From d69412a0f7496ead3e011199578b9cf82bc7d431 Mon Sep 17 00:00:00 2001
From: zhenhui <1276357500@qq.com>
Date: Fri, 24 Apr 2026 10:44:46 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E7=AE=A1=E7=90=86=E5=91=98?=
 =?UTF-8?q?=E5=AE=A1=E6=A0=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/order/AdminWithdrawOrder.php   | 55 +++++++++++--------
 .../order/adminWithdrawOrder/index.vue        |  4 +-
 2 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/app/admin/controller/order/AdminWithdrawOrder.php b/app/admin/controller/order/AdminWithdrawOrder.php
index ab8688f..804c80a 100644
--- a/app/admin/controller/order/AdminWithdrawOrder.php
+++ b/app/admin/controller/order/AdminWithdrawOrder.php
@@ -14,7 +14,7 @@ use Webman\Http\Request as WebmanRequest;
  */
 class AdminWithdrawOrder extends Backend
 {
-    protected array $noNeedPermission = ['stats'];
+    protected array $noNeedPermission = ['stats', 'approve', 'reject'];
 
     protected ?object $model = null;
 
@@ -43,7 +43,7 @@ class AdminWithdrawOrder extends Backend
         $table = strtolower($this->model->getTable());
         $mainShort = $alias[$table] ?? '';
         if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
-            $where[] = [$mainShort . '.channel_id', 'in', $this->getCurrentAdminTopChannelIds()];
+            $where[] = [$mainShort . '.channel_id', 'in', $this->getCurrentAdminChannelIds()];
         }
         $res = $this->model
             ->withJoin($this->withJoinTable, $this->withJoinType)
@@ -58,8 +58,13 @@ class AdminWithdrawOrder extends Backend
             ->order($order)
             ->paginate($limit);
 
+        $list = $res->items();
+        foreach ($list as $idx => $item) {
+            $list[$idx]['can_review'] = $this->canReviewOrder(is_array($item) ? $item : []) ? 1 : 0;
+        }
+
         return $this->success('', [
-            'list' => $res->items(),
+            'list' => $list,
             'total' => $res->total(),
             'remark' => get_route_remark(),
         ]);
@@ -166,7 +171,7 @@ class AdminWithdrawOrder extends Backend
         }
         $query = Db::name('admin_withdraw_order');
         if ($this->auth && !$this->auth->isSuperAdmin()) {
-            $query->where('channel_id', 'in', $this->getCurrentAdminTopChannelIds());
+            $query->where('channel_id', 'in', $this->getCurrentAdminChannelIds());
         }
         $rows = $query->field(['status', 'amount', 'actual_amount'])->select()->toArray();
         $total = count($rows);
@@ -229,39 +234,45 @@ class AdminWithdrawOrder extends Backend
         if ($channelId <= 0) {
             return false;
         }
-        $allowed = $this->getCurrentAdminTopChannelIds();
+        $allowed = $this->getCurrentAdminChannelIds();
         return in_array($channelId, $allowed, true);
     }
 
     /**
-     * 当前管理员可审核的“顶级角色组(pid=0)”所属渠道
+     * 当前管理员可审核的渠道（优先取自身 channel_id，同时兼容角色组继承链上的 channel_id）
      *
      * @return int[]
      */
-    private function getCurrentAdminTopChannelIds(): array
+    private function getCurrentAdminChannelIds(): array
     {
         $uid = intval($this->auth->id ?? 0);
         if ($uid <= 0) {
             return [0];
         }
-        $groupIds = Db::name('admin_group_access')->where('uid', $uid)->column('group_id');
-        if ($groupIds === []) {
-            return [0];
-        }
-        $rows = Db::name('admin_group')
-            ->field(['id', 'pid', 'channel_id'])
-            ->where('id', 'in', $groupIds)
-            ->where('pid', 0)
-            ->whereNotNull('channel_id')
-            ->select()
-            ->toArray();
         $channelIds = [];
-        foreach ($rows as $row) {
-            $cid = intval($row['channel_id'] ?? 0);
-            if ($cid > 0) {
-                $channelIds[] = $cid;
+
+        $selfChannelId = intval(Db::name('admin')->where('id', $uid)->value('channel_id') ?? 0);
+        if ($selfChannelId > 0) {
+            $channelIds[] = $selfChannelId;
+        }
+
+        $groupIds = Db::name('admin_group_access')->where('uid', $uid)->column('group_id');
+        if ($groupIds !== []) {
+            $groupIds = array_values(array_unique(array_merge($groupIds, $this->auth->getAdminChildGroups())));
+            $rows = Db::name('admin_group')
+                ->field(['id', 'channel_id'])
+                ->where('id', 'in', $groupIds)
+                ->whereNotNull('channel_id')
+                ->select()
+                ->toArray();
+            foreach ($rows as $row) {
+                $cid = intval($row['channel_id'] ?? 0);
+                if ($cid > 0) {
+                    $channelIds[] = $cid;
+                }
             }
         }
+
         return $channelIds === [] ? [0] : array_values(array_unique($channelIds));
     }
 }
diff --git a/web/src/views/backend/order/adminWithdrawOrder/index.vue b/web/src/views/backend/order/adminWithdrawOrder/index.vue
index 86f5d7c..5826a16 100644
--- a/web/src/views/backend/order/adminWithdrawOrder/index.vue
+++ b/web/src/views/backend/order/adminWithdrawOrder/index.vue
@@ -101,7 +101,7 @@ const optButtons: OptButton[] = [
         text: '',
         type: 'success',
         icon: 'el-icon-Check',
-        display: (row: TableRow) => Number(row.status) === 0,
+        display: (row: TableRow) => Number(row.status) === 0 && Number((row as anyObj).can_review ?? 0) === 1,
         click: (row: TableRow) => void onReview(row as anyObj, 'approve'),
     },
     {
@@ -111,7 +111,7 @@ const optButtons: OptButton[] = [
         text: '',
         type: 'danger',
         icon: 'el-icon-Close',
-        display: (row: TableRow) => Number(row.status) === 0,
+        display: (row: TableRow) => Number(row.status) === 0 && Number((row as anyObj).can_review ?? 0) === 1,
         click: (row: TableRow) => void onReview(row as anyObj, 'reject'),
     },
 ]