'desc']; protected string|array $orderGuarantee = ['id' => 'desc']; protected array $withJoinTable = ['user', 'channel']; protected function initController(WebmanRequest $request): ?Response { $this->model = new \app\common\model\DepositOrder(); return null; } protected function _index(): Response { if ($this->request && $this->request->get('select')) { return $this->select($this->request); } list($where, $alias, $limit, $order) = $this->queryBuilder(); $table = strtolower($this->model->getTable()); $mainShort = $alias[$table] ?? ''; if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) { $where[] = ['user.admin_id', 'in', $this->scopedAdminIds()]; } $this->appendDepositOrderIndexWhere($where, $mainShort); $res = $this->model ->withJoin($this->withJoinTable, $this->withJoinType) ->with($this->withJoinTable) ->visible([ 'user' => ['username', 'phone'], 'channel' => ['name'], ]) ->alias($alias) ->where($where) ->order($order) ->paginate($limit); return $this->success('', [ 'list' => $res->items(), 'total' => $res->total(), 'remark' => get_route_remark(), ]); } /** * 子类可追加列表过滤条件（例如仅展示已注册充值渠道的订单） * * @param list> $where */ protected function appendDepositOrderIndexWhere(array &$where, string $mainShort): void { } /** * GET 时返回关联信息，便于前端详情弹窗直接渲染 user.username / channel.name； * POST 一律拒绝，保证充值订单的金额/状态只能由结算服务变更。 */ protected function _edit(): Response { $pk = $this->model->getPk(); $id = $this->request ? ($this->request->post($pk) ?? $this->request->get($pk)) : null; if ($id === null || $id === '') { return $this->error(__('Parameter error')); } if ($this->request && $this->request->method() === 'POST') { return $this->error('充值订单为自动入账，禁止直接修改，如需补单请走专用工具'); } $row = $this->loadWithRelations(intval(strval($id))); if (!$row) { return $this->error(__('Record not found')); } if (!$this->checkChannelScoped($row)) { return $this->error(__('You have no permission')); } return $this->success('', ['row' => $row]); } private function loadWithRelations(int $id): ?array { $row = $this->model ->withJoin($this->withJoinTable, $this->withJoinType) ->with($this->withJoinTable) ->visible([ 'user' => ['username', 'phone', 'admin_id'], 'channel' => ['name'], ]) ->where($this->model->getTable() . '.id', $id) ->find(); if (!$row) { return null; } return $row->toArray(); } private function checkChannelScoped(array $row): bool { if (!$this->auth || $this->auth->isSuperAdmin()) { return true; } $userRow = $row['user'] ?? null; if (!is_array($userRow)) { return false; } $adminIdRaw = $userRow['admin_id'] ?? null; if ($adminIdRaw === null || $adminIdRaw === '') { return false; } if (!is_numeric(strval($adminIdRaw))) { return false; } return in_array(intval(strval($adminIdRaw)), $this->scopedAdminIds(), true); } /** * 当前管理员可见的管理员ID集合（本人 + 下级角色组内管理员） * * @return int[] */ private function scopedAdminIds(): array { if (!$this->auth) { return [0]; } if ($this->auth->isSuperAdmin()) { return []; } $groupIds = $this->auth->getAdminChildGroups(); $adminIds = $groupIds ? $this->auth->getGroupAdmins($groupIds) : []; $adminIds[] = $this->auth->id; $adminIds = array_map(static fn($id) => intval(strval($id)), $adminIds); $adminIds = array_values(array_unique(array_filter($adminIds, static fn($id) => $id > 0))); return $adminIds === [] ? [0] : $adminIds; } }