168 lines
5.5 KiB
PHP
168 lines
5.5 KiB
PHP
<?php
|
||
|
||
namespace app\admin\controller\order;
|
||
|
||
use app\common\controller\Backend;
|
||
use support\Response;
|
||
use Webman\Http\Request as WebmanRequest;
|
||
|
||
/**
|
||
* 充值订单
|
||
*
|
||
* 订单的"由 0 转 1(成功入账)"统一走 app\common\library\finance\DepositSettlement。
|
||
* 当前充值接口为 mock 支付网关,点击即成功;后台不再保留人工审核按钮,
|
||
* 如需人工补单,请通过后续专门的"补单/冲正"工具完成,而不是在这个 CRUD 里直接改 status。
|
||
*
|
||
* 编辑入口现在只用于"查看详情":GET 返回订单 + 关联的 user/channel 信息,
|
||
* 阻止 POST 任何改字段的动作(保证金额、状态只能由结算服务变更)。
|
||
*/
|
||
class DepositOrder extends Backend
|
||
{
|
||
protected ?object $model = null;
|
||
|
||
protected bool $modelValidate = true;
|
||
|
||
protected bool $modelSceneValidate = true;
|
||
|
||
protected string|array $quickSearchField = ['id', 'order_no', 'pay_channel', 'remark', 'deposit_tier_id', 'idempotency_key'];
|
||
|
||
protected string|array $defaultSortField = ['id' => 'desc'];
|
||
|
||
protected string|array $orderGuarantee = ['id' => 'desc'];
|
||
|
||
protected array $withJoinTable = ['user', 'channel'];
|
||
|
||
protected function initController(WebmanRequest $request): ?Response
|
||
{
|
||
$this->model = new \app\common\model\DepositOrder();
|
||
return null;
|
||
}
|
||
|
||
protected function _index(): Response
|
||
{
|
||
if ($this->request && $this->request->get('select')) {
|
||
return $this->select($this->request);
|
||
}
|
||
|
||
list($where, $alias, $limit, $order) = $this->queryBuilder();
|
||
$table = strtolower($this->model->getTable());
|
||
$mainShort = $alias[$table] ?? '';
|
||
if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
|
||
$where[] = ['user.admin_id', 'in', $this->scopedAdminIds()];
|
||
}
|
||
$this->appendDepositOrderIndexWhere($where, $mainShort);
|
||
|
||
$res = $this->model
|
||
->withJoin($this->withJoinTable, $this->withJoinType)
|
||
->with($this->withJoinTable)
|
||
->visible([
|
||
'user' => ['username', 'phone'],
|
||
'channel' => ['name'],
|
||
])
|
||
->alias($alias)
|
||
->where($where)
|
||
->order($order)
|
||
->paginate($limit);
|
||
|
||
return $this->success('', [
|
||
'list' => $res->items(),
|
||
'total' => $res->total(),
|
||
'remark' => get_route_remark(),
|
||
]);
|
||
}
|
||
|
||
/**
|
||
* 子类可追加列表过滤条件(例如仅展示已注册充值渠道的订单)
|
||
*
|
||
* @param list<array<mixed>> $where
|
||
*/
|
||
protected function appendDepositOrderIndexWhere(array &$where, string $mainShort): void
|
||
{
|
||
}
|
||
|
||
/**
|
||
* GET 时返回关联信息,便于前端详情弹窗直接渲染 user.username / channel.name;
|
||
* POST 一律拒绝,保证充值订单的金额/状态只能由结算服务变更。
|
||
*/
|
||
protected function _edit(): Response
|
||
{
|
||
$pk = $this->model->getPk();
|
||
$id = $this->request ? ($this->request->post($pk) ?? $this->request->get($pk)) : null;
|
||
if ($id === null || $id === '') {
|
||
return $this->error(__('Parameter error'));
|
||
}
|
||
|
||
if ($this->request && $this->request->method() === 'POST') {
|
||
return $this->error('充值订单为自动入账,禁止直接修改,如需补单请走专用工具');
|
||
}
|
||
|
||
$row = $this->loadWithRelations(intval(strval($id)));
|
||
if (!$row) {
|
||
return $this->error(__('Record not found'));
|
||
}
|
||
if (!$this->checkChannelScoped($row)) {
|
||
return $this->error(__('You have no permission'));
|
||
}
|
||
|
||
return $this->success('', ['row' => $row]);
|
||
}
|
||
|
||
private function loadWithRelations(int $id): ?array
|
||
{
|
||
$row = $this->model
|
||
->withJoin($this->withJoinTable, $this->withJoinType)
|
||
->with($this->withJoinTable)
|
||
->visible([
|
||
'user' => ['username', 'phone', 'admin_id'],
|
||
'channel' => ['name'],
|
||
])
|
||
->where($this->model->getTable() . '.id', $id)
|
||
->find();
|
||
if (!$row) {
|
||
return null;
|
||
}
|
||
return $row->toArray();
|
||
}
|
||
|
||
private function checkChannelScoped(array $row): bool
|
||
{
|
||
if (!$this->auth || $this->auth->isSuperAdmin()) {
|
||
return true;
|
||
}
|
||
$userRow = $row['user'] ?? null;
|
||
if (!is_array($userRow)) {
|
||
return false;
|
||
}
|
||
$adminIdRaw = $userRow['admin_id'] ?? null;
|
||
if ($adminIdRaw === null || $adminIdRaw === '') {
|
||
return false;
|
||
}
|
||
if (!is_numeric(strval($adminIdRaw))) {
|
||
return false;
|
||
}
|
||
return in_array(intval(strval($adminIdRaw)), $this->scopedAdminIds(), true);
|
||
}
|
||
|
||
/**
|
||
* 当前管理员可见的管理员ID集合(本人 + 下级角色组内管理员)
|
||
*
|
||
* @return int[]
|
||
*/
|
||
private function scopedAdminIds(): array
|
||
{
|
||
if (!$this->auth) {
|
||
return [0];
|
||
}
|
||
if ($this->auth->isSuperAdmin()) {
|
||
return [];
|
||
}
|
||
$groupIds = $this->auth->getAdminChildGroups();
|
||
$adminIds = $groupIds ? $this->auth->getGroupAdmins($groupIds) : [];
|
||
$adminIds[] = $this->auth->id;
|
||
$adminIds = array_map(static fn($id) => intval(strval($id)), $adminIds);
|
||
$adminIds = array_values(array_unique(array_filter($adminIds, static fn($id) => $id > 0)));
|
||
return $adminIds === [] ? [0] : $adminIds;
|
||
}
|
||
|
||
}
|