From 81400d2ce1f74bc8b67e4f8ec23cf50394bfd550 Mon Sep 17 00:00:00 2001
From: zhenhui <1276357500@qq.com>
Date: Thu, 2 Apr 2026 11:37:18 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=B8=B8=E6=88=8F=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E4=BF=A1=E6=81=AF=E5=B1=95=E7=A4=BA-=E5=8F=AA?=
 =?UTF-8?q?=E6=98=BE=E7=A4=BA=E5=BD=93=E5=89=8D=E6=B8=A0=E9=81=93?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/admin/controller/game/User.php | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/app/admin/controller/game/User.php b/app/admin/controller/game/User.php
index 736fe11..63b9b3e 100644
--- a/app/admin/controller/game/User.php
+++ b/app/admin/controller/game/User.php
@@ -19,6 +19,16 @@ class User extends Backend
      */
     protected ?object $model = null;
 
+    /**
+     * 数据范围：非超管仅本人 + 下级角色组内管理员（与 auth.Admin 一致，见 Backend::getDataLimitAdminIds parent）
+     */
+    protected bool|string|int $dataLimit = 'parent';
+
+    /**
+     * admin_id 由表单选择归属管理员，勿在保存时强制改为当前登录账号
+     */
+    protected bool $dataLimitFieldAutoFill = false;
+
     protected array|string $preExcludeFields = ['id', 'uuid', 'create_time', 'update_time'];
 
     protected array $withJoinTable = ['gameChannel', 'admin'];
@@ -59,8 +69,15 @@ class User extends Backend
             }
             $data['uuid'] = md5(trim($username) . '|' . $channelId);
 
-            if ($this->dataLimit && $this->dataLimitFieldAutoFill) {
-                $data[$this->dataLimitField] = $this->auth->id;
+            if (!$this->auth->isSuperAdmin()) {
+                $allowed = $this->getDataLimitAdminIds();
+                $adminIdNew = $data['admin_id'] ?? null;
+                if ($adminIdNew === null || $adminIdNew === '') {
+                    return $this->error(__('Parameter %s can not be empty', ['admin_id']));
+                }
+                if ($allowed !== [] && !in_array($adminIdNew, $allowed)) {
+                    return $this->error(__('You have no permission'));
+                }
             }
 
             $result = false;
@@ -141,6 +158,14 @@ class User extends Backend
                 $data['uuid'] = md5(trim($nextUsername) . '|' . $nextChannelId);
             }
 
+            if (!$this->auth->isSuperAdmin()) {
+                $allowed = $this->getDataLimitAdminIds();
+                $adminIdAfter = array_key_exists('admin_id', $data) ? $data['admin_id'] : ($row['admin_id'] ?? null);
+                if ($allowed !== [] && $adminIdAfter !== null && $adminIdAfter !== '' && !in_array($adminIdAfter, $allowed)) {
+                    return $this->error(__('You have no permission'));
+                }
+            }
+
             $result = false;
             $this->model->startTrans();
             try {