mojiahui/webman-buildadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化管理员日志管理只显示当前组以及以下的数据

Browse Source
This commit is contained in:
zhenhui
2026-04-02 11:35:08 +08:00
parent e93c58c7df
commit 81dc7de560
8 changed files with 107 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/admin/controller/auth/Admin.php
View File

@@ -21,7 +21,10 @@ class Admin extends Backend
protected array|string $quickSearchField = ['username', 'nickname'];
protected string|int|bool $dataLimit = 'allAuthAndOthers';
/**
* 开启数据范围;具体范围见重写的 getDataLimitAdminIds角色组树仅本人 + 下级组内管理员)
*/
protected bool|string|int $dataLimit = true;
protected string $dataLimitField = 'id';
@@ -31,6 +34,17 @@ class Admin extends Backend
return null;
}
/**
* 非超管:仅可管理「本人 + 树形下级组内」的管理员账号;与角色组管理页的可见范围一致(列表不含仅同级的其他管理员)
*/
protected function getDataLimitAdminIds(): array
{
if (!$this->dataLimit || !$this->auth || $this->auth->isSuperAdmin()) {
return [];
}
return $this->auth->getSelfAndSubordinateAdminIds();
}
public function index(Request $request): Response
{
$response = $this->initializeBackend($request);
@@ -357,9 +371,12 @@ class Admin extends Backend
if ($this->auth->isSuperAdmin()) {
return null;
}
$authGroups = $this->auth->getAllAuthGroups('allAuthAndOthers');
$allowedGroupIds = array_values(array_unique(array_merge(
Db::name('admin_group_access')->where('uid', $this->auth->id)->column('group_id'),
$this->auth->getAdminChildGroups()
)));
foreach ($groups as $group) {
if (!in_array($group, $authGroups)) {
if (!in_array($group, $allowedGroupIds, false)) {
return $this->error(__('You have no permission to add an administrator to this group!'));
}
}

6
app/admin/controller/auth/AdminLog.php
View File

@@ -4,7 +4,6 @@ declare(strict_types=1);
namespace app\admin\controller\auth;
use Throwable;
use app\common\controller\Backend;
use app\admin\model\AdminLog as AdminLogModel;
use support\Response;
@@ -36,7 +35,10 @@ class AdminLog extends Backend
list($where, $alias, $limit, $order) = $this->queryBuilder();
if (!$this->auth->isSuperAdmin()) {
$where[] = ['admin_id', '=', $this->auth->id];
$scopeIds = $this->auth->getSelfAndSubordinateAdminIds();
if ($scopeIds !== []) {
$where[] = ['admin_id', 'in', $scopeIds];
}
}
$res = $this->model
->withJoin($this->withJoinTable, $this->withJoinType)

63
app/admin/controller/auth/Group.php
View File

@@ -17,8 +17,6 @@ use Webman\Http\Request;
class Group extends Backend
{
protected string $authMethod = 'allAuthAndOthers';
protected ?object $model = null;
protected string|array $preExcludeFields = ['create_time', 'update_time'];
@@ -82,6 +80,9 @@ class Group extends Backend
$rulesRes = $this->handleRules($data);
if ($rulesRes instanceof Response) return $rulesRes;
$pidRes = $this->validateGroupParentId($data['pid'] ?? null);
if ($pidRes instanceof Response) return $pidRes;
$result = false;
$this->model->startTrans();
try {
@@ -144,6 +145,11 @@ class Group extends Backend
$rulesRes = $this->handleRules($data);
if ($rulesRes instanceof Response) return $rulesRes;
if (array_key_exists('pid', $data)) {
$pidRes = $this->validateGroupParentId($data['pid'] ?? null);
if ($pidRes instanceof Response) return $pidRes;
}
$result = false;
$this->model->startTrans();
try {
@@ -294,8 +300,6 @@ class Group extends Backend
$pk = $this->model->getPk();
$initKey = $request->get('initKey') ?? $pk;
$absoluteAuth = $request->get('absoluteAuth') ?? false;
if ($this->keyword) {
$keyword = explode(' ', $this->keyword);
foreach ($keyword as $item) {
@@ -308,11 +312,14 @@ class Group extends Backend
}
if (!$this->auth->isSuperAdmin()) {
$authGroups = $this->auth->getAllAuthGroups($this->authMethod, $where);
if (!$absoluteAuth) {
$authGroups = array_merge($this->adminGroups, $authGroups);
$descendantIds = $this->auth->getAdminChildGroups();
// 本人所在组 + 树形下级;不含同级、不含其它分支(与 getAllAuthGroups 的「权限多寡」脱钩)
$visibleIds = array_values(array_unique(array_merge($this->adminGroups, $descendantIds)));
if ($visibleIds === []) {
$where[] = ['id', '=', -1];
} else {
$where[] = ['id', 'in', $visibleIds];
}
$where[] = ['id', 'in', $authGroups];
}
$data = $this->model->where($where)->select()->toArray();
@@ -337,9 +344,43 @@ class Group extends Backend
private function checkAuth($groupId): ?Response
{
$authGroups = $this->auth->getAllAuthGroups($this->authMethod, []);
if (!$this->auth->isSuperAdmin() && !in_array($groupId, $authGroups)) {
return $this->error(__($this->authMethod == 'allAuth' ? 'You need to have all permissions of this group to operate this group~' : 'You need to have all the permissions of the group and have additional permissions before you can operate the group~'));
if ($this->auth->isSuperAdmin()) {
return null;
}
$descendantIds = $this->auth->getAdminChildGroups();
if (!in_array($groupId, $descendantIds, false)) {
return $this->error(__('You can only operate subordinate role groups in the tree hierarchy~'));
}
return null;
}
/**
* 新增/编辑时校验父级:非超管只能挂在本人所在组或其树形下级之下,不可建顶级(pid=0)
*/
private function validateGroupParentId(mixed $pid): ?Response
{
if ($this->auth->isSuperAdmin()) {
return null;
}
if ($pid === null || $pid === '' || $pid === false) {
return $this->error(__('Non super administrators cannot create top-level role groups'));
}
if ($pid === 0 || $pid === '0') {
return $this->error(__('Non super administrators cannot create top-level role groups'));
}
if (!is_numeric($pid)) {
return $this->error(__('The parent group is not within your manageable scope'));
}
$allowed = array_values(array_unique(array_merge($this->adminGroups, $this->auth->getAdminChildGroups())));
$ok = false;
foreach ($allowed as $aid) {
if ($aid == $pid) {
$ok = true;
break;
}
}
if (!$ok) {
return $this->error(__('The parent group is not within your manageable scope'));
}
return null;
}