scopedAdminIds(): array
{
if (!$this->auth) {
return [0];
}
if ($this->auth->isSuperAdmin()) {
return [];
}
$groupIds = $this->auth->getAdminChildGroups();
$adminIds = $groupIds ? $this->auth->getGroupAdmins($groupIds) : [];
$adminIds[] = $this->auth->id;
$adminIds = array_map(static fn($id) => intval(strval($id)), $adminIds);
$adminIds = array_values(array_unique(array_filter($adminIds, static fn($id) => $id > 0)));
return $adminIds === [] ? [0] : $adminIds;
}
}

25
app/admin/controller/order/WithdrawOrder.php
View File

@@ -48,7 +48,7 @@ class WithdrawOrder extends Backend
$table = strtolower($this->model->getTable());
$mainShort = $alias[$table] ?? '';
if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
$where[] = ['user.admin_id', '=', intval(strval($this->auth->id))];
$where[] = ['user.admin_id', 'in', $this->scopedAdminIds()];
}
$res = $this->model
@@ -395,7 +395,7 @@ class WithdrawOrder extends Backend
return false;
}
$ownerAdminId = $this->intParam($user['admin_id'] ?? 0);
return $ownerAdminId > 0 && $ownerAdminId === $this->intParam($this->auth->id ?? 0);
return $ownerAdminId > 0 && in_array($ownerAdminId, $this->scopedAdminIds(), true);
}
private function intParam($raw): int
@@ -430,6 +430,27 @@ class WithdrawOrder extends Backend
return '#' . strval($id);
}
/**
* 当前管理员可见的管理员ID集合本人 + 下级角色组内管理员)
*
* @return int[]
*/
private function scopedAdminIds(): array
{
if (!$this->auth) {
return [0];
}
if ($this->auth->isSuperAdmin()) {
return [];
}
$groupIds = $this->auth->getAdminChildGroups();
$adminIds = $groupIds ? $this->auth->getGroupAdmins($groupIds) : [];
$adminIds[] = $this->auth->id;
$adminIds = array_map(fn($id) => $this->intParam($id), $adminIds);
$adminIds = array_values(array_unique(array_filter($adminIds, fn($id) => $id > 0)));
return $adminIds === [] ? [0] : $adminIds;
}
/**
* 把 2 位小数金额压缩成最多 2 位小数用于展示(不影响落库精度)
*/