157 lines
5.0 KiB
PHP
157 lines
5.0 KiB
PHP
<?php
|
||
|
||
namespace app\admin\controller\order;
|
||
|
||
use app\common\controller\Backend;
|
||
use support\think\Db;
|
||
use support\Response;
|
||
use Webman\Http\Request as WebmanRequest;
|
||
|
||
/**
|
||
* 充值订单
|
||
*
|
||
* 订单的"由 0 转 1(成功入账)"统一走 app\common\library\finance\DepositSettlement。
|
||
* 当前充值接口为 mock 支付网关,点击即成功;后台不再保留人工审核按钮,
|
||
* 如需人工补单,请通过后续专门的"补单/冲正"工具完成,而不是在这个 CRUD 里直接改 status。
|
||
*
|
||
* 编辑入口现在只用于"查看详情":GET 返回订单 + 关联的 user/channel 信息,
|
||
* 阻止 POST 任何改字段的动作(保证金额、状态只能由结算服务变更)。
|
||
*/
|
||
class DepositOrder extends Backend
|
||
{
|
||
protected ?object $model = null;
|
||
|
||
protected bool $modelValidate = true;
|
||
|
||
protected bool $modelSceneValidate = true;
|
||
|
||
protected string|array $quickSearchField = ['id', 'order_no', 'pay_channel', 'remark', 'deposit_tier_id', 'idempotency_key'];
|
||
|
||
protected string|array $defaultSortField = ['id' => 'desc'];
|
||
|
||
protected string|array $orderGuarantee = ['id' => 'desc'];
|
||
|
||
protected array $withJoinTable = ['user', 'channel'];
|
||
|
||
protected function initController(WebmanRequest $request): ?Response
|
||
{
|
||
$this->model = new \app\common\model\DepositOrder();
|
||
return null;
|
||
}
|
||
|
||
protected function _index(): Response
|
||
{
|
||
if ($this->request && $this->request->get('select')) {
|
||
return $this->select($this->request);
|
||
}
|
||
|
||
list($where, $alias, $limit, $order) = $this->queryBuilder();
|
||
$table = strtolower($this->model->getTable());
|
||
$mainShort = $alias[$table] ?? '';
|
||
if ($mainShort !== '' && $this->auth && !$this->auth->isSuperAdmin()) {
|
||
$channelIds = $this->getScopedChannelIdsForFilter();
|
||
$where[] = [$mainShort . '.channel_id', 'in', $channelIds !== [] ? $channelIds : [0]];
|
||
}
|
||
|
||
$res = $this->model
|
||
->withJoin($this->withJoinTable, $this->withJoinType)
|
||
->with($this->withJoinTable)
|
||
->visible([
|
||
'user' => ['username', 'phone'],
|
||
'channel' => ['name'],
|
||
])
|
||
->alias($alias)
|
||
->where($where)
|
||
->order($order)
|
||
->paginate($limit);
|
||
|
||
return $this->success('', [
|
||
'list' => $res->items(),
|
||
'total' => $res->total(),
|
||
'remark' => get_route_remark(),
|
||
]);
|
||
}
|
||
|
||
/**
|
||
* GET 时返回关联信息,便于前端详情弹窗直接渲染 user.username / channel.name;
|
||
* POST 一律拒绝,保证充值订单的金额/状态只能由结算服务变更。
|
||
*/
|
||
protected function _edit(): Response
|
||
{
|
||
$pk = $this->model->getPk();
|
||
$id = $this->request ? ($this->request->post($pk) ?? $this->request->get($pk)) : null;
|
||
if ($id === null || $id === '') {
|
||
return $this->error(__('Parameter error'));
|
||
}
|
||
|
||
if ($this->request && $this->request->method() === 'POST') {
|
||
return $this->error('充值订单为自动入账,禁止直接修改,如需补单请走专用工具');
|
||
}
|
||
|
||
$row = $this->loadWithRelations(intval(strval($id)));
|
||
if (!$row) {
|
||
return $this->error(__('Record not found'));
|
||
}
|
||
if (!$this->checkChannelScoped($row)) {
|
||
return $this->error(__('You have no permission'));
|
||
}
|
||
|
||
return $this->success('', ['row' => $row]);
|
||
}
|
||
|
||
private function loadWithRelations(int $id): ?array
|
||
{
|
||
$row = $this->model
|
||
->withJoin($this->withJoinTable, $this->withJoinType)
|
||
->with($this->withJoinTable)
|
||
->visible([
|
||
'user' => ['username', 'phone'],
|
||
'channel' => ['name'],
|
||
])
|
||
->where($this->model->getTable() . '.id', $id)
|
||
->find();
|
||
if (!$row) {
|
||
return null;
|
||
}
|
||
return $row->toArray();
|
||
}
|
||
|
||
private function checkChannelScoped(array $row): bool
|
||
{
|
||
if (!$this->auth || $this->auth->isSuperAdmin()) {
|
||
return true;
|
||
}
|
||
$channelIds = $this->getScopedChannelIdsForFilter();
|
||
if ($channelIds === []) {
|
||
return false;
|
||
}
|
||
$raw = $row['channel_id'] ?? null;
|
||
if ($raw === null || $raw === '') {
|
||
return false;
|
||
}
|
||
if (!is_numeric(strval($raw))) {
|
||
return false;
|
||
}
|
||
return in_array(intval(strval($raw)), $channelIds, true);
|
||
}
|
||
|
||
/**
|
||
* @return int[]
|
||
*/
|
||
private function getScopedChannelIdsForFilter(): array
|
||
{
|
||
if (!$this->auth) {
|
||
return [0];
|
||
}
|
||
if ($this->auth->isSuperAdmin()) {
|
||
return [];
|
||
}
|
||
$admin = Db::name('admin')->field(['id', 'channel_id'])->where('id', $this->auth->id)->find();
|
||
$ids = [];
|
||
if ($admin && !empty($admin['channel_id'])) {
|
||
$ids[] = $admin['channel_id'];
|
||
}
|
||
return array_values(array_unique($ids));
|
||
}
|
||
}
|