优化数据归属问题

app/admin/controller/order/WithdrawOrder.php

@@ -48,7 +48,7 @@ class WithdrawOrder extends Backend
         $table = strtolower($this->model->getTable());
         $mainShort = $alias[$table] ?? '';
         if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
-            $where[] = ['user.admin_id', '=', intval(strval($this->auth->id))];
+            $where[] = ['user.admin_id', 'in', $this->scopedAdminIds()];
         }
 
         $res = $this->model
@@ -395,7 +395,7 @@ class WithdrawOrder extends Backend
             return false;
         }
         $ownerAdminId = $this->intParam($user['admin_id'] ?? 0);
-        return $ownerAdminId > 0 && $ownerAdminId === $this->intParam($this->auth->id ?? 0);
+        return $ownerAdminId > 0 && in_array($ownerAdminId, $this->scopedAdminIds(), true);
     }
 
     private function intParam($raw): int
@@ -430,6 +430,27 @@ class WithdrawOrder extends Backend
         return '#' . strval($id);
     }
 
+    /**
+     * 当前管理员可见的管理员ID集合（本人 + 下级角色组内管理员）
+     *
+     * @return int[]
+     */
+    private function scopedAdminIds(): array
+    {
+        if (!$this->auth) {
+            return [0];
+        }
+        if ($this->auth->isSuperAdmin()) {
+            return [];
+        }
+        $groupIds = $this->auth->getAdminChildGroups();
+        $adminIds = $groupIds ? $this->auth->getGroupAdmins($groupIds) : [];
+        $adminIds[] = $this->auth->id;
+        $adminIds = array_map(fn($id) => $this->intParam($id), $adminIds);
+        $adminIds = array_values(array_unique(array_filter($adminIds, fn($id) => $id > 0)));
+        return $adminIds === [] ? [0] : $adminIds;
+    }
+
     /**
      * 把 2 位小数金额压缩成最多 2 位小数用于展示（不影响落库精度）
      */